CLI Reference

The plugin provides a CLI interface since version 0.7.0, via the le-cp command (located at /usr/local/bin/le-cp).

It is only for use by the root user.

Overview

[root@~]$ le-cp help
NAME:
   letsencrypt-cpanel - Command-line interface for FleetSSL cPanel

USAGE:
   le-cp [global options] command [command options] [arguments...]
   
VERSION:
   0.9.0
   
COMMANDS:
     ssl         Manage SSL certificates for a user
     hostcert    Add/list/remove host service certificates for cPanel
     autossl     Manage the plugin AutoSSL feature
     reporting   Manage the reporting feature
     config      Manage plugin configuration entries
     self-test   Runs a self-test on various facilities to ensure the plugin is functioning
     email-test  Tests email translation files by sending test emails
     help, h     Shows a list of commands or help for one command

GLOBAL OPTIONS:
   --mode value    What mode to run the CLI under (legacy) (default: "cgi")
   --restart       Whether to restart the daemon after config changes
   --format value  Go-template like template string for output for eligible commands
   --help, -h      show help
   --version, -v   print the version

SSL

The SSL sub-command is responsible for querying and manipulating the plugin certificates on a per-account level.

Therefore, all commands must be called with:

le-cp ssl --user=<username>

List

Lists the plugin-configured certificates for that user.

[root@~]$ le-cp ssl --user=demo list
2016/08/07 21:20:41 2 certificates were returned
2016/08/07 21:20:41 Domain: blog.demo.letsencry.pt
2016/08/07 21:20:41     AltNames: [www.blog.demo.letsencry.pt]
2016/08/07 21:20:41     Expiry: 2016-11-05 19:48:00 +1100 AEDT
2016/08/07 21:20:41     URL: https://acme-v01.api.letsencrypt.org/acme/cert/033f29ab7e8e31972b0c1717661e599a3e7d
2016/08/07 21:20:41     Cert ID: blog_demo_letsencry_pt_de78e_e60db_1478335680_3d0d84b5b845d9412519530a6d48f224
2016/08/07 21:20:41     Key ID: de78e_e60db_15db379279894f899390b5c1599993f1
2016/08/07 21:20:41 Domain: demo.letsencry.pt
2016/08/07 21:20:41     AltNames: [demo.letsencry.pt www.demo.letsencry.pt]
2016/08/07 21:20:41     Expiry: 2016-11-05 19:48:00 +1100 AEDT
2016/08/07 21:20:41     URL: https://acme-v01.api.letsencrypt.org/acme/cert/03f7ed5b17891da2b3dd4f833046343777cf
2016/08/07 21:20:41     Cert ID: demo_letsencry_pt_e2f39_ee56f_1478335680_1a1225430d7778523c6e01acc853f3b1
2016/08/07 21:20:41     Key ID: e2f39_ee56f_225f1efb202d340d831fa9c51dfbd7d4

With commands that return certificates, you can also use Go programming style templates to format the output:

[root@~]$ le-cp --format="{{ (index . 0).Domain }}" ssl --user=demo list
blog.demo.letsencry.pt

Issue

This command will try to issue a certificate for a set of names for an account. Note that the names must exist in the account as a primary, subdomain, non-redirected alias or addon domain, as per the usual operation of the plugin.

The first name passed will be the primary name, the remaining will be alternate names.

[root@~]$ le-cp ssl --user=demo  issue blog.demo.letsencry.pt www.blog.demo.letsencry.pt
2016/08/07 21:27:38 1 certificates were returned
2016/08/07 21:27:38 Domain: blog.demo.letsencry.pt
2016/08/07 21:27:38     AltNames: [blog.demo.letsencry.pt www.blog.demo.letsencry.pt]
2016/08/07 21:27:38     Expiry: 2016-11-05 21:28:00 +1100 AEDT
2016/08/07 21:27:38     URL: https://acme-v01.api.letsencrypt.org/acme/cert/0398e0acf620ed1000d789e0f8770cf8ae16
2016/08/07 21:27:38     Cert ID: blog_demo_letsencry_pt_99a22_e018d_1478341680_a8db44c4baaf6f3797643f026fcbf9ff
2016/08/07 21:27:38     Key ID: 99a22_e018d_435794cfa065937c069871d26a71685c

You may also add a --verbose flag to the end, which will list the reason that any particular domain is not included on the resulting certificate.

Renew

This command will renew (if eligible for renewal) all plugin-configured certificates for the domain. It will return all the certificates that were renewed.

[root@~]$ le-cp ssl --user=demo renew
2016/08/07 21:26:10 No certificates were returned

You can optionally pass a --force flag on the end to always renew all of the account’s certificates and to ignore their respective expiries.

You can optionally pass a --dry-run flag on the end to just perform a test run of renewing the certificates, without installing anything or using up your Let’s Encrypt rate limits. This uses the Let’s Encrypt staging server.

You can optionally pass a --virtualhost flag on the end to perform the renewal or dry-run only for a specific virtual host within the user’s cPanel account. For example:

le-cp ssl --user=demo renew --virtualhost example.org --dry-run

Remove

This command will remove and unconfigure the certificates for the names passed. It will return the certificates that were removed.

Note that you must pass the primary certificate names. All alt names on that certificate will be removed too.

[root@~]$ le-cp ssl --user=demo remove blog.demo.letsencry.pt
2016/08/07 21:24:11 1 certificates were returned
2016/08/07 21:24:11 Domain: blog.demo.letsencry.pt
2016/08/07 21:24:11     AltNames: [www.blog.demo.letsencry.pt]
2016/08/07 21:24:11     Expiry: 2016-11-05 19:48:00 +1100 AEDT
2016/08/07 21:24:11     URL: https://acme-v01.api.letsencrypt.org/acme/cert/033f29ab7e8e31972b0c1717661e599a3e7d
2016/08/07 21:24:11     Cert ID: blog_demo_letsencry_pt_de78e_e60db_1478335680_3d0d84b5b845d9412519530a6d48f224
2016/08/07 21:24:11     Key ID: de78e_e60db_15db379279894f899390b5c1599993f1

Reinstall

This command will re-install the certificate on a virtual host, using the preferred alternate chain/issuer specified.

[root@~]$ le-cp ssl --user=demo reinstall --preferred-issuer "ISRG Root X1" blog.demo.letsencry.pt

Note that omitting or passing an empt ystring for --preferred-chain will use the server’s default value.

Config

This is the CLI analogue to the Configuration section of the WHM interface for the plugin.

List Entries

This command will list the config entries that you are able to manage using this interface.

$ le-cp config list
INFO[0000] Name:        Deferred restarts               
INFO[0000] Description: Whether to defer Apache restarts until the end of a renewal process. This is highly reccommended if you use AutoSSL. 
INFO[0000] Key:         deferred_restarts               
INFO[0000] Value:       true                            
# <output shortened>

Update an Entry

This command allows you to update config entries one at a time.

$ le-cp config set --key deferred_restarts --value true

Host Cert

See Service Certificates.

AutoSSL

See AutoSSL.

Self-Test

See Installation.