webCOMAND

SSL Configuration (io_comand_ssl)

Certificate

The webCOMAND SSL certificate configuration file is located at:
packages/io_comand_ssl/config/certificate.php

The certificate configuration contains the following options.

  • mode_update - If FALSE (default), hostnames can be individually added/removed from the certificate.  If TRUE, hostnames will only be added or removed as hostname-related webCOMAND records like Publications or WebRoutes define them; these records will be the sole source of truth for the certificate.
<?php
/**
 * Provides general default configuration parameters for SSL certificates.
 */
$config = [
    // If Update Mode is FALSE, hostnames can be individually added/removed from the certificate.
    // If Update Mode is TRUE, hostnames will only be added or removed as hostname-related webCOMAND records
    //   like Publications or WebRoutes define them; these records will be the sole source of truth for the cert.
    'update_mode' => FALSE
];

webCOMAND config.php

Custom overrides can be configured in webcomand/config.php as:

<?php
$config = [
    'io_comand_ssl' => [
        'certificate' => [
            'update_mode' => TRUE
        ]
    ]
];

Let's Encrypt

The webCOMAND Let's Encrypt SSL configuration file is located at:
packages/io_comand_ssl/config/letsencrypt.php

The certificate configuration contains the following options.

  • enabled - If FALSE (default), Let's Encrypt SSL functionality is disabled.  If TRUE, certbot will be run automatically to (a) update the configured SSL certificate file when webCOMAND records like Publications or WebRoutes define hostnames.  Certificates will also be renewed according to the configuration.
  • certbot - Associative array of options that define where to find the certbot executable, configuration, work and log files, renewal period.
  • web_server - Associative array of options that define the SSL document root, web server validation and restart command-lines, and regular expressions used to detect successful results.
<?php
/**
 * Provides basic default configuration parameters for Let's Encrypt SSL Certificate automation.
 */
$config = [
    'enabled' => FALSE,
    'certbot' => [
        'path' => '/usr/bin/certbot',
        'config_path' => '/var/www/webcomand/httpd/ssl/le/config',
        'work_path' => '/var/www/webcomand/httpd/ssl/le/work',
        'logs_path' => '/var/www/webcomand/httpd/ssl/le/logs',
        'expand_params' => '-n --agree-tos -m webmaster@webcomand.com',
        //'cert_name' => 'example.webcomand.com',
        'expand_ok' => '/Congratulations/',
        'renewal_period' => 60
    ],
    'web_server' => [
        'doc_root' => '/var/www/webcomand/httpd/ssl/le',
        'doc_roots' => [], // ['example1.com'=>'/var/www/webcomand/files/publications/example1.com/ssl/', 'example2.com'=>'/var/www/webcomand/files/publications/example1.com/ssl/'],
        'validator' => '/usr/sbin/httpd -t',
        'validator_ok' => '/^Syntax OK$/',
        'restart' => 'sudo /usr/bin/systemctl reload httpd',
        'restart_ok' => ''
    ]
];

webCOMAND config.php

Custom overrides can be configured in webcomand/config.php as:

<?php
$config = [
    'io_comand_ssl' => [
        'letsencrypt' => [
            'enabled' => TRUE
        ]
    ]
];