webCOMAND Docs
Admin Guide
ConfigurationSSL Configuration (io_comand_ssl)
Certificate
The webCOMAND SSL certificate configuration file is located at:
packages/io_comand_ssl/config/certificate.php
The certificate configuration contains the following options.
- mode_update - If FALSE (default), hostnames can be individually added/removed from the certificate. If TRUE, hostnames will only be added or removed as hostname-related webCOMAND records like Publications or WebRoutes define them; these records will be the sole source of truth for the certificate.
<?php
/**
* Provides general default configuration parameters for SSL certificates.
*/
$config = [
// If Update Mode is FALSE, hostnames can be individually added/removed from the certificate.
// If Update Mode is TRUE, hostnames will only be added or removed as hostname-related webCOMAND records
// like Publications or WebRoutes define them; these records will be the sole source of truth for the cert.
'update_mode' => FALSE
];
webCOMAND config.php
Package Configuration overrides can be defined in config.php as:
<?php
$config = [
'io_comand_ssl' => [
'certificate' => [
'update_mode' => TRUE
]
]
];
Update Mode Considerations
When update_mode is TRUE and Let's Encrypt is enabled, any hostnames in the SSL certificate that are not defined in a Web Route or Publication will be removed. So it is a best practice to follow the steps below before setting update_mode to TRUE.
- Note the hostnames in the existing SSL certificate. To do that, visit the <account>.webcomand.com URL in your web browser.
- In Google Chrome:
- Click the options icon to the left of the URL
- Click "Connection is secure"
- Click "Certificate is valid"
- Click the Details tab
- Click "Certificate Subject Alternative" under Certificate Fields
- Find the hostnames in the Field Value below.
- In Firefox (CTRL+I, ALT+S, ALT+V):
- Click the lock icon to the left of the URL
- Click "Connection secure"
- Click "More information"
- Click View Certificate button
- Find the hostnames under Subject Alt Names
- In Google Chrome:
- Launch the API app and run the cQuery:
SELECT IFNULL(Hostname,IF(INSTR(URL,'http://'),SUBSTR(URL,8),IF(INSTR(URL,'https://'),SUBSTR(URL,9),URL))) AS Hostname FROM WebRoute+, Publication+ ORDER BY Hostname - Add a Web Route with the Hostname for each hostname in the SSL certificate that is missing from the query results.
Let's Encrypt
The webCOMAND Let's Encrypt SSL configuration file is located at:
packages/io_comand_ssl/config/letsencrypt.php
The certificate configuration contains the following options.
- enabled - If FALSE (default), Let's Encrypt SSL functionality is disabled. If TRUE, certbot will be run automatically to (a) update the configured SSL certificate file when webCOMAND records like Publications or WebRoutes define hostnames. Certificates will also be renewed according to the configuration.
- certbot - Associative array of options that define where to find the certbot executable, configuration, work and log files, renewal period.
- web_server - Associative array of options that define the SSL document root, web server validation and restart command-lines, and regular expressions used to detect successful results.
<?php
/**
* Provides basic default configuration parameters for Let's Encrypt SSL Certificate automation.
*/
$config = [
'enabled' => FALSE,
'certbot' => [
'path' => '/usr/bin/certbot',
'config_path' => '/var/www/webcomand/httpd/ssl/le/config',
'work_path' => '/var/www/webcomand/httpd/ssl/le/work',
'logs_path' => '/var/www/webcomand/httpd/ssl/le/logs',
'expand_params' => '-n --agree-tos -m [email protected]',
//'cert_name' => 'example.webcomand.com',
'expand_ok' => '/Congratulations/',
'renewal_period' => 60
],
'web_server' => [
'doc_root' => '/var/www/webcomand/httpd/ssl/le',
'doc_roots' => [], // ['example1.com'=>'/var/www/webcomand/files/publications/example1.com/ssl/', 'example2.com'=>'/var/www/webcomand/files/publications/example1.com/ssl/'],
'validator' => '/usr/sbin/httpd -t',
'validator_ok' => '/^Syntax OK$/',
'restart' => 'sudo /usr/bin/systemctl reload httpd',
'restart_ok' => ''
]
];
webCOMAND config.php
Package Configuration overrides can be defined in config.php as:
<?php
$config = [
'io_comand_ssl' => [
'letsencrypt' => [
'enabled' => TRUE
]
]
];