Question Sync SSL certificates between 2 servers

[Pixelquest]

Server operating system version

Debian 12

Plesk version and microupdate number

8.0.62

Hello, I would like to synchronize all SSL certificates to another server. So far I have managed to replicate the databases, website installations, all email accounts and the backups exactly. I'm just having trouble with the certificates and can't find a way.

An rsync of /opt/psa/var/certificates doesn't help because the certificates on the other server have different abbreviations in the file name.

Rewriting the file names or adjusting the "psa" database table "certificates" also has no effect. Both Plesk and the web browser retrieve an old certificate.

Then I thought about simply transferring the certificates via pleskstore CLI. But that would be difficult because I always have to specify the file name of the backup. There is no "latest backup" variable. This also makes automation with script and cron job impossible.

I also had the idea of importing the certificate using the "plesk bin certificates" CLI. In theory, this would also work perfectly with a script. I could convert the PEM file into a .key and .der file and simply import them back onto the target server. Unfortunately, the Plesk CLI does not offer a command with which I can set the copied certificate as the default for web, mail, webmail.

There must be something I've overlooked. I'd prefer an rsync of a directory that I may not yet know about or an adjustment to the psa database.

Does anyone have an idea? I can also imagine something completely different. It just has to be able to be automated. After all, the task doesn't even have to run every day.

 

[artalva]

For the idea with plesk bin certificate, once you copy the certificate you can run these commands to assign it to web, mail, and webmail:

plesk bin site -u example.com -certificate-name "Let's Encrypt example.com"
plesk bin domain_pref --update example.com -mail_certificate "Let's Encrypt example.com"
plesk bin domain_pref --update example.com -webmail_certificate "Let's Encrypt example.com"

I'm not sure what you mean by setting it as the "default" but you can just run it for all domains. If you need commands for the panel, there are some too.

 

[Pixelquest]

Hey Artalva, thats amazing! Thank you so much! This helps a lot. Now i can write a script that does this for all domains once a day if a certificate on the main server has changed. Thanks!!

 

[artalva]

Glad to hear it helped!

 

[Pixelquest]

Just a question in therory. I know the way to import a .pem certificate in plesk gui. Is there a way to import an .pem certificate via CLI?

 

[Kaspar@Plesk]

Just a question in therory. I know the way to import a .pem certificate in plesk gui. Is there a way to import an .pem certificate via CLI?

By upload you meaning getting a (.pem) file on to your server via command line? In most cases you'd download a file (using the wget utility), or use SCP to to transfer files via SSH (for example from your own computer to the server).

 

[Pixelquest]

Not that way... the case would be:
I already got the .pem file and the file is already copied to the other server. Now i'm asking myself if there is a plesk command to import this .pem file to a certain domain.

 

[Kaspar@Plesk]

I see. Sorry, I misunderstood your question.

The CLI utility commands for SSL/TLS actions can ben found in the Plesk CLI documentation. You can use the plesk bin certificate --create command (with the required paramaters) to create a new certificate based on certificate file you have.