Automatically Installation of SSL

[Mahtab Hassan]

Hello everyone!

I was wondering, how to install ssl certificates after generating and add spf records without logging in to vPanel.

if anybody can explain. i will be very thankful 

[SpookyKipper]

Hello,

There isn't any official api to do this, but:

for my own free host, I modified Xera a bit and used JavaScript with the domain checker and cPanel login. I embed them in a (hidden) IFRAME and make 2 post requests within the IFRAME automatically using JavaScript, which the url is the vPanel endpoints.

 

TinkerHost seem to be having everything done automatically, I am currently unsure on how he can get the live ssl status for installation before we login to the client area(maybe a cron or GoGetSSL webhook?)

Edited April 6, 2023 by SpookyKipper

[TinkerMan]

2 hours ago, SpookyKipper said:

TinkerHost seem to be having everything done automatically

I do. It’s a fairly new feature for me, and if possible, I would love to be the sole creator of it for awhile. 
 

I can give some things away though. All the code for the implementation is in PHP, noting has been modified with the vP to make this specific thing work (We all know what happens when you use frontend code, it just gets copied). 

PM me on discord for more 

[Mahtab Hassan]

5 minutes ago, TinkerMan said:

I do. It’s a fairly new feature for me, and if possible, I would love to be the sole creator of it for awhile. 
 

I can give some things away though. All the code for the implementation is in PHP, noting has been modified with the vP to make this specific thing work (We all know what happens when you use frontend code, it just gets copied). 

PM me on discord for more 

i see

[SpookyKipper]

22 minutes ago, TinkerMan said:

I would love to be the sole creator of it for awhile. 

Nice 👍

22 minutes ago, TinkerMan said:

We all know what happens when you use frontend code, it just gets copied

Good point. You made me scrap the idea of using JavaScript as the vp frontend.

[BastelPichi]

You can archieve this by recreating the raw http requests your browser is sending - its defenetly possible.

[TinkerMan]

8 minutes ago, BastelPichi said:

recreating the raw http requests your browser is sending

That’s pretty much what I’m doing

Edited April 6, 2023 by TinkerMan

[BastelPichi]

2 minutes ago, TinkerMan said:

That’s pretty much what I’m doing

ik 😂

You sent me some of your code after all...

[TinkerMan]

I did, I did. And you were a huge help (Even though yours was in a different language)

[BastelPichi]

On 4/6/2023 at 7:19 PM, TinkerMan said:

I did, I did. And you were a huge help (Even though yours was in a different language)

Yes. Now that I have your code Ill sue the hell outta you with fake copyright. gg.

Nah just kidding

[TinkerMan]

I'll just share the 5 lines of code I shared with you with everyone then!

 

(Also, the code does not even work, so...)

 

$fields = array(
  'domain_name'  => $domain,
  'key'  => $SQLSSLInfo['private_key']
);

$fields_string = http_build_query($fields);

 

[SpookyKipper]

11 hours ago, TinkerMan said:

I'll just share the 5 lines of code I shared with you with everyone then!

 

(Also, the code does not even work, so...)

 

$fields = array(
  'domain_name'  => $domain,
  'key'  => $SQLSSLInfo['private_key']
);

$fields_string = http_build_query($fields);

 

$SQLSSLInfo

hmmm

You save the private key in a SQL Database like me?

Edited April 9, 2023 by SpookyKipper

[TinkerMan]

10 hours ago, SpookyKipper said:

You save the private key in a SQL Database

It’s really not a good idea, but I have to in order to display it to the user. 
 

Encrypting it is on my to-do list. 

[Mahtab Hassan]

1 hour ago, TinkerMan said:

It’s really not a good idea, but I have to in order to display it to the user. 
 

Encrypting it is on my to-do list. 

i think you should encrypt private key and store it in a file with unique file structure with an unguessable name.

 

23 hours ago, TinkerMan said:

I'll just share the 5 lines of code I shared with you with everyone then!

 

(Also, the code does not even work, so...)

 

$fields = array(
  'domain_name'  => $domain,
  'key'  => $SQLSSLInfo['private_key']
);

$fields_string = http_build_query($fields);

 

thank you for sharing the code even though it is of no use.

 

On 4/6/2023 at 4:19 AM, SpookyKipper said:

Hello,

There isn't any official api to do this, but:

for my own free host, I modified Xera a bit and used JavaScript with the domain checker and cPanel login. I embed them in a (hidden) IFRAME and make 2 post requests within the IFRAME automatically using JavaScript, which the url is the vPanel endpoints.

i will try it

[SpookyKipper]

18 hours ago, TinkerMan said:

Encrypting it is on my to-do list. 

you can try using openssl_encrypt function in php, that's what I use

Edited April 10, 2023 by SpookyKipper

[MeTooIDK]

On 4/6/2023 at 2:42 PM, Mahtab Hassan said:

Hello everyone!

I was wondering, how to install ssl certificates after generating and add spf records without logging in to vPanel.

if anybody can explain. i will be very thankful 

Sure! 
Theres 3 way

use js
everytime user go into panel
use js XHR --> Your API Check User has SSL not Installed

if not installed

XHR --> ADD CSR,KEY,CERT( Dev Tools Network tab can track request data)
no need worry about CSRF Problem. Same domain so CSRF problem could be solved
puppeteer (EASY,HIGH RAM CPU USAGE) : 
Headless Chromium Browser. 
You can use JS to control browser to do something like Login,Because VP doesnt has captcha.

http request (HARD):
this is example login using axios,qs. 

this is part of code of my old project. It was for a 3rd Party VistaPanel - SukaPanel. Archived,that repo is the api

https://github.com/ImLoadingUuU/MSA

  
    var data = qs.stringify({
      'uname': req.body.uname || "", 
      'passwd': req.body.passwd  || "",
      'theme': 'PaperLantern',
      'seeesurf': req.body.seeesurf || '555930360198781056',
      'login': '' 
    });
    var config = {
      method: 'post',
      url: 'https://cpanel.epizy.com/login.php',
      headers: { 
        'User-Agent': useragent, 
        'Content-Type': 'application/x-www-form-urlencoded'
      },
      data : data
    };
    
    axios(config)
    .then(function (response) {
      let docu = cheerio.load(response.data)
      if (docu("#forms script").html()) {
        console.log(response.headers["set-cookie"])
      res.setHeader("cookie",response.headers["set-cookie"])
      res.send({
        message: "Success",
        successful: true,
        authID: docu("#forms script").text().replace(`document.location.href = '`).slice(0,-1).replace("undefined","").replace("panel/indexpl.php?id=",""),
        cookie: response.headers["set-cookie"][1].split(";")[0].split("=")[1],

      })
      } else {
      res.send({
         successful: false,
        message: docu("#login-sub #forms").text(),
        cookie: response.headers["set-cookie"][0].split(";")[0].split("=")[1],
      })
      }
      
    })
    .catch(function (error) {
      console.log(error);
    });
    

 

Edited April 30, 2023 by MeTooIDK

[PlanetCloud]

2 hours ago, MeTooIDK said:

this is part of code of my old project. It was for a 3rd Party VistaPanel - SukaPanel. Archived,that repo is the api

https://github.com/ImLoadingUuU/MSA

Repo 404, probably private.

 

[MeTooIDK]

26 minutes ago, PlanetCloud said:

Repo 404, probably private.

 

i forgot to change,changed

[SpookyKipper]

7 hours ago, MeTooIDK said:

XHR --> ADD CSR,KEY,CERT( Dev Tools Network tab can track request data)

you don't need csr

[PlanetCloud]

Although it's good with good intentions, I think this could lead to security issues instead... DM me @MeTooIDK