Author: Sasa @ MegaHost Date: September 1, 2025 Category: System Fixes / Automation Tags: LiteSpeed, SSL, cron jobs, update-safe, automation

Why This Matters

SSL certificates are essential for secure hosting. But syncing them across LiteSpeed environments—especially after renewals or server tweaks—can be fragile. Manual syncing is error-prone. Blind automation risks overwriting or skipping certs. And careless scripts? They break things.

This tutorial shows how to build a modular, update-safe automation flow for syncing LiteSpeed SSL certs daily—without losing progress, breaking configs, or triggering silent failures.

What We’re Building

• A global sync script that copies certs from the ACME directory to LiteSpeed’s expected paths
• A daily cron job that runs the script with logging and explicit confirmation
• A resilient wrapper that checks for cert presence, validates paths, and avoids overwrites
• Optional: branded CLI output with ASCII headers and snarky commentary for careless setups

Directory Assumptions

bash

ACME_DIR="/etc/letsencrypt/live"
LSWS_CERT_DIR="/usr/local/lsws/conf/certs"
LOG_FILE="/var/log/megahost-ssl-sync.log"

You can modularize these into a config block or CLI flags later.

Step 1: Create the Sync Script

Save this as /usr/local/bin/megahost-ssl-sync.sh and make it executable.

bash

#!/bin/bash

ACME_DIR="/etc/letsencrypt/live"
LSWS_CERT_DIR="/usr/local/lsws/conf/certs"
LOG_FILE="/var/log/megahost-ssl-sync.log"
DATE=$(date '+%Y-%m-%d %H:%M:%S')

echo "[$DATE] Starting SSL sync..." >> "$LOG_FILE"

for DOMAIN in $(ls "$ACME_DIR"); do
  SRC_CERT="$ACME_DIR/$DOMAIN/fullchain.pem"
  SRC_KEY="$ACME_DIR/$DOMAIN/privkey.pem"
  DEST_CERT="$LSWS_CERT_DIR/$DOMAIN.crt"
  DEST_KEY="$LSWS_CERT_DIR/$DOMAIN.key"

  if [[ -f "$SRC_CERT" && -f "$SRC_KEY" ]]; then
    cp -u "$SRC_CERT" "$DEST_CERT"
    cp -u "$SRC_KEY" "$DEST_KEY"
    echo "[$DATE] Synced $DOMAIN certs." >> "$LOG_FILE"
  else
    echo "[$DATE] Skipped $DOMAIN — missing cert or key." >> "$LOG_FILE"
  fi
done

echo "[$DATE] SSL sync complete." >> "$LOG_FILE"

Notes:

• cp -u ensures update-safe copying—only newer files overwrite.
• Logs are timestamped for audit clarity.
• You can add ASCII headers or branding with echo -e if desired.

Step 2: Add the Cron Job

Run crontab -e and add:

bash

0 3 * * * /usr/local/bin/megahost-ssl-sync.sh

This runs the sync daily at 3:00 AM. Adjust timing as needed.

Step 3: Test It Manually

Run:

bash

sudo /usr/local/bin/megahost-ssl-sync.sh

Then check:

bash

cat /var/log/megahost-ssl-sync.log

You should see timestamped entries confirming each domain’s sync status.

Troubleshooting Tips

If the sync script doesn’t behave as expected, check:

• Permissions: Make sure the script is executable:bashchmod +x /usr/local/bin/megahost-ssl-sync.sh
• Cron Logging: If the cron job isn’t triggering, add this to the top of the script to force logging:bashexec >> "$LOG_FILE" 2>&1
• Path Conflicts: Some LiteSpeed setups use alternate cert paths. You can auto-detect them with:bashgrep -r "sslCertFile" /usr/local/lsws/conf/vhosts/

Future-Proofing Ideas

Want to evolve this into a full MegaHost module? Here’s what you could add:

• Flag Parser: Support --dry-run, --verbose, --force, and --careless-mode flags.
• Branded Output: Add ASCII headers like:bashecho -e "\n🛰️ MegaHost SSL Sync — Update-Safe Cert Transfer\n"
• Self-Healing Logic: Detect missing certs and auto-request renewal via certbot or your preferred ACME client.
• Client Audit Mode: Log sync status per domain and generate a branded HTML or CLI report.

Final Thought

Automation isn’t just about speed—it’s about trust. This script respects your certs, your configs, and your sanity. It’s update-safe, modular, and ready to be branded for client use.

If you ever want to wrap this into a branded CLI suite with blinking gradients, sci-fi startup sequences, or philosophical flags like --trust-but-verify, I’m ready to help you build it.

MegaHost isn’t just hosting—it’s clarity, control, and creative defiance.

—Sasa