When I first set up WHM, or whenever I add a domain, accessing it via HTTPS results in a large error page. Why is this, and how can I fix it?
Chrome and Microsoft Edge:
NET::ERR_CERT_AUTHORITY_INVALID
Firefox:
MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT
Safari:
This website may be impersonating "domain.com" to steal your personal or financial information. You should close this page.
Explanation
This error is shown while utilizing a self-signed certificate. When you first set up your server, or when you initially add a domain, the server generates a self-signed certificate as a placeholder to ensure HTTPS traffic is functional.
There are two primary components to the security of SSL: Encryption Strength and Trust Level.
All certificates used by cPanel offer the same base level of encryption strength. The error in question is related to the trust level.
To ensure certificates aren't generated by just anyone and used for malicious purposes, there are multiple Certificate Authorities designated to confirm the server actually controls the domain for which they're generating the certificate. Your browser automatically trusts these certificates because they have been verified by a source of truth.
A self-signed certificate, however, does not have that verification step. You can generate an SSL certificate on any machine, and you can assign it to any domain, but only if it has been signed by a certificate authority will it not show an error in a browser. This prevents a bad actor in privileged position on a network from redirecting traffic from a particular domain to their malicious server and pretending to be the trusted domain.
If you're sure the server you're communicating with is correct, you can click the "Advanced" or "Show More" buttons and continue to the website.
Note: Certificates are not issued to IP addresses. Accessing the server directly via the IP will always result in a certificate verification error.
Solution
Hostname
This certificate should be generated automatically, but if it isn't, you'll need to confirm your hostname is set, then attempt to re-issue the certificate.
Effective Hostname Usage With cPanel & WHM
How to generate a free hostname certificate with AutoSSL
If a certificate is still not issued, a configuration error may be present.
User Domain
This certificate should be generated automatically, but if it isn't, you will need to confirm your DNS records are configured properly, then attempt to re-issue the certificate.
How to Manually Renew AutoSSL Certificates
If a certificate is still not issued, a configuration error may be present.
Comments
0 comments
Article is closed for comments.