Confused about installing new certificate for hostname
I have been using a premium SSL certificate for cpanel/whm at hostname.domain.com:2087
The premium certificate expired and I would like to start using the free AutoSSL with that i use for all my other domains (currently using cpanel as the provider).
I have read through posts here and some of the documentation but i am confused about the exact steps I need to take to force/install a new AutoSSL Cpanel cert.
Can someone post a link or steps to what, exactly needs to be done in this situation?
TIA!
-
Hi @Tearabite The free hostname SSL process is a bit different than the standard AutoSSL process but ultimately if your current certificate is expired you can get the hostname certificate by running the following via CLI: /usr/local/cpanel/bin/checkallsslcerts --verbose Though this process (pending you hadn't made any customizations) should be automatic. You can see the new certificate (or manage existing ones) by going to WHM>>Service Configuration>>Manage Service SSL Certificates Our documentation on this can be found here: Manage Service SSL Certificates - Version 68 Documentation - cPanel Documentation Thanks! 0 -
thank you! when running that command I see an error about pki-validation - the temp file cant be found. It looks like I have a DNS issue I need to work out. I will try again after i fix that. 0 -
Hi @Tearabite Let us know if you need assistance with the error as well! Thank you! 0 -
ok, this is turning a bit into a cluster... My configuration is a bit non-standard because some of this domain (www) is hosted on one server, and the hostname.cpanel/email/whm services are hosted on a different server. The problem now is that for hostname.domain.com running /usr/local/cpanel/bin/checkallsslcerts --verbose is generating the pki-validation/xxxxxxyyyyy.txt file in an unknown location - it seems that it is not being generated in the cpanel account/public_html account that (i thought) it should be. If i put a dummy file anywhere in the public_html folder of the cpanel account I thought was tied to hostname.domain.com and browse to 0 -
Hi @Tearabite For the hostname SSL they should be created in /var/www/html/.well-known/pki-validation If you go there do you see the hash file? Thank you, 0 -
Can you tell me the exact error you get when you run /usr/local/cpanel/bin/checkallsslcerts --verbose 0 -
This is the error: [WARN] The system failed to acquire a signed certificate from the cPanel Store because of the following error: (XID ra934h) The system queried for a temporary file at ", but the web server responded with the following error: 404 (Not Found). A DNS (Domain Name System) or web server misconfiguration may exist. I found the location where the pki-validation files are being created - it's in an account that has nothing to do with the hostname account. I also found that when trying to open 0 -
Hello, They should definitely not be created in any other location besides /var/www/html/.well-known/pki-validation for the hostname. Can you run the following: grep -r hostname.domain.tld /var/cpanel/users/ If the hostname is listed anywhere but in the system user this is an issue. Can you also ensure that the hostname resolves to that server properly: dig a hostname.domain.tld
Do you have any Apache includes on the server? You can see this at WHM>>Service Configuration>>Apache Configuration -> Include Editor0 -
I dont see any includes. Here is the output from the two commands above (grep was blank/no result): root@server [~]# grep -r hostname.domain.net /var/cpanel/users/ root@server [~]# dig a hostname.domain.net ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.5 <<>> a hostname.domain.net ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42265 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0 ;; QUESTION SECTION: ;hostname.domain.net. IN A ;; ANSWER SECTION: hostname.domain.net. 3600 IN A xx.yy.zz.75 ;; AUTHORITY SECTION: domain.net. 86400 IN NS dns2.ourNShost.com. domain.net. 86400 IN NS dns1.ourNShost.com. ;; Query time: 52 msec ;; SERVER: xx.yy.206.2#53(xx.yy.206.2) ;; WHEN: Thu Apr 12 09:27:27 2018 ;; MSG SIZE rcvd: 103 I think i may have found (part of, at least) the issue: hostname.domain.net. 3600 IN A xx.yy.zz.75 xx.yy.zz.75 is statically assigned to this "other" account where the files are being created; that IP should probably be reserved only for hostname.domain.net. I will be moving that 'other' account to the shared IP pool - will there be any other steps to make sure that hostname.domain.net is using xx.yy.zz.75 and all the files for it get written into the /var/www/html/.well-known/pki-validation dirs? 0 -
The hostname should use the primary IP of the server, it sounds like it's using an IP that's dedicated to another account. Changing the A record for the hostname or moving the account to the main/shared IP would most likely resolve the issue (based on what I know of the configuration from here) 0 -
right now the hostname AND this 'other' account are using the same IP.. i will be moving "other" to the shared IP address leaving only hostname.domain.net using that IP. Is there a specific setting somewhere to make this the "primary" IP ? 0 -
Hi @Tearabite Hi, wouldn't suggest making changes to the network configuration unless you're an experienced system or network administrator. Ultimately the primary IP is the IP listed on the first network interface. In most cases, this is the IP listed under eth0 We have a couple of threads on how to do this Thank you, 0
Please sign in to leave a comment.
Comments
13 comments