"Your connection is not secure" error when logging into WHM/cPanel via Hostname
-
We do still offer a free cPanel signed hostname certificate for all servers with a cPanel license that have a valid hostname. If you purchased your cPanel license through a reseller it is possible they disabled the ability to obtain these certificates though. What is the output when you run the following via SSH: /scripts/checkallsslcerts --verbose
We did recently move our documentation to cPanel & WHM Documentation | cPanel & WHM Documentation but I'm not seeing that page there either. I've opened an internal query to find out what happened there.0 -
I get bash: /scripts/checkallsslcerts: No such file or directory
So I ran as (from your help pages)/usr/local/cpanel/bin/checkallsslcerts --verbose
and gotThe system will check for the certificate for the "cpanel" service. The system will attempt to replace the self-signed certificate for the "cpanel" service with a signed certificate from the cPanel Store. The system will attempt to install a certificate for the "cpanel" service from the system ssl storage. None of the certificates in the system ssl storage were acceptable to use for the "cpanel" service. The system will attempt to install a certificate for the "cpanel" service from the cPanel store. Received error "X::NoCertificate" from cPanel Store (No free ssl certificate found for this IP); requesting new certificate " Setting up HTTP DCV (/var/www/html/.well-known/pki-validation/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.txt) " " complete. DNS DCV is impossible because this system does not control DNS for "{MYSERVERDOMAIN}". Attempting HTTP DCV preflight check " FAILED: Cpanel::Exception/(XID qxjq5j) "{MYSERVERDOMAIN}" does not resolve to any IP addresses on the internet. at /usr/local/cpanel/Cpanel/SSL/DCV.pm line 694. Cpanel::SSL::DCV::_err_because_no_ips("{MYSERVERDOMAIN}") called at /usr/local/cpanel/Cpanel/SSL/DCV.pm line 272 Cpanel::SSL::DCV::_verify_http("{MYSERVERDOMAIN}/.well-known/pki-validation/7ECD"..., "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"..., "COMODO DCV", 0, 4, ARRAY(0x34a1e58)) called at /usr/local/cpanel/Cpanel/SSL/DCV.pm line 261 Cpanel::SSL::DCV::verify_http_with_dns_lookups("{MYSERVERDOMAIN}/.well-known/pki-validation/7ECD"..., "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"..., "COMODO DCV", 0, undef) calledat /usr/local/cpanel/Cpanel/Market/Provider/cPStore/Utils.pm line 98 Cpanel::Market::Provider::cPStore::Utils::imitate_http_dcv_check_locally("{MYSERVERDOMAIN}", ".well-known/pki-validation/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.txt", "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"...) called at /usr/local/cpanel/Cpanel/cPStore/HostnameCert/DCV.pm line 193 eval {...} called at /usr/local/cpanel/Cpanel/cPStore/HostnameCert/DCV.pm line 189 Cpanel::cPStore::HostnameCert::DCV::set_up("-----BEGIN CERTIFICATE REQUEST-----\x{a}XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"...) called at /usr/local/cpanel/Cpanel/cPStore/HostnameCert.pm line 172 Cpanel::cPStore::HostnameCert::_request_new_certificate(Cpanel::cPStore::HostnameCert=HASH(0x2a1c228))called at /usr/local/cpanel/Cpanel/cPStore/HostnameCert.pm line 142 Cpanel::cPStore::HostnameCert::get_hostname_cert_from_store(Cpanel::cPStore::HostnameCert=HASH(0x2a1c228)) called at bin/checkallsslcerts.pl line 542 bin::checkallsslcerts::_get_certificate_pem_from_store(bin::checkallsslcerts=HASH(0x263e130)) called at bin/checkallsslcerts.pl line 464 bin::checkallsslcerts::__ANON__() called at /usr/local/cpanel/3rdparty/perl/530/lib/perl5/cpanel_lib/Try/Tiny.pm line 97 eval {...} called at /usr/local/cpanel/3rdparty/perl/530/lib/perl5/cpanel_lib/Try/Tiny.pm line 88 Try::Tiny::try(CODE(0x2a1c060), Try::Tiny::Catch=REF(0x2967a00)) called at bin/checkallsslcerts.pl line 468 bin::checkallsslcerts::_replace_cert_with_ca_signed_cert_from_cpstore(bin::checkallsslcerts=HASH(0x263e130), "cpanel") called at bin/checkallsslcerts.pl line 320 bin::checkallsslcerts::_check_notify_and_auto_renew_cert_for_service(bin::checkallsslcerts=HASH(0x263e130), "cpanel") called at bin/checkallsslcerts.pl line 86 bin::checkallsslcerts::run(bin::checkallsslcerts=HASH(0x263e130)) called at bin/checkallsslcerts.pl line 50 Undoing HTTP DCV setup " " complete. [WARN] The system failed to acquire a signed certificate from the cPanel Store because of the following error:Neither HTTP nor DNS DCV preflight checks succeeded! The system will check for the certificate for the "dovecot" service. The system will attempt to replace the self-signed certificate for the "dovecot" service with a signed certificate from the cPanel Store. The system will attempt to install a certificate for the "dovecot" service from the system ssl storage. None of the certificates in the system ssl storage were acceptable to use for the "dovecot" service. The system will check for the certificate for the "exim" service. The system will attempt to replace the self-signed certificate for the "exim" service with a signed certificate from the cPanel Store. The system will attempt to install a certificate for the "exim" service from the system ssl storage. None of the certificates in the system ssl storage were acceptable to use for the "exim" service. The system will check for the certificate for the "ftp" service. The system will attempt to replace the self-signed certificate for the "ftp" service with a signed certificatefrom the cPanel Store. The system will attempt to install a certificate for the "ftp" service from the system ssl storage. None of the certificates in the system ssl storage were acceptable to use for the "ftp" service.
I redacted some bits that looked sensitive.0 -
Hi @philbean As a result of my internal inquiry It was explained that when we moved documentation sites the documentation page for this was moved to here: Manage Service SSL Certificates | cPanel & WHM Documentation We're also going to add a reference to this in some other locations to make it easier to find. For the issue with your hostname certificate: We attempt to perform two types of Domain Control Validation, DNS and HTTP. - The first error that stands out indicates that this server does not manage DNS for the domain:
DNS DCV is impossible because this system does not control DNS for "{MYSERVERDOMAIN}".
- The second indicates that the DCV check does not return an IP address for the hostname:
FAILED: Cpanel::Exception/(XID qxjq5j) "{MYSERVERDOMAIN}" does not resolve to any IP addresses on the internet.
0 - The first error that stands out indicates that this server does not manage DNS for the domain:
Please sign in to leave a comment.
Comments
3 comments