How to install the SSL certificate for all subdomains?
CPanel automatically installed the SSL certificate in the primary domain. So far so good (attached image).
However, the problem is in the subdomains. For example: sandbox.
In Manage SSL Hosts, everything is fine with the SSL from sandbox. (attached image). But when I access it through the browser, the "Not secure" message continues (image attached).
In another cPanel account that I used, the certificate was installed automatically and always contained the message "Secure". But I'm having problems with this one.
Could it be some misconfiguration? Can someone help me? I have access to the WHM root user.
Thank you.
-
Currently, the SSL you have on sandbox.patamar.app.br is self-signed certificate and not certificate authority (CA) issued for which the browser won't show a secure green padlock. You can uninstall the current self-signed certificate and reinstall the SSL from AutoSSL option in WHM WHM > SSL-TLS > Manage AutoSSL
[QUOTE]0 -
Currently, the SSL you have on sandbox.patamar.app.br is self-signed certificate and not certificate authority (CA) issued for which the browser won't show a secure green padlock. You can uninstall the current self-signed certificate and reinstall the SSL from AutoSSL option in WHM
WHM > SSL-TLS > Manage AutoSSL
Thanks for the answer. I performed the procedure as instructed, now it appears that it was issued by cPanel but still the message "Not secure". (Attached image)0 -
From what I see AutoSSL is yet not installed for sub-domain sandbox. 0 -
From what I see AutoSSL is yet not installed for sub-domain sandbox.patamar.app.br
I'll tell you what procedures I did: In cPanel, I entered Manage SSL Hosts, clicked on Unistall in the line where there was a certificate installed for sandbox. Then, the line that included the installation of this subdomain disappeared. Then I accessed WHM -> SSL / TLS -> Manage AutoSSL and clicked on Run AutoSSL For All Users. The message "AutoSSL is now checking all users. The process has ID 19138." That's what I did. Is correct?0 -
Yes, that is correct. If there are many accounts then process ID 19138 may take some time, wait till it completes. Just running AutoSSL for "patamar" only would be quicker. 0 -
Yes, that is correct. If there are many accounts then process ID 19138 may take some time, wait till it completes. Just running AutoSSL for "patamar" only would be quicker.
I only have this account with this primary domain. I checked the list of ongoing processes, ID 19138 is not there, I believe it has already been finalized. Is there anything else that can be done?0 -
Please share AutoSSL logs for analysis. 0 -
Please share AutoSSL logs for analysis.
***Moderator note: I've removed the log entries with the domain name but the primary error is the following:WARN Sectigo HTTP DCV verification failure (www.ss.subdomain.tl.d): (XID zyrkx3) The system failed to set the permissions on "/home/patamarapp/public_html/sistema_imobiliario/patamar-adm/.well-known/pki-validation" to "0755" (as EUID: 1002, EGID: 1004 1004) because of the following error: Operation not permitted
0 -
Please review the ownership values configured on the /home/patamarapp/public_html/sistema_imobiliario/patamar-adm/.well-known/pki-validation
directory to ensure they are owned by the account user and share output for the below command:lsattr -d /home/patamarapp/public_html/sistema_imobiliario/patamar-adm/.well-known/pki-validation
0 -
@kodeslogic has the right of it, this isn't a DCV failure it looks like an ownership issue or an inability to modify the file within that directory. 0 -
Please review the ownership values configured on the
/home/patamarapp/public_html/sistema_imobiliario/patamar-adm/.well-known/pki-validation
directory to ensure they are owned by the account user and share output for the below command:lsattr -d /home/patamarapp/public_html/sistema_imobiliario/patamar-adm/.well-known/pki-validation
I tried to run the suggested code, but I received the following error:lsattr: Permission denied while trying to stat /home/patamarapp/public_html/sistema_imobiliario/patamar-adm/.well-known/pki-validation
I ran it through the root user. I should have permission for everything, right?0 -
Yes, As a root user you should have all permission. You can contact a certified
I think I managed to execute it by inserting the command "sudo" before the main one. He returned to me like this:---------------- /home/patamarapp/public_html/sistema_imobiliario/patamar-adm/.well-known/pki-validation
What do I do now? Do I try to run AutoSSL again?0 -
Execute below two commands in the given sequence cd /home/patamarapp/public_html/sistema_imobiliario/patamar-adm/ find . -type d -exec chmod 755 {} \;
After this again check output it should as belowlsattr -d /home/patamarapp/public_html/sistema_imobiliario/patamar-adm/.well-known/pki-validation drwxr-xr-x /home/patamarapp/public_html/sistema_imobiliario/patamar-adm/.well-known/pki-validation
FYI: Use sudo if required.0 -
Execute below two commands in the given sequence
cd /home/patamarapp/public_html/sistema_imobiliario/patamar-adm/ find . -type d -exec chmod 755 {} \;
After this again check output it should as belowlsattr -d /home/patamarapp/public_html/sistema_imobiliario/patamar-adm/.well-known/pki-validation drwxr-xr-x /home/patamarapp/public_html/sistema_imobiliario/patamar-adm/.well-known/pki-validation
FYI: Use sudo if required.
I executed the commands as you instructed me. Below are the returns:[centos@ip-172-31-22-177 patamar-adm]$ find . -type d -exec chmod 755 {} \; [centos@ip-172-31-22-177 patamar-adm]$ lsattr -d /home/patamarapp/public_html/sistema_imobiliario/patamar-adm/.well-known/pki-validation ---------------- /home/patamarapp/public_html/sistema_imobiliario/patamar-adm/.well-known/pki-validation [centos@ip-172-31-22-177 patamar-adm]$ drwxr-xr-x /home/patamarapp/public_html/sistema_imobiliario/patamar-adm/.well-known/pki-validation -bash: drwxr-xr-x: command not found [centos@ip-172-31-22-177 patamar-adm]$
0 -
Try cd /home/patamarapp/public_html/sistema_imobiliario/patamar-adm/ sudo chmod -R 755 .well-known
0 -
I think I solved it. I removed the pki-validation folder and started AutoSSL. Apparently he created a new one, without permission problems. I looked in my cPanel, all subdomains are valid AutoSSL now. However, accessing through the browser still counts as "Not secure". Is it necessary to wait a while to be propagated? 0 -
Thank you all for your efforts to help me. 0
Please sign in to leave a comment.
Comments
19 comments