Manage SSL Services via WHM
Hello,
I have self-signed SSL certificates on my cPanel/WHM services. Do I need to wait for the cPanel maintenance to run so the server can order a replacement certificate? If so, when does the maintenance script usually run (how often)? Also, can I run the script via the terminal before the auto maintenance script runs? Will that cause any issues? Any help would be appreciated. Thanks.
-
Hi @Alongar, A self-signed certificate is a security certificate that is not signed by a certificate authority. Does your hosting provider use the AutoSSL functionality that provisions free Comodo or Lets Encrypt certificates? They are valid for three months and are automatically renewed by the cPanel / WHM system. 0 -
Hi @Alongar, A self-signed certificate is a security certificate that is not signed by a certificate authority. Does your hosting provider use the AutoSSL functionality that provisions free Comodo or Lets Encrypt certificates? They are valid for three months and are automatically renewed by the cPanel / WHM system.
@ZenHostingTravis I'm on a VPS which has AutoSSL that provides free certs through cPanel (Sectigo cert). AutoSSL is enabled. I had 16 days left on my cert until it expired. My cPanel/WHM services never received a new issued certificate from cPanel and I thought the renewal for AutoSSL kicks in when you have 25 days left. With that said, I reset the certs under WHM>>Manage Service SSL Certificates and I received 'self-signed' certificates. In an attempt to retrieve a cPanel issued cert, I ran:/usr/local/cpanel/bin/checkallsslcerts
Still no luck.0 -
Hi @Alongar, To clarify, you haven't received a new SSL for your server's hostname? I don't remember a time when I've had to run a script for AutoSSL. We manage it all via WHM. 0 -
Hi @Alongar, To clarify, you haven't received a new SSL for your server's hostname? I don't remember a time when I've had to run a script for AutoSSL. We manage it all via WHM.
@ZenHostingTravis Nope, I haven't received a new SSL for server's hostname.0 -
@ZenHostingTravis Nope, I haven't received a new SSL for server's hostname.
If it has been longer than 24 hours and the DNS is correct, you should open a support ticket. Any other suggestions, @cPRex?0 -
What was the output from the checkallsslcerts command? You'll want to make sure the hostname of the server resolves properly in DNS, but if there are errors I would expect them to show up in that output. If you can send us that, making sure to remove any personal details like the domain or IP, that may give us more clues. 0 -
Hello, @cPRex This is what I get: # /usr/local/cpanel/bin/checkallsslcerts The system will check for the certificate for the "cpanel" service. The system will attempt to replace the self-signed certificate for the "cpanel" service with a signed certificate from the cPanel Store. The system will attempt to install a certificate for the "cpanel" service from the system ssl storage. None of the certificates in the system ssl storage were acceptable to use for the "cpanel" service. The system will attempt to install a certificate for the "cpanel" service from the cPanel store. The system will check for the certificate for the "dovecot" service. The system will attempt to replace the self-signed certificate for the "dovecot" service with a signed certificate from the cPanel Store. The system will attempt to install a certificate for the "dovecot" service from the system ssl storage. None of the certificates in the system ssl storage were acceptable to use for the "dovecot" service. The system will check for the certificate for the "exim" service. The system will attempt to replace the self-signed certificate for the "exim" service with a signed certificate from the cPanel Store. The system will attempt to install a certificate for the "exim" service from the system ssl storage. None of the certificates in the system ssl storage were acceptable to use for the "exim" service. The cPanel Store is processing the hostname certificate request. The system will check the cPanel Store again the next time that "/usr/local/cpanel/bin/checkallsslcerts" runs.0 -
Thanks for the additional output. That all seems normal to me. It did the request, sent it to the cPanel Store, and now it's waiting to be processed. If you think this is waiting longer than necessary (which should really be less than 10 minutes for that to get issued, in my experience) than I'd submit a ticket to our team so we can check the SSL order on our end and get you more details. It's possible there are other problems that are keeping the SSL from being issued on our side, but that output you sent is exactly what I like to see. 0 -
Thanks for the additional output. That all seems normal to me. It did the request, sent it to the cPanel Store, and now it's waiting to be processed. If you think this is waiting longer than necessary (which should really be less than 10 minutes for that to get issued, in my experience) than I'd submit a ticket to our team so we can check the SSL order on our end and get you more details. It's possible there are other problems that are keeping the SSL from being issued on our side, but that output you sent is exactly what I like to see.
@cPRex It's been longer than 24hrs. I stumbled on this in my cpanel/logs/error_log:cpsrvd fb75096c016d: Cpanel::Exception::NetSSLeay/(XID vrjsuh) Net::SSLeay::ssl_write_all(SCALAR(0x2bf2e18)) produced an operating system error (EPIPE, Broken pipe) and 1 [asis,OpenSSL] [numerate,_6,error,errors]: ARRAY(0x2c5a950) at /usr/local/cpanel/Cpanel/Server/Connection/SSL.pm line 64. Cpanel::Server::Connection::SSL::write_buffer(Cpanel::Server::Connection::SSL=HASH(0x2b6b3b0), SCALAR(0x2bf2e18)) called at /usr/local/cpanel/Cpanel/Server/Response.pm line 217 Cpanel::Server::Response::__ANON__(SCALAR(0x2bf2e18)) called at /usr/local/cpanel/Cpanel/Server/Responders/Stream/Gzip.pm line 92 Cpanel::Server::Responders::Stream::Gzip::write(Cpanel::Server::Responders::Stream::Gzip=HASH(0x2bf30a0), 6) called at /usr/local/cpanel/Cpanel/Server/Responder.pm line 176 Cpanel::Server::Responder::finish(Cpanel::Server::Responders::Stream::Gzip=HASH(0x2bf30a0), 2) called at /usr/local/cpanel/Cpanel/Server/Responders/Chunked/Gzip.pm line 29 Cpanel::Server::Responders::Chunked::Gzip::finish(Cpanel::Server::Responders::Stream::Gzip=HASH(0x2bf30a0), 2) called at /usr/local/cpanel/Cpanel/Server/Responder.pm line 91 Cpanel::Server::Responder::readonly_from_input_and_send_response(Cpanel::Server::Responders::Stream::Gzip=HASH(0x2bf30a0)) called at /usr/local/cpanel/Cpanel/Server/Response.pm line 141 Cpanel::Server::Response::send_response(Cpanel::Server::Response=HASH(0x2b6b638), Cpanel::Server::Response::Source::ReadOnlyString=HASH(0x2b91ef0)) called at cpsrvd.pl line 3070 cpanel::cpsrvd::servcontent("document", "./frontend/paper_lantern/libraries/cjt2-dist/frameworks.cmb.js", "use_magic", 1, "static", 1, "content_type", "text/javascript") called at cpsrvd.pl line 2805 cpanel::cpsrvd::dodoc_cpaneld() called at cpsrvd.pl line 2028 cpanel::cpsrvd::dodoc(HASH(0x136a998)) called at cpsrvd.pl line 1776 cpanel::cpsrvd::handle_one_connection(5) called at cpsrvd.pl line 1102 cpanel::cpsrvd::script() called at cpsrvd.pl line 431 Cpanel::Exception::NetSSLeay/(XID 5uw6fj) Net::SSLeay::ssl_write_all(HTTP/1.1 500 Internal Error\x{0d}\x{0a}Connection: close\x{0d}\x{0a}Content-type: text/html; charset="utf-8"\x{0d}\x{0a}X-Error-Message: Error ID fb75096c016d\x{0d}\x{0a}\x{0d}\x{0a}) produced an operating system error (EPIPE, Broken pipe) and 1 [asis,OpenSSL] [numerate,_6,error,errors]: ARRAY(0x2c5b070) at /usr/local/cpanel/Cpanel/Server/Connection/SSL.pm line 64.0 -
Those logs in your last reply seem like they are related to a cPanel user's access to their interface, and not something that would be related to the AutoSSL system. Let me know that ticket number once you get it submitted and then I can follow along and keep everyone here updated. 0 -
@cPRex Ticket #93957669. 0 -
So, the issue I had was a connection issue between my server and Sectigo. After whitelisting their IPs in my Firewall, the certificate was retrieved and installed. Thanks to cPanel techs for resolving the issue. 0 -
Glad they were able to get that resolved for you! 0
Please sign in to leave a comment.
Comments
13 comments