Failing to acquire SSL on DNSONLY server
Not sure if this is the right forum, but I currently have two DNSONLY servers setup for my nameservers: ns1.domain.com and ns2.domain.com. The NS1 DNSONLY server acquired an SSL certificate without any issues. However on the NS2 server, since I set it up about a month ago, it has failed to get an SSL every night and I get an e-mail every night with the following info:
Can someone point me in the right direction of which log files you might need, as well as how to go about getting this resolved? From what I can tell, the server is setup fine as I followed all of the exact same instructions for NS2 as I did for NS1.
Thanks!
| The system failed to acquire a signed certificate from the cPanel Store because of the following error: The system failed to acquire a signed certificate from the cPanel Store. at bin/checkallsslcerts.pl line 653. |
-
HI, 1) make sure the A record/cnames are correctly pointed to the server 2) make sure the hostname is correct ( fully qualified domain name ) 3) then try to install ssl using following command /usr/local/cpanel/bin/checkallsslcerts0 -
If you get any additional errors from the checkallsslcerts command that @Maxin John posted, that may also be helpful, as that particular error from the email notification doesn't give us much information to work with. 0 -
I went through and checked everything. Here is the info: 1. All DNS entries are correct and present. I checked inside of WHM's DNS Zone Manager and both ns1.domain.com and ns2.domain.com match exactly, except for the IP addresses, which both have different public IP addresses. 2. The hostname looks like this: [root@ns2 ~]# hostnamectl Static hostname: ns2.domain.com Icon name: computer-vm Chassis: vm Machine ID: 0217712f4e6c47908a53ba7609105463 Boot ID: 4ffc906d9e8b4b36a0423927c1060012 Virtualization: qemu Operating System: CentOS Linux 7 (Core) CPE OS Name: cpe:/o:centos:centos:7 Kernel: Linux 3.10.0-1160.59.1.el7.x86_64 Architecture: x86-64 [root@ns2 ~]# hostname ns2.domain.com
3. And the output from your command gives me this:[root@ns2 ~]# /usr/local/cpanel/bin/checkallsslcerts The system will check for the certificate for the "cpanel" service. The system will attempt to replace the self-signed certificate for the "cpanel" service with a signed certificate from the cPanel Store. The system will attempt to install a certificate for the "cpanel" service from the system ssl storage. None of the certificates in the system ssl storage were acceptable to use for the "cpanel" service. The system will attempt to install a certificate for the "cpanel" service from the cPanel store. [WARN] The system failed to acquire a signed certificate from the cPanel Store because of the following error: The system failed to acquire a signed certificate from the cPanel Store. at bin/checkallsslcerts.pl line 653. The system will check for the certificate for the "exim" service. The system will attempt to replace the self-signed certificate for the "exim" service with a signed certificate from the cPanel Store. The system will attempt to install a certificate for the "exim" service from the system ssl storage. None of the certificates in the system ssl storage were acceptable to use for the "exim" service.0 -
Waaaaiiiiittttttt I think I got it figured out. I did a Google search for the error and found this thread and response: "/var/cpanel/hostname_cert_csrs.cpbkp"
Once that renamed the hostname_cert_csrs directory, I ran the following command:/usr/local/cpanel/bin/checkallsslcerts --verbose
Everything went through just fine, and it looks as if my ns2 server now has the signed certificate. Thanks for sort of leading me in the right direction!0
Please sign in to leave a comment.
Comments
4 comments