CPANEL-43335 - Hostname Services SSL (Clarification & Differentiation)
I just want to make sure I got this right about hostname service certificates (SSL), so can you please confirm/correct these statements for me:
Does this mean that new one SSL was installed and the old one replaced? Result: The SSL still covers both hostnames. Is there a setting in cPanel that forces the SSL to use previous names? I found a file "hostname_history.json" that lists previous hostnames. Could it be that the system draws names from it? Problem 2: iOS Mail Push Notifications service also shows a default hostname from my VPS provider and doesn't even cover my current hostname. I know that this service no longer works but is there a way to remove this name?
- Hostname SSL is completely separate from the domain SSLs.
- Every server (hostname) needs to have a SSL installed.
- When we talk about hostname SSL we are actually talking about hostname services SSL(s).
- AutoSSL regulates the issuance and installation of domain SSLs but not the hostname SSL.
- cPanel-signed certificate is regular DV CA SSL that you can purchase.
- For the hostname with a valid cPanel license and a server that meets the issuance requirements cPanel will:
- Issue a cPanel-signed SSL for free, automatically during the run of a nightly maintenance script
/usr/local/cpanel/scripts/upcp
or manually by running a script/usr/local/cpanel/bin/checkallsslcerts
. - In case you have an SSL already installed, it will be replaced by the issued cPanel-signed SSL if it meets any of the
- Delete any currently installed hostaname SSL.
- Install a new self-signed certificate.
- Issue a new cPanel-signed SSL, like in step 6, and once avilable replace the self-signed SSL.
- Issue a cPanel-signed SSL for free, automatically during the run of a nightly maintenance script
- WHM > Tweak Settings > "Replace service SSL certificates that do not match the local hostname" option will replace any service SSLs that do not match the hostname with a cPanel-signed SSL, also by automatically running a checkallsslcerts script. An inssurance option of sort, for cases such as when you change the hostname and forget to manually issue an SSL.
Does this mean that new one SSL was installed and the old one replaced? Result: The SSL still covers both hostnames. Is there a setting in cPanel that forces the SSL to use previous names? I found a file "hostname_history.json" that lists previous hostnames. Could it be that the system draws names from it? Problem 2: iOS Mail Push Notifications service also shows a default hostname from my VPS provider and doesn't even cover my current hostname. I know that this service no longer works but is there a way to remove this name?
-
Hey hey! 1 - Yes 2 - Yes 3 - Yes 4 - This is the current behavior. It's likely going to be improved a bit soon. 5 - We do have the option to purchase "fancier" SSLs if people want those. You can also purchase certificates through any provider and install them in cPanel. 6 - You've got it! 7 - Right 8 - Correct 9 - Yes Problem 1 that you mentioned isn't a problem at all - we issue all hostnames listed in the system, including the previous one, "just in case." There is no setting to control this as it is done automatically. That code snippet you posted does indicate the system is trying to install a valid certificate. For problem 2, I'm not aware of a way to remove that. 0 -
Thank you! How can I remove the previous hostname(s)? Which files contain that info? I want to reset the service certificate after that and see if it only covers the current name. 0 -
There isn't a simple way to do this as it's stored internally in some cPanel configuration files. 0 -
Not what I was hoping for, but thank you. 0 -
Sorry about that one! 0 -
That's an interesting case because it's one of those things that has just been that way since...forever. And no one questioned it! Until someone did and we made the case :D Ideally we would be able to introduce some type of logical delay on the backend that would refresh the page, which is what our devs are looking into. 0 -
I'm following along with that case now, so if I hear any updates I'll be sure to post them here. 0
Please sign in to leave a comment.
Comments
9 comments