Skip to main content
cPanel Technical Support has been heavily impacted by hurricane Beryl and our ability to respond to tickets has been hindered as a result. We appreciate your understanding and patience as we address these delays.

Trouble purchasing new SSL through WHM Wizard, possible nameserver issue

Comments

8 comments

  • Huusoku
    So it seems to make sense that Sectigo rejected us since this IP that is running the wildcard cert that we are trying to purchase is NOT the same IP as our machine.

    when I reload the page and view the record again for ns2., the change did NOT occur: It still lists a different IP.

    Still trying to figure this out. What is the process to change a nameserver IP address? I went to DNS Functions > Nameserver Record Report and see ns2. with the non-server main IP (and also now see ns3. and ns4. entries, all with this alternative IP address), clicked Edit Zones for ns2. which led to the DNS Functions > DNS Zone Manager page, clicked Manage for ns2.ourdomainname.com, see the alternate IP for the ns2. 'A' record, clicked Edit and entered our machine's main IP address, changed the IP to our main IP, clicked Save Record, and then Restarted DNS Server. Then on every page that shows the IP for ns2. the save did NOT go into effect, it still lists some other IP address. Do we need to restart the server for ns2. address changes to process/become permanent? Thanks EDIT: The IP change DID get saved on the DNS Zone Manager page for our ns2. nameserver's 'A' record. Even fresh F5+Reload of browser verifies the IP address was successfully changed. But everywhere else, such as IP Functions > Show IP Address Usage, still shows the old IP address that Sectigo doesn't like...
    0
  • Huusoku
    What is the process to change a nameserver IP address?

    Ah! I think I figured it out! Lol this was seemingly (so far) so easy. For others, go to Account Functions > Change Site"s IP Address, select your domain, click Change, set the new address to your server's main shared IP, then click Change again. You can then verify that the change was done by visiting IP Functions > Show IP Address Usage and the domainname will now fall under your main IP address. I'll keep this updated with the process of the new SSL cert Regards, Huusoku
    0
  • Huusoku
    New (third attempt) certificate has been ordered. Hopefully Sectigo is happy this time. Our site went offline during this process, with the SORRY! page appearing. Our domain name is through GoDaddy so I updated the IP address to ns2. to our main server IP (and interestingly enough the IP for ns1. was ALSO the alternate IP, not the matching main IP as configured on our server all this time). So now both ns1. and ns2. nameservers at GoDaddy point to our server's main IP, which matches now what's shown all across WHM. Interestingly, despite flushing DNS cache on machines here at work, some systems (like my laptop) load our site just fine (and not cache copies, I can save edits and make changes, everything functions normally) while other machines only still continue to receive the SORRY! page even despite restarts. Had I know this I would have waited until tonight to make the IP change. I've learned a lot so hopefully caches will get updated soon this afternoon, the SSL order will go through, and everything will be golden once again Have a nice day! Huusoku
    0
  • cPRex Jurassic Moderator
    Thanks for posting your experience here, and I'm glad you got things working!
    0
  • Huusoku
    Thanks for the reply cPRex. Got into work and checking me email I see Mae responded saying that our third SSL certificate order attempt (order # 2672385793) is ALSO "stuck in a pending state." So now she is escalating this issue to technical support. Ohh man we only have 2 days left on our cert that I've been trying to renew for 27 days One idea I had over the weekend is that because the OV process is more involved, perhaps we should, for the time being, order a DV cert, assuming it gets approved sooner, and then when we eventually work out the issue and get the preferred OV cert signed, then switch over to it. Thoughts? Thanks Huusoku
    0
  • cPRex Jurassic Moderator
    You could, or you could always use AutoSSL if that's an option. The OV certificates do take a while to complete all the validation they do.
    0
  • Huusoku
    You could, or you could always use AutoSSL if that's an option. The OV certificates do take a while to complete all the validation they do.

    Thank you again for the reply. Yes, we have AutoSSL and I've clicked the button from time to time over the years but after your reply I looked into this further and found the options to enable AutoSSL on our domains and to have it take over if our current cert expires in 3 days or less, and now the system is auto generating Let"s Encrypt" DV certs across our domains! WHEW. This is SUCH a relief, thank you so much!! Now no more extreme pressure to get the OV within 48 hrs. Will update the thread once we do get the OV cert installed with the reason for why tech support is required Regards, Huusoku
    0
  • cPRex Jurassic Moderator
    You're very welcome!
    0

Please sign in to leave a comment.