Skip to main content

Missing SSL certificate on DNSOnly

Comments

16 comments

  • Elizabeta
    Hello, I checked validity (click about certificate on the page) Best regards, Elizabeta
    0
  • cPRex Jurassic Moderator
    Hey there! Can you get me more details on what you mean when you say the certificate is missing? In your screenshot, I can see the padlock in the URL bar, indicating the page is SSL secured.
    0
  • Elizabeta
    Hello, When I click on a web link appears Connection not secure It looks like the certificate is not valid. BR, Elizabeta
    0
  • cPRex Jurassic Moderator
    If you click the right arrow in that screenshot does it give you more data about the connection?
    0
  • SimpleSonic
    Can you run the following command and tell us the output? /usr/local/cpanel/bin/checkallsslcerts
    0
  • Elizabeta
    Hello, There is output of the command [root@dns ~]# /usr/local/cpanel/bin/checkallsslcerts The system will check for the certificate for the "cpanel" service. The system will attempt to replace the self-signed certificate for the "cpanel" service with a signed certificate from the cPanel Store. The system will attempt to install a certificate for the "cpanel" service from the system ssl storage. None of the certificates in the system ssl storage were acceptable to use for the "cpanel" service. The system will attempt to install a certificate for the "cpanel" service from the cPanel store. [WARN] The system failed to acquire a signed certificate from the cPanel Store because of the following error: The system failed to acquire a signed certificate from the cPanel Store. ({"domain_details":null,"status":"revoked","status_details":null,"status_message":"Stale CSR"}) The system will check for the certificate for the "exim" service. The system will attempt to replace the self-signed certificate for the "exim" service with a signed certificate from the cPanel Store. The system will attempt to install a certificate for the "exim" service from the system ssl storage. None of the certificates in the system ssl storage were acceptable to use for the "exim" service. Best regards, Elizabeta
    0
  • cPRex Jurassic Moderator
    Can you try running this command on the server? mv /var/cpanel/hostname_cert_csrs{,.cpbkp} -v That will remove the state CSR and then you should be able to issue the certificate normally.
    0
  • Elizabeta
    Hello, This is output of the command [root@dns ~]# mv /var/cpanel/hostname_cert_csrs{,.cpbkp} -v "/var/cpanel/hostname_cert_csrs" -> "/var/cpanel/hostname_cert_csrs.cpbkp" @cPRex Maybe I should do mv /var/cpanel/hostname_cert_csrs.cpbkp -v BR, Elizabeta
    0
  • Elizabeta
    Hello, I run mv /var/cpanel/hostname_cert_csrs.cpbkp -v mv: missing destination file operand after "/var/cpanel/hostname_cert_csrs.cpbkp" Try 'mv --help' for more information.
    0
  • Elizabeta
    Hello, In directory [root@dns hostname_cert_csrs.cpbkp]# ls -la total 16 drwxr-xr-x 2 root root 24 Sep 25 03:41 . drwx--x--x. 97 root root 8192 Nov 15 10:25 .. -rw------- 1 root root 1223 Sep 25 03:41 2625482447 Can I just remove file 2625482447 ?
    0
  • quietFinn
    This command mv /var/cpanel/hostname_cert_csrs{,.cpbkp} -v moves directory /var/cpanel/hostname_cert_csrs/ to /var/cpanel/ hostname_cert_csrs.cpbkp that is just making a backup of that directory, you will not really need it or use it. after that you can run command: /usr/local/cpanel/bin/checkallsslcerts and that should install a new certificate.
    0
  • Elizabeta
    Hello, I run [root@dns ~]# mv /var/cpanel/hostname_cert_csrs{,.cpbkp} -v mv: cannot stat "/var/cpanel/hostname_cert_csrs": No such file or directory /usr/local/cpanel/bin/checkallsslcerts The system will check for the certificate for the "cpanel" service. The system will attempt to replace the self-signed certificate for the "cpanel" service with a signed certificate from the cPanel Store. The system will attempt to install a certificate for the "cpanel" service from the system ssl storage. None of the certificates in the system ssl storage were acceptable to use for the "cpanel" service. The system will attempt to install a certificate for the "cpanel" service from the cPanel store. Setting up HTTP DCV (/usr/local/apache/htdocs/.well-known/pki-validation/1AFA994D8D4564FFB0E6EA10F38D67D6.txt) " " complete. Setting up DNS DCV for "dns.wh.tel.net.ba" " " complete. Attempting DNS DCV preflight checks " dns.wh.tel.net.ba: DNS DCV OK www.dns.wh.tel.net.ba: DNS DCV OK mail.dns.wh.tel.net.ba: DNS DCV OK cpanel.dns.wh.tel.net.ba: DNS DCV OK webmail.dns.wh.tel.net.ba: DNS DCV OK whm.dns.wh.tel.net.ba: DNS DCV OK cpcalendars.dns.wh.tel.net.ba: DNS DCV OK cpcontacts.dns.wh.tel.net.ba: DNS DCV OK Succeeded domains: 8 Failed domains: 0 Requesting certificate from cPStore " The cPanel Store returned an error (X::TemporarilyUnavailable) in response to the request "POST ssl/certificate/whm-license/90-day": We were unable to process your request. Please try again later. Undoing HTTP DCV setup (/usr/local/apache/htdocs/.well-known/pki-validation/1AFA994D8D4564FFB0E6EA10F38D67D6.txt) " " complete. Enqueueing undo of DNS DCV setup (CNAME _1afa994d8d4564ffb0e6ea10f38d67d6.dns.wh.tel.net.ba) " Undoing DNS DCV setup " " done. [WARN] The system failed to acquire a signed certificate from the cPanel Store because of the following error: (XID heg8g8) The cPanel Store returned an error (X::TemporarilyUnavailable) in response to the request "POST ssl/certificate/whm-license/90-day": We were unable to process your request. Please try again later. The system will check for the certificate for the "exim" service. The system will attempt to replace the self-signed certificate for the "exim" service with a signed certificate from the cPanel Store. The system will attempt to install a certificate for the "exim" service from the system ssl storage. None of the certificates in the system ssl storage were acceptable to use for the "exim" service. There is problem again. BR, Elizabeta
    0
  • Elizabeta
    Hello, I run again this command [root@dns ~]# /usr/local/cpanel/bin/checkallsslcerts The system will check for the certificate for the "cpanel" service. The system will attempt to replace the self-signed certificate for the "cpanel" service with a signed certificate from the cPanel Store. The system will attempt to install a certificate for the "cpanel" service from the system ssl storage. None of the certificates in the system ssl storage were acceptable to use for the "cpanel" service. The system will attempt to install a certificate for the "cpanel" service from the cPanel store. Setting up HTTP DCV (/usr/local/apache/htdocs/.well-known/pki-validation/764D4A8B71D25C8F4831B01196AC4C1D.txt) " " complete. Setting up DNS DCV for "dns.wh.tel.net.ba" " " complete. Attempting DNS DCV preflight checks " dns.wh.tel.net.ba: DNS DCV OK www.dns.wh.tel.net.ba: DNS DCV OK mail.dns.wh.tel.net.ba: DNS DCV OK cpanel.dns.wh.tel.net.ba: DNS DCV OK webmail.dns.wh.tel.net.ba: DNS DCV OK whm.dns.wh.tel.net.ba: DNS DCV OK cpcalendars.dns.wh.tel.net.ba: DNS DCV OK cpcontacts.dns.wh.tel.net.ba: DNS DCV OK Succeeded domains: 8 Failed domains: 0 Requesting certificate from cPStore " Order submitted. (Order item ID: 2686979607) The system will check for the certificate for the "exim" service. The system will attempt to replace the self-signed certificate for the "exim" service with a signed certificate from the cPanel Store. The system will attempt to install a certificate for the "exim" service from the system ssl storage. None of the certificates in the system ssl storage were acceptable to use for the "exim" service. The cPanel Store is processing the hostname certificate request. The system will check the cPanel Store again the next time that "/usr/local/cpanel/bin/checkallsslcerts" runs. But when I open link on the web There is a problem again. BR, Elizabeta
    0
  • cPRex Jurassic Moderator
    That output looks good, but doesn't indicate that the install completed: "The cPanel Store is processing the hostname certificate request." It's been a few hours since your post, is a new SSL not installed?
    0
  • Elizabeta
    Hello, @cPRex now is everything ok. Thank you very much for your help. Best regards, Elizabeta
    0
  • cPRex Jurassic Moderator
    I'm glad to hear things worked well!
    0

Please sign in to leave a comment.