SSL-Certificate changed for EXIM every day

curana

• May 01, 2016 03:57

Hi, We are running cPanel WHM 56.0 (build 9) and am facing the following issue for a few days now: Our Emailserver has a SSL certificate installed (RapidSSL). This matches the hostname of the email server and works fine. However for a few days cPanel replaces this certificate by a self-signed certificate every night. Then the clients receive a "Server name mismatch" error in Outlook. When I set the certificate back to the RapidSSL certificate, it works. How can I stop cPanel to replace the certificate every night? Thanks for help!

• 

  0884094

  • May 02, 2016 11:12

  Same problem here (actually worse, it is overwriting all our certs every day). I believe this is a new feature in v56, as per The cPanel Market Provider, and free hostname SSLs | cPanel Blog and the fix is to touch "/var/cpanel/ssl/disable_auto_hostname_certificate". I just ssh'ed in as root as ran: touch /var/cpanel/ssl/disable_auto_hostname_certificate Like you, we already had valid real SSL certificates assigned to our services (but using wildcard certs, not the exact literal hostname assigned to the server) and yet cPanel's nightly task was generating their own certs and replacing ours.

  0
• 

  curana

  • May 02, 2016 11:26

  This fixed it?

  0
• 

  Infopro

  • May 02, 2016 11:34

  This fixed it?

  
  The blog mentioned above, explains this:

  0
• 

  cPanelMichael

  • May 02, 2016 14:43

  Like you, we already had valid real SSL certificates assigned to our services (but using wildcard certs, not the exact literal hostname assigned to the server) and yet cPanel's nightly task was generating their own certs and replacing ours.

  
  Hello, A resolution for wildcard certificates was included in cPanel version 56.0.9: Implemented case CPANEL-5841: Wildcard certs that do not match the hostname should not be replaced. Thank you.

  0
• 

  0884094

  • May 02, 2016 18:22

  This fixed it?

  
  Hi curana, I expect this change will fix it, but I just researched/fixed the issue, so I have to wait a day or two to fully confirm. That said, it's a new documented feature doing what it's supposed to do, so I have high confidence that this is the fix you & I need.

  0
• 

  curana

  • May 02, 2016 19:06

  I applied it and will see tomorrow. Thanks for your help!

  0
• 

  curana

  • May 03, 2016 08:56

  Did it fix your Problem? For me seems it didnt.

  0
• 

  cPanelMichael

  • May 03, 2016 15:38

  Did it fix your Problem? For me seems it didnt.

  
  Hello, Would you mind opening a support ticket so we can take a closer look? You post the ticket number here so we can update this thread with the outcome. Thank you.

  0
• 

  0884094

  • May 04, 2016 23:22

  Did it fix your Problem? For me seems it didnt.

  
  Yes, my problem was fixed -- the SSL certs stopped changing on their own after I touched that file, and after I'd once again manually selected the correct certs at WHM > Manage Service SSL Certificates. We're running WHM 56.0 (build 9).

  0
• 

  curana

  • May 09, 2016 04:43

  They will fix it with CPANEL-6058 in the next release.

  0
• 

  cPanelMichael

  • May 09, 2016 15:14

  They will fix it with CPANEL-6058 in the next release.

  
  To clarify, that case is addressed with CPANEL-5951 in cPanel 56.0.13: Fixed case CPANEL-5951: /var/cpanel/ssl/disable_service_certificate_management disables checkallsslcerts. You can now use this touch file to disable the automatic replacement of the certificate. Thank you.

  0

Please sign in to leave a comment.