cPanel certificates self-signed?
Hi cPanel/all,
Are cPanel certificates self-signed?
My cPanel license is valid, my hostname is an FQDN (though I can't get to my server by hostname for some reason...), all looks okay? Secureserver.net is GoDaddy's of course.
Can anyone tell me why I see this? The cPanel Documentation implies that the cPanel cert is not self-signed?
IMAGE:
40971
I did search for related threads and some came close but they didn't mention their certs were self-signed by cPanel.
-
Hi, Do you have purchased SSL and installed on your server hostname ? 0 -
Hi SysSachin, I have an EV SSL for the domain that I want to host on my VPS, but not sure that will help me here. The way I understood it from the documentation was that as long as you have a valid FQDN and valid cPanel license, my VPS Services should get issued cPanel-signed SSL certificates? They don't appear to be signed correctly, or maybe they're not the cPanel issued certs? Manage Service SSL Certificates - Documentation - cPanel Documentation 0 -
The way I understood it from the documentation was that as long as you have a valid FQDN and valid cPanel license, my VPS Services should get issued cPanel-signed SSL certificates? They don't appear to be signed correctly, or maybe they're not the cPanel issued certs?
Hello, I recommend consulting with your hosting provider to determine if cPanel-signed hostname certificates are enabled for their VPS accounts. If so, it's possible this relates to the automatically generated hostname. Are you able to configure your hostname with a domain name that you control, as opposed to the one utilized by your hosting provider? For example, if you own domain.com, try setting the hostname to "server1.domain.com" and then running "/usr/local/cpanel/bin/checkallsslcerts" to see if the signed certificates are then generated. Thank you.0 -
Thanks Michael - I'll check with my VPS host to determine if cPanel-signed hostname certificates are enabled for their VPS accounts :) Tried what you said but I obviously have a misconfiguration somewhere. Not sure where though.. Would this error below be at the Namecheap Registrar-end or the VPS WHM-end? 41001 0 -
Hi Michael, Disregard the query above - It was a misconfiguration at the NameCheap end. Additionally, here's the resolution. It told me exactly what you said so you were right again haha. 41041 0 -
I spoke with one of the staff in the GoDaddy server chat and they said that free cPanel hostname certs are allowed, so the error in my previous post confounds me. Is there any more info from a cPanel point of view how to troubleshoot this further? GoDaddy additionally advised that the free cPanel services certs are "self-signed", but I thought they weren't supposed to be? Could this be confirmed? Thanks 0 -
Cert which cpanel provides are not self signed and if you wish you can read more about the cert provided by cPanel and Letencrypt in the below link Let's Encrypt vs. cPanel DV Certificates 0 -
Hi NixTree, I read your document. Thanks Any chance you'd know though why my services are getting self-signed certificates instead of the free cPanel ones I think I should be getting? 0 -
What is the cpanel version you are having at the moment ? If it is not the latest, then upgrade to the latest. Then you can try reset the cert and then see if that is showing proper certificate. 0 -
Hi NixTree, I'm afraid that my WHM/cPanel version is WHM 58.0 (build 28) which I believe is current, so I'm not sure that's why. I've got a fully qualified domain name as my hostname (srv.domain.com), but as per my first post in this thread it seems I'm not getting a proper signed certificate, it's a self-signed one and no matter how many times I click 'reset' it doesn't change that. The error I get when i run /usr/local/cpanel/bin/checkallsslcerts is that "The cPanel Store returned an error (X::PermissionDenied) in response to the request POST ssl/certificate/whm-license: free hostname certs are not allowed by this partner". According to GoDaddy, they are allowed, so would this be a PHP function that's disabled or maybe firewall or something else? I'm at a loss here, as I'm not sure where to look - whether it's even my VPS or the host node's issue too. Any guidance would be appreciated. 0 -
The error I get when i run /usr/local/cpanel/bin/checkallsslcerts is that "The cPanel Store returned an error (X::PermissionDenied) in response to the request POST ssl/certificate/whm-license: free hostname certs are not allowed by this partner". According to GoDaddy, they are allowed, so would this be a PHP function that's disabled or maybe firewall or something else? I'm at a loss here, as I'm not sure where to look - whether it's even my VPS or the host node's issue too.
Hello, You will not receive the cPanel-signed certificates when encountering that message. Please reach out to your provider again and paste the following message: "The cPanel Store returned an error (X::PermissionDenied) in response to the request POST ssl/certificate/whm-license: free hostname certs are not allowed by this partner".
Let them know this indicates that hostname certificates are disabled by the license provider. Thank you.0 -
Let them know this indicates that hostname certificates are disabled by the license provider. Thank you.
Hi Michael, Spent 40 minutes on the phone with GoDaddy server folks and they advised that the certificates "should" be allowed so they're not sure why I'd be seeing that. They actually told me to come back to cPanel and ask the question of how they can confirm hostname certificates and free cPanel certificates *are* allowed and whether there is a setting to disable them that they could look into. Do you think you could help me with that?0 -
They actually told me to come back to cPanel and ask the question of how they can confirm hostname certificates and free cPanel certificates *are* allowed and whether there is a setting to disable them that they could look into. Do you think you could help me with that?
Hello, This setting is configured in cPanel's Manage2 interface with the "Update Company Information" option: "Manage 2 Dashboard >> Company >> Update Company Information" Thank you.0 -
Thanks Michael! Using your post above I found the exact steps I'll need to give them on this Manage2 KB: How to Disable the cPanel Store as an SSL Certificate Provider in WHM I'm not sure if they'll be able to help me but at least I'll be able to confirm whether it has been blocked or not. I'll call them today and ask if they can investigate for me, then I'll update this thread with the outcome :) 0 -
Hi cPanelMichael, I called GoDaddy and after a short 20 minute call the support staff advised that he checked with all the departments he could that they do not allow free cPanel hostname certificates. They didn't confirm that the "Block servers with your company ID from getting free hostname certificates from the cPanel Store" checkbox in Manage2 was actually 'checked' because I'm not sure anyone in any of those departments knew how to get into it but I guess that answer will have to suffice. If anyone else reads this thread after trying to get free cPanel certs for services and are hosted with GoDaddy - Good luck. Looks like I'll have to buy my own certificate and sort that myself. 0 -
Hello @ItsMattSon, Thank you for updating us with the outcome. One alternative to consider is to create a subdomain under an existing account (e.g. cpanel.yourdomain.com) and then utilize the > Service Configuration >> Manage Service SSL Certificates". Keep in mind you may need to create an empty "/var/cpanel/ssl/disable_auto_hostname_certificate" file to avoid the automatic replacement of the certificate during updates: touch /var/cpanel/ssl/disable_auto_hostname_certificate
Thank you.0 -
Hi @cPanelMichael, Attempted to do that but not sure if I've done something wrong here. Is this simple to resolve? 0 -
Hello, Do you have any firewall rules blocking access to store.cpanel.net over port 443 on this system? Thank you. 0 -
Hello, Do you have any firewall rules blocking access to store.cpanel.net over port 443 on this system? Thank you.
Hi @cPanelMichael, Looks like you were right. It works now! ConfigServer Firewall had 443 in TCP inbound but not TCP outbound. Suspect it needs 443 TCP outbound open? If that's the case, would you expect the0 -
Hello, The following document is now updated to reflect the change with port 443: How to Configure Your Firewall for cPanel Services - cPanel Knowledge Base - cPanel Documentation Thank you. 0
Please sign in to leave a comment.
Comments
21 comments