Skip to main content

Hostname SSL Certificate name mismatch

Adwin Lui
Hello, We have a SSL Certificate name mismatch for our hostname. This is how we are setup: 2 Dedicated servers, one of which is Cloud, with the following hostnames: server.domainA.com cloud.domainA.com Using a browser, going to will redirect us to the primary site xyz.com on that server. Is it possible to prevent this and show a empty page instead? (multiple websites on this shared IP) Comodo's SSL Analyzer shows that the certificate for our cloud.domainA.com hostname belongs to that primary site xyz.com, hence the Mismatch. I ran AutoSSL checkall cmd using SSH but got no output
/usr/local/cpanel/bin/checkallsslcerts --verbose
In WHM > AutoSSL, Logs > no log for this latest command run using SSH In /usr/local/cpanel/logs/error_log:
[2017-04-17 10:02:59 -0700] info [xml-api] Loading default httpupdate source [2017-04-17 10:02:59 -0700] info [xml-api] Syncing version information from httpupdate.cpanel.net/cpanelsync/TIERS.json [2017-04-17 10:02:59 -0700] info [xml-api] Successfully verified signature for cpanel (key types: release). ==> cpsrvd 11.62.0.21 started ==> cpsrvd: loading security policy....Done ==> cpsrvd: Setting up SSL support ... Done ==> cpsrvd: transferred port bindings ==> cpsrvd: bound to ports ==> cpsrvd 11.62.0.21 started ==> cpsrvd: loading security policy....Done ==> cpsrvd: Setting up SSL support ... Done ==> cpsrvd: transferred port bindings ==> cpsrvd: bound to ports ==> cpsrvd 11.62.0.21 started ==> cpsrvd: loading security policy....Done ==> cpsrvd: Setting up SSL support ... Done ==> cpsrvd: transferred port bindings ==> cpsrvd: bound to ports ==> cpsrvd 11.62.0.21 started ==> cpsrvd: loading security policy....Done ==> cpsrvd: Setting up SSL support ... Done ==> cpsrvd: transferred port bindings ==> cpsrvd: bound to ports
In Manage Service SSL Certificates, there is already a Cpanel cert installed: Domains: [LIST]
  • cloud.domainA.com
  • www.cloud.domainA.com Issuer:cPanel, Inc. Key Size:2,048 bits (9baed34b ") Expiration:Apr 16, 2018 12:00:00 AM Please, how do I get the correct SSL certificate to show for our cloud.domainA.com hostname? Thank you all in advance.

    • Comments

    5 comments

    Date Votes
    • cPanelMichael
      Hello, It's important to note the difference between the hostname SSL certificate and the certificates installed for Apache. Information about the hostname SSL certificate is documented at: Free cPanel-Signed Hostname Certificate - cPanel Knowledge Base - cPanel Documentation Do you notice any error messages when regenerating the hostname SSL certificate? You can do so via the following command:
      /usr/local/cpanel/bin/checkallsslcerts --verbose
      Note that if you want to install this SSL certificate (once it's properly generated) for Apache so that your hostname loads over a secure URL in a web browser, then you'd need to install the cPanel-signed certificate via "WHM >> Install an SSL Certificate on a Domain". Thank you.
      0
    • Adwin Lui
      Hi Michael, thanks for check this out. From my understanding, the certificates installed for Apache are mainly for the Apache services like cpanel, webmail, etc logins... right? Running the command from the Cloud server ssh
      /usr/local/cpanel/bin/checkallsslcerts --verbose
      the command runs but returns nothing. Does this have anything to do with it: On the Main server WHM server.domainA.com WHM > SSL Storage Manager Top one: Friendly Name: server.******hosting.com and www.server.*****hosting.com ID: c0e27_cb57b_e1913f1c6379dd51cbd498e0978d82c7 Resource Type: User Account SSL Resource Bottom one: Friendly Name: 2,048 bits, created 3/20/17, 7:26 AM UTC ID: c9c98_c9bad_9257d914a111f98f0eb410f39bfaab51 Resource Type: User Account SSL Resource Still on the server.domainA.com WHM > Manage SSL Hosts But here is the cloud server cloud.domainA.com WHM > SSL Storage Manager If I go to Install SSL Certificate on a domain, here is what I see: on server.domainA.com And on cloud.domainA.com (cont'd) Do the self signed certificates interfere with the Cpanel ones? Thank you again Michael, your help is truly appreciated.
      0
    • cPanelMichael
      From my understanding, the certificates installed for Apache are mainly for the Apache services like cpanel, webmail, etc logins... right?

      No, Apache is it's own service and is what ensures the website content is loaded. The hostname SSL certificate is intended for other services (e.g. Exim, cPanel/WHM/Webmail, FTP).
      Using a browser, going to > Change Hostname" If it is, then browse to "WHM Home " Service Configuration " Manage Service SSL Certificates" and verify if the certificates installed for these services match the server's hostname. If so, check to see if any files exist to disable the free hostname SSL certificate generation:
      stat /var/cpanel/ssl/disable_service_certificate_management stat /var/cpanel/ssl/disable_auto_hostname_certificate
      Thank you.
      0
    • Adwin Lui
      Thank you very much Michael, sorry for my late reply. I confirm the correct hostnames are set for both servers. There are no Disable_ files present in /var/cpanel/ssl/ that may prevent auto ssl generation. I wish I could send you a pm with this private info, but I can't so here it is anyway could you please delete it later: We have ssl cert mismatch for our hostname: cloud.domain.tld The certificate mismatch is because of a client site which is set as Primary in Manage SSL Hosts. But I can't unselect it, because all accounts on this server are client accounts sharing the same IP. Our own business domain is on the main (non-cloud) server: server.domain.tld Additionally, still on cloud.domain.tld, in SSL Storage manager, we have multiple SSL certs for the hostname, is this OK so best cert may be chosen, or does it create a conflict? Best Regards
      0
    • cPanelMichael
      The certificate mismatch is because of a client site which is set as Primary in Manage SSL Hosts. But I can't unselect it, because all accounts on this server are client accounts sharing the same IP. Our own business domain is on the main (non-cloud) server: server.domain.tld

      There's a entry on this topic on our SSL FAQ document:
      0

    Please sign in to leave a comment.

    Didn't find what you were looking for?

    New post