SSL Not working on WHM Anymore
Good day.
I started to use Let’s Encrypt due to the continuing issues with Sectigo and now the WHM server itself is not working in SSL anymore. How can I force the SERVER itself to use SSL using Let’s Encrypt?
Thank you all for your help.
-
Can you try the details mentioned here?
If that doesn't work, you'll likely need to reach out to Contabo so they can get it fixed, or they can escalate the issue to us.
1 -
This thread was helpful solving my recent issue with an EC2 instance. I was running /usr/local/cpanel/bin/checkallsslcerts but was getting 400 error back from letsencrypt because it was trying to create a cert for a bunch of xxxx.xxxxxx.internal domains.
Resetting hostname_history.json did the trick from the article mentioned. https://support.cpanel.net/hc/en-us/articles/5208055750039-Old-hostname-shows-up-in-new-hostname-certificates
Thanks!
1 -
Hey there! As long as your server is up to date, the hostname certificates are now issued by Let's Encrypt automatically. We may need more details on the error you're seeing before we can help get this resolved.
0 -
Its just showing an SSL and I get the not secure message when first going there. Meanwhile, all domains and such use Let’s Encrypt no issues on this server.
0 -
NOt Showing SSL sorry for webhost manager login (WHM), everythign else like domains on that server no issues.
0 -
said it expired with the email I got.
The SSL certificate for “cpanel” on “xxx” expired. The system installed a new self-signed certificate to replace the expired certificate.
Issuer:
cPanel, Inc.
Key Size:
2048
Expires:
Monday, April 1, 2024 at 11:59:59 PM UTC
0 -
OSAlmaLinux v8.9.0 STANDARD kvmcPanel Version118.0.4all updated0
-
What happens when you run /usr/local/cpanel/bin/checkallsslcerts? That output should tell us why it isn't issuing a valid certificate for the hostname.
0 -
this
429 urn:ietf:params:acme:error:rateLimited (The request exceeds a rate limit) (Error creating new order :: too many certificates already issued for "contaboserver.net". Retry after 2024-04-02T19:00:00Z: see https://letsencrypt.org/docs/rate-limits/) at bin/checkallsslcerts.pl line 734.
0 -
Are you using a default hostname provided by Contabo? If so, changing this to a more standard hostname would likely resolve the issue. Otherwise, you'll need to reach out to your host to see if they can help with that ratelimit issue.
0 -
No thats the problem, I am using a custom hostname pointed to one of the domains. sub.domain.com as my hostname not Contabo.
0 -
I have never had an issue with SSL for webhost after the initial set up when first getting any server until now.
0 -
Cant contact C Panel support as the license is through Contabo, Contabo takes forever to get back to me even if they do, not sure they will do anything.
0 -
The server doesn't seem to think that is the case for some reason. If you run the "hostname" command on the machine, does that show the correct hostname in the output? Does the top banner in WHM also show the expected hostname?
0 -
it shows my custom domain.
0 -
thats what I dont get as I use custom Hostname as I have always used without issues and until I started to use Let’s Encrypt, never had an issue until Sectigo would not work at times then I switched
0 -
“xxx.xxx” failed DCV. Cannot proceed.
0 -
But still for the wrong hostname?
0 -
no I dont think so, see here
The system failed to validate domain control for the domain “whm.xxx.xxx.ca” using the “DNS” DCV method: 400 urn:ietf:params:acme:error:dns (There was a problem with a DNS query) (DNS problem: SERVFAIL looking up CAA for xxx.ca - the domain's nameservers may be malfunctioning)
0 -
Hey, that's progress!
Now, run this against the hostname:
/scripts/cpdig host.yourdomain.com A
and see if that shows the correct IP for the hostname.
0 -
NOPE!
0 -
what happened there that is so weird, how the heck does this dhow wrong server IP
what do I need to do to fix this?
0 -
So that's the issue then - cPanel thinks the DNS is broken for your hostname.
Do you see *anything* out of place for the domain (not the subdomain) when scanning it with a tool like intodns.com?
0 -
NO all shows correct DNS, the code above I run just as right, I dont change hostname or anything?
/scripts/cpdig host.yourdomain.com A
0 -
I had a secondary IP on here before but I removed and just used the one main server IP, wonder if thats the problem but the hostname still should use the main server IP, not the add on IP
0 -
How can I fix this?
0 -
You would need to run the code with your hostname in place of the example.
0 -
I just got that duh, I am so sorry, had no sleep lasty night lol,
YES, correct IP for hostname
0 -
so Hostname is correct, IP is correct, why is this not working..
0 -
OK well thank you for your time and for trying, really appreciate it. Your always here and always help :)
0
Please sign in to leave a comment.
Comments
37 comments