Skip to main content

SSL Not working on WHM Anymore

Comments

37 comments

  • cPRex Jurassic Moderator

    Can you try the details mentioned here?

    https://support.cpanel.net/hc/en-us/articles/5208055750039-Old-hostname-shows-up-in-new-hostname-certificates

    If that doesn't work, you'll likely need to reach out to Contabo so they can get it fixed, or they can escalate the issue to us.

    1
  • Clinton Robbins

    This thread was helpful solving my recent issue with an EC2 instance.  I was running /usr/local/cpanel/bin/checkallsslcerts but was getting 400 error back from letsencrypt because it was trying to create a cert for a bunch of xxxx.xxxxxx.internal domains.

    Resetting hostname_history.json did the trick from the article mentioned. https://support.cpanel.net/hc/en-us/articles/5208055750039-Old-hostname-shows-up-in-new-hostname-certificates

    Thanks!

    1
  • cPRex Jurassic Moderator

    Hey there!  As long as your server is up to date, the hostname certificates are now issued by Let's Encrypt automatically.  We may need more details on the error you're seeing before we can help get this resolved.

    0
  • 360webfirm

    Its just showing an SSL and I get the not secure message when first going there. Meanwhile, all domains and such use Let’s Encrypt no issues on this server.

    0
  • 360webfirm

    NOt Showing SSL sorry for webhost manager login (WHM), everythign else like domains on that server no issues.

    0
  • 360webfirm

    said it expired with the email I got.

     

    The SSL certificate for “cpanel” on “xxx” expired. The system installed a new self-signed certificate to replace the expired certificate. 

    Issuer:

    cPanel, Inc.

    Key Size:

    2048

    Expires:

    Monday, April 1, 2024 at 11:59:59 PM UTC

    0
  • 360webfirm
    OS
    AlmaLinux v8.9.0 STANDARD kvm
    cPanel Version
    118.0.4
     
    all updated
    0
  • cPRex Jurassic Moderator

    What happens when you run /usr/local/cpanel/bin/checkallsslcerts?  That output should tell us why it isn't issuing a valid certificate for the hostname.

    0
  • 360webfirm

    this

     

    429 urn:ietf:params:acme:error:rateLimited (The request exceeds a rate limit) (Error creating new order :: too many certificates already issued for "contaboserver.net". Retry after 2024-04-02T19:00:00Z: see https://letsencrypt.org/docs/rate-limits/) at bin/checkallsslcerts.pl line 734.

    0
  • cPRex Jurassic Moderator

    Are you using a default hostname provided by Contabo?  If so, changing this to a more standard hostname would likely resolve the issue.  Otherwise, you'll need to reach out to your host to see if they can help with that ratelimit issue.

    0
  • 360webfirm

    No thats the problem, I am using a custom hostname pointed to one of the domains.  sub.domain.com as my hostname not Contabo.

    0
  • 360webfirm

    I have never had an issue with SSL for webhost after the initial set up when first getting any server until now.

    0
  • 360webfirm

    Cant contact C Panel support as the license is through Contabo, Contabo takes forever to get back to me even if they do, not sure they will do anything.  

    0
  • cPRex Jurassic Moderator

    The server doesn't seem to think that is the case for some reason.  If you run the "hostname" command on the machine, does that show the correct hostname in the output?  Does the top banner in WHM also show the expected hostname?

    0
  • 360webfirm

    it shows my custom domain.

    0
  • 360webfirm

    thats what I dont get as I use custom Hostname as I have always used without issues and until I started to use Let’s Encrypt, never had an issue until Sectigo would not work at times then I switched

    0
  • 360webfirm

    “xxx.xxx” failed DCV. Cannot proceed.

    0
  • cPRex Jurassic Moderator

    But still for the wrong hostname?

    0
  • 360webfirm

    no I dont think so, see here

     

    The system failed to validate domain control for the domain “whm.xxx.xxx.ca” using the “DNS” DCV method: 400 urn:ietf:params:acme:error:dns (There was a problem with a DNS query) (DNS problem: SERVFAIL looking up CAA for xxx.ca - the domain's nameservers may be malfunctioning)

    0
  • cPRex Jurassic Moderator

    Hey, that's progress!

    Now, run this against the hostname:

    /scripts/cpdig host.yourdomain.com A

    and see if that shows the correct IP for the hostname.

    0
  • 360webfirm

    NOPE!

     

    0
  • 360webfirm

    what happened there that is so weird, how the heck does this dhow wrong server IP

    what do I need to do to fix this?

    0
  • cPRex Jurassic Moderator

    So that's the issue then - cPanel thinks the DNS is broken for your hostname.

    Do you see *anything* out of place for the domain (not the subdomain) when scanning it with a tool like intodns.com? 

    0
  • 360webfirm

    NO all shows correct DNS, the code above I run just as right, I dont change hostname or anything?

     

    /scripts/cpdig host.yourdomain.com A
    0
  • 360webfirm

    I had a secondary IP on here before but I removed and just used the one main server IP, wonder if thats the problem but the hostname still should use the main server IP, not the add on IP

    0
  • 360webfirm

    How can I fix this?

     

    0
  • cPRex Jurassic Moderator

    You would need to run the code with your hostname in place of the example.

    0
  • 360webfirm

    I just got that duh, I am so sorry, had no sleep lasty night lol,

    YES, correct IP for hostname

    0
  • 360webfirm

    so Hostname is correct, IP is correct, why is this not working..

    0
  • 360webfirm

    OK well thank you for your time and for trying, really appreciate it.  Your always here and always help :)

    0

Please sign in to leave a comment.