Skip to main content

Multiple SSL Certificate issues and possible solution

Comments

8 comments

  • Trademark

    I decided to go ahead and delete all the cPanel, Inc. certificates and matching keys and rerun AutoSSL, but unfortunately most of the issues listed above still persist. Specifically choices to the include/exclude still aren't updating after running AutoSSL, Force HTTPS Redirect for my Main Domain is still Off and greyed out and the Common Name for the certificate is still wrong.

    @cPRex Any ideas on how to go about fixing this? It looks to be same issue as this post . Could be a problem with the custom Apache templates. Is there a guide on how to do this fix myself?

    0
  • cPRex Jurassic Moderator

    Hey there!  I'll go through and answer these in order:

    1 - This sounds normal to me.  Unless an SSL is being renewed, checking the boxes there isn't going to change anything in the current certificate.  This will just change what happens the next time it is renewed.

    2 - That one is odd for sure...but seems related to 3...

    3 - Deleting the certificates and starting fresh was the best plan for sure, and I would have expected that to resolve all the issues you mentioned.  Do you have root access to the server or only access to your one cPanel account?

    0
  • Trademark

    Hi @cPRex. Thanks for the reply.

    1) If I understand you correctly, I will need to delete the current Let's Encrypt certificate and regenerate it with AutoSSL for the changes to take effect? Does this happen fairly quickly? Just want to minimize the SSL error/downtime as it will have no certificate until new one is generated.

    2) In progress. Will re-evaluate after new certificate is generated.

    3) I have full root access to this server.

    4) Subject: CN This one is annoying. Maybe will change with the new certificate as well. Thinking I may need to reach out to Let's Encrypt support to get this corrected.

    Just to verify, I only deleted the cPanel, Inc. certificates and left the Let's Encrypt intact, but your recommendation is to delete it as well so fresh ones are created. That sounds like a good plan. Look forward to your reply.

    0
  • cPRex Jurassic Moderator

    1 - Yes, if all goes well it should happen within a few seconds after you execute the AutoSSL run for the user.  I'd just delete all the certificates on the account.

    4 - Ultimately, does the common name line cause an issue?  If so, I'd like to hear about it.  I don't think Let's Encrypt is going to change anything on their end, but if this is causing some type of usability issue I'd like to know.

    0
  • Trademark

    1) New certificate generated and it honored my changes for the include exclude. Resolved.


    2) No change. Still can't activate Force HTTPS Redirect for my Main Domain.


    3) Resolved.


    4) I now have a new Common Name, but it seems like a totally random choice. It is again one of my parked domains instead of the Main Domain. This is only cosmetic, but gives a bad look when clicking on the padlock in a browser and the domains don't match as well as ssllabs showing the parked domain for Subject and Common name. I would really like to know why this happens and how to fix it.

    0
  • cPRex Jurassic Moderator

    For #2, could you submit a ticket?  That's one of those "it should just work" items once the SSL is in place.

    As for the common name, it's always been random and I don't have a way to fix that one.

    0
  • Trademark

    Thanks, I'll submit a ticket.

    As for the common name, I will be reaching out to the Let's Encrypt support forum to see if there are any tricks to selecting it manually. If I do find out anything I will post it here.

    @cPRex Really appreciate the help and guidance.

    0
  • cPRex Jurassic Moderator

    Sure thing - always happy to help!

    0

Please sign in to leave a comment.