Using seperate SSL cert for domain using shared doc root
Hello, I've had so many issues with cPanel AutoSSL that I decided to buy 2x SSL certificates that are NOT provided by Let's Encrypt. These are covered for a year at a time rather than the 90 day and fail to renew experienced using AutoSSL. Having correctly installed my new certs I am facing the issue where every time I go to "manage ssl hosts" and "install ssl website" on the opposite one of my two domains, I get the following problem (below); ssl cert will only cover either domain, but not both! I have a ssl wildcard cert for domain "example.co.uk" which covers .*example.co.uk, and another non-wildcard cert for domain "example.uk". I think the issue might be something to do with example.uk using shared document root of example.co.uk.
--
SSL Certificate Successfully Updated
You have successfully updated the SSL website’s certificate.
The SSL website is now active and accessible via HTTPS on this domain:
example.uk
The SSL website is also accessible via these domains, but the certificate does not support them. Web browsers will show a warning when accessing these domains via HTTPS:
example.co.uk
mail.example.co.uk
mail.example.uk
The SSL certificate also supports this domain, but this domain does not refer to the SSL website mentioned above:
Click “OK” to reload this page.
--
Please help as this is driving me nuts!
-
Hey there! What certificate did you buy? There is no way to use multiple certificates on one vhost, so I'm not sure why you would have purchased multiple certificates.
What specific issue were you hoping to resolve with multiple certificates?
0 -
Hi cPRex
Thanks for your reply.
I purchased 1x Wildcard SSL cert eg. *.example.co.uk to cover secure.example.co.uk, mail.example.co.uk etc, and another 1x Regular SSL to cover example.uk, and www.example.uk. Note the difference in TLD's, I have two seperate domains .co.uk and .uk. I needed .uk to use .co.uk's doc root as they're effectively the same site.
The issue I have is that AutoSSL continually fails to renew at the expiry of an SSL, hence my solution to buy them instead! Now AutoSSL had previously (a while back) managed to secure both *.example.co.uk and example.uk domains so I failed to see why it shouldn't be possible to do that myself with 2x non Let's Encrypt certs? I could not find a SSL cert that would cover all domains given one is wilcard and other is seperate domain, so I bought two different types.0 -
Thanks for the clarification. Unfortunately, your solution isn't going to work as that isn't how AutoSSL works either.
cPanel doesn't allow you to install multiple SSL on a single vhost. AutoSSL works by having one "main" domain on the certificate and the other domains added as SANs to it, which is how it can secure parks and addons on the same vhost with just one certificate.
It would likely be easier and cheaper in the long-term to figure out what the issue was with AutoSSL and just fix that.
0 -
Hi cPRex
Yes you are quite right, that now makes sense.
So just to clarify on why I could not use AutoSSL, and how I resolved the problem..
Issue:
1. AutoSSL failed to renew at the required expiry of old Let's Encrypt certificate, this has also occurred on other cPanel accounts I have hosted elsewhere. I have no idea why.
2. On visiting cPanel SSL Status page, renew button was stuck in perpetuity with "AutoSSL is in progress...". See screenshot.
Solution:
Being on a host with no SSH access to use commands or view logs etc, the only options I had was to:- Remove all existing SSL Hosts using "SSL/TLS > Manage SSL Hosts > Uninstall".
- Remove all existing Private Keys by going to "SSL/TLS > Private Keys > Generate, view, upload, or delete your private keys > Keys on Server > Delete".
- Remove any associated SSL DNS records here "Zone Editor >
1. _cpanel-dcv-test-record.example.co.uk. 14400 TXT _cpanel-dcv-test-record=1vd7v7dvaeyk6
2. _acme-challenge.example.co.uk. 14400 TXT 0qu5jrc1tx80x7qssuru
Delete". -
Next, using a bit of code hackery I used web browser's code inspector, usually called by pressing F12 on keyboard, to access the frozen "AutoSSL is in progress..." button's HTML:
Find and edit html..
OLD <button class="btn button-loading btn-primary" ng-class="ngClass()" ng-click="start()" id="btnRecheckAutoSSL" ng-if="initialAutoSSLCheckComplete" action-active="true" spinner-id="btnRecheckAutoSSL_spinner" cp-action="startUserAutoSSL()" style="" disabled="">NEW: <button class="btn button-loading btn-primary" ng-class="ngClass()" ng-click="start()" id="btnRecheckAutoSSL" ng-if="initialAutoSSLCheck" action-active="false" spinner-id="btnRecheckAutoSSL_spinner" cp-action="startUserAutoSSL()" style="">
Find and delete node..
<span class="button-label" ng-transclude=""><span> AutoSSL is in progress …</span></span> - Finally, after doing the last step, click on the now unlabelled blank AutoSSL button. This should now action renewal of any expired SSL certificates and return the button to its original state of "Run AutoSSL".
Having spent a day or so trying to figure this out, hopefull this will help someone else too! :)
0 - Remove all existing SSL Hosts using "SSL/TLS > Manage SSL Hosts > Uninstall".
-
Did you only have cPanel access to the account and not WHM access? If so, the *real* issue is likely that something isn't configured correctly on the host's side.
0 -
cPRex
Hi. I have a cPanel reseller hosting account, it has WHM access but it's missing all the bells and whistles to be able to properly manage everything. A bare-bone system would be an understatement! :O1
Please sign in to leave a comment.
Comments
6 comments