Skip to main content

Auto SSL supported devices and web browser versions

Comments

14 comments

  • quietFinn

    If your website does NOT have dedicated IP it could be because of SNI.

    https://docs.cpanel.net/knowledge-base/security/guide-to-ssl/#sni-support

     

    0
  • udayasl

    My VPS has dedicated IP

    0
  • udayasl

    cPRex can you please suggest me a solution

    0
  • quietFinn

    Go to WHM -> SSL/TLS -> Manage SSL Hosts
    there is a column "Is SNI Required?"
    Is it Yes or No for your website?

     

     

    0
  • udayasl

    It shows No

    Is it due to use of same IP address for 3 websites?

    0
  • cPRex Jurassic Moderator

    Hey there!  I can't say for sure what is happening on the cPanel website, but I can confirm that my personal sites I tested that use AutoSSL show the same warnings as your results, so I don't believe there is anything here that is not working as intended.

    All of the items that are showing up red here are older browsers that are no longer supported even by their operating system vendor.  For example, Safari 8 was released in 2014, and we're now on version 18.

    I'm assuming we have some custom tools to gain that support, but it likely isn't worth the risk to most normal customers.  If you scan Google you'll see they have TLS 1.0 enabled to provide support for some of those browsers, but I wouldn't recommend doing that on a "normal" machine.

    You can find some additional details here:

    https://support.cpanel.net/hc/en-us/articles/1500005420242-How-to-Enable-TLS-1-0-1-1-support-for-CloudLinux-8-AlmaLinux-8-or-Rocky-Linux-8-in-Exim

    0
  • udayasl

    Thank you for the clarificatiom. Now I know it's a normal state.

    Additionally when I saw this report at very first, I asked it from ChatGPT and it said me to install mod_ssl for Apache, so I did that.

    May I uninstall / remove mod_ssl as it's not relevant to this?

    0
  • cPRex Jurassic Moderator

    I wouldn't recommend installing or adjusting anything related to SSL packages on the system.  EasyApache already includes the mod_ssl package through our own system, which you can see here:

    # rpm -qa | grep -i mod_ssl
    ea-apache24-mod_ssl-2.4.62-1.el8.cloudlinux.x86_64

    I would *carefully* remove that mod_ssl package you installed, making sure it doesn't remove any dependencies on the system that are needed by cPanel.

    0
  • udayasl

    How can I carefully remove that?

    I only ran this command to install it, but didn't do any configuration things.

    dnf install mod_ssl -y

    0
  • cPRex Jurassic Moderator

    I would do this:

    rpm -e --nodeps mod_ssl

    and ensure that runs normally.

    0
  • udayasl

    I ran following commands including yours, and got this result, is it ok?

    [root@bepositive ~]# dnf list installed | grep mod_ssl
    ea-apache24-mod_ssl.x86_64                                  2.4.62-3.5.1.cpanel                          @EA4-c8
    [root@bepositive ~]# rpm -e --nodeps mod_ssl
    error: package mod_ssl is not installed
    [root@bepositive ~]#
    0
  • cPRex Jurassic Moderator

    That looks good - that indicates there is no other mod_ssl package other than the one we provide, which is how it should be.

    0
  • udayasl

    Thank you!

    0
  • cPRex Jurassic Moderator

    You're very welcome!

    0

Please sign in to leave a comment.