SSL certificate renewed but web is unsecure

Elizabeta

• April 15, 2025 12:30

Hello,

Certificate on my DnsOnly server expires, then renewed succesufully.
But web page is unsecure. Why?

Best regards,
Elizabeta

• 

  rbairwell

  • April 15, 2025 13:02

  What is the certificate error message when you access it? Is it something like net::ERR_CERT_DATE_INVALID (if so, your browser may have cached the old certificate), net::ERR_CERT_COMMON_NAME_INVALID (are you accessing the server by the hostname or IP address), net::ERR_CERT_AUTHORITY_INVALID or something else?

  Which web page are you talking about? Your own website, the WHM on the DNSOnly server (i.e. on port 2087) or something else?

  0
• 

  William Del Piero cPanel Staff

  • April 15, 2025 13:46
  • Edited

  Hi,

   

  If an SSL certificate was renewed on your DNS Only server it was likely the hostname certificate for the cPanel services as websites are normally not hosted on a DNS Only server. In order to determine why the website SSL isn't working properly, I recommend logging into the webserver that hosts the site and reviewing the AutoSSL logs (WHM > Manage AutoSSL > Logs) to see if AutoSSL is having trouble renewing the website's SSL certificate.

  0
• 

  Elizabeta

  • April 15, 2025 13:49

  Hello,
  
  William Del Piero thank you for your answer!
  
  The problem is with web page for access to DNS Only. Web page is not secure, but SSL certificate was renewed succesufully on DNS Only server.
  
  
  

  0
• 

  William Del Piero cPanel Staff

  • April 15, 2025 16:48

  Hi,

   

  Does the /usr/local/cpanel/bin/checkallsslcerts script produce any errors? This script should detect if the hostname SSL is invalid and attempt to replace it. If that doesn't help, can you ensure that the URL you're using to access WHM/cPanel resolves directly to your DNS Only server?

  0
• 

  Elizabeta

  • April 16, 2025 12:14
  • Edited

  Hello,
  
  When I run /usr/local/cpanel/bin/checkallsslcerts I see some errors.
  I have a problem, DNSOnly doesn´t know for own record dns2.*h.*.*.*....
  But when I look in zone *h.*.*.* there is record dns2

  0
• 

  cPRex Jurassic Moderator

  • April 16, 2025 16:28

  Can you share the specific errors you're getting from the checkallsslcerts script?

  0
• 

  cPRex Jurassic Moderator

  • April 17, 2025 17:03

  Thanks for the additional details.  The current certificate is self-signed because Let's Encrypt wasn't able to issue a valid one through AutoSSL.  I'm not seeing anything obviously wrong with the DNS for the hostname, although we shouldn't be sharing hostnames or IP addresses on the Forum.

  It looks like the only option in this situation is to have the local system be the authoritative nameserver, as any HTTP checks will fail since there is no website on the DNSOnly machine.

  0
• 

  Elizabeta

  • April 18, 2025 05:56

  Hello,
  
  Do you recommend to install Let´s Encrypt plugin?
  
  Best regards,
  Elizabeta

  0
• 

  cPRex Jurassic Moderator

  • April 18, 2025 14:40

  No, as your cPanel server should have Let's Encrypt installed by default through us, with no external plugin necessary.  The only reason this wouldn't be the case is if your machine is on an older version of cPanel.

  0

Please sign in to leave a comment.