Skip to main content

New Service SSL Cert not installing due to missing CA Bundle

Thomas Kelly

Hi,

I got a warning over the weekend that the certificate for services did not install and expired. I received an email from cpanel with a new certificate, but when I try to install it I get the error 

Certificate verification failed! The system did not find the Certificate Authority Bundle that matches this certificate.
Contact “cPanel, LLC” to obtain the Certificate Authority Bundle for “cPanel ECC Domain Validation Secure Server CA 3”.

My cpanel is provided through Godaddy so I contacted them about this error. Godaddy said to contact cpanel. cpanel says that since I am not a direct customer I should contact godaddy. My ssl cert still wont install which is inconvenient to use the self-signed cert. How do I get the CA bundle?

Comments

4 comments

Date Votes
  • quietFinn

    What version of cPanel are you using?

    I found this:
    https://support.cpanel.net/hc/en-us/articles/26827479927959-AutoSSL-pulls-the-incorrect-CaBundle-when-installing-new-SSL-Certificates
    and this:
    https://support.cpanel.net/hc/en-us/community/posts/26884027819543-AutoSSL-not-renewing-SSL-certificates

     

    0
  • cPRex Jurassic Moderator

    Hey there!  I'm a bit confused as the certificates inside WHM >> Manage Service SSL Certificates should be issued automatically.  There shouldn't be anything you need to do through an email or through any manual means to get those working.

    Can you get me more details on this email you're receiving with the new certificate?  You should just be able to run "/usr/local/cpanel/bin/checkallsslcerts" to force a refresh of that SSL data, but it may also provide helpful output if there is an issue.

    0
  • Thomas Kelly

    I got an email with the certificate, but also it looks like it was installed in my list of certificates already. When I choose that certificate I get the error about missing the CA bundle. If I run the checkallsslcerts command I get the same error. I need the "cPanel ECC Domain Validation Secure Server CA 3" bundle because it appears cpanel is not downloading it properly when I try to install it. I have seen a few similar threads and people have posted the bundle certififcates, but the links are no longer valid.

    0
  • cPRex Jurassic Moderator

    The issue on a modern system is that the CA bundles are different across each server.  I just checked two test machines with valid hostnames and they each have a different bundle.  I could provide you with one, but I can't say for sure if it will work.

    It would be good to check the /usr/local/cpanel/logs/error_log file to see if there is anything shown there while the cert doesn't download properly.

    You can try this one to see if it's a match:

    -----BEGIN CERTIFICATE-----
    MIIFBTCCAu2gAwIBAgIQWgDyEtjUtIDzkkFX6imDBTANBgkqhkiG9w0BAQsFADBP
    MQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFy
    Y2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBYMTAeFw0yNDAzMTMwMDAwMDBa
    Fw0yNzAzMTIyMzU5NTlaMDMxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBF
    bmNyeXB0MQwwCgYDVQQDEwNSMTMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
    AoIBAQClZ3CN0FaBZBUXYc25BtStGZCMJlA3mBZjklTb2cyEBZPs0+wIG6BgUUNI
    fSvHSJaetC3ancgnO1ehn6vw1g7UDjDKb5ux0daknTI+WE41b0VYaHEX/D7YXYKg
    L7JRbLAaXbhZzjVlyIuhrxA3/+OcXcJJFzT/jCuLjfC8cSyTDB0FxLrHzarJXnzR
    yQH3nAP2/Apd9Np75tt2QnDr9E0i2gB3b9bJXxf92nUupVcM9upctuBzpWjPoXTi
    dYJ+EJ/B9aLrAek4sQpEzNPCifVJNYIKNLMc6YjCR06CDgo28EdPivEpBHXazeGa
    XP9enZiVuppD0EqiFwUBBDDTMrOPAgMBAAGjgfgwgfUwDgYDVR0PAQH/BAQDAgGG
    MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATASBgNVHRMBAf8ECDAGAQH/
    AgEAMB0GA1UdDgQWBBTnq58PLDOgU9NeT3jIsoQOO9aSMzAfBgNVHSMEGDAWgBR5
    tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAKG
    Fmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0gBAwwCjAIBgZngQwBAgEwJwYD
    VR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVuY3Iub3JnLzANBgkqhkiG9w0B
    AQsFAAOCAgEAUTdYUqEimzW7TbrOypLqCfL7VOwYf/Q79OH5cHLCZeggfQhDconl
    k7Kgh8b0vi+/XuWu7CN8n/UPeg1vo3G+taXirrytthQinAHGwc/UdbOygJa9zuBc
    VyqoH3CXTXDInT+8a+c3aEVMJ2St+pSn4ed+WkDp8ijsijvEyFwE47hulW0Ltzjg
    9fOV5Pmrg/zxWbRuL+k0DBDHEJennCsAen7c35Pmx7jpmJ/HtgRhcnz0yjSBvyIw
    6L1QIupkCv2SBODT/xDD3gfQQyKv6roV4G2EhfEyAsWpmojxjCUCGiyg97FvDtm/
    NK2LSc9lybKxB73I2+P2G3CaWpvvpAiHCVu30jW8GCxKdfhsXtnIy2imskQqVZ2m
    0Pmxobb28Tucr7xBK7CtwvPrb79os7u2XP3O5f9b/H66GNyRrglRXlrYjI1oGYL/
    f4I1n/Sgusda6WvA6C190kxjU15Y12mHU4+BxyR9cx2hhGS9fAjMZKJss28qxvz6
    Axu4CaDmRNZpK/pQrXF17yXCXkmEWgvSOEZy6Z9pcbLIVEGckV/iVeq0AOo2pkg9
    p4QRIy0tK2diRENLSF2KysFwbY6B26BFeFs3v1sYVRhFW9nLkOrQVporCS0KyZmf
    wVD89qSTlnctLcZnIavjKsKUu1nA1iU0yYMdYepKR7lWbnwhdx3ewok=
    -----END CERTIFICATE-----
    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post