All certificates changed to Let's encrypt

mikopes

Registered
Jun 1, 2020
2
0
1
slo
cPanel Access Level
Website Owner
We have a server which hosts more than 100 different webpages on different domains.

From 30 May 2020 onwards, when visiting any domain on our server in a webbrowser, the webbrowser says that the domain is using a certificate issued by Let's encrypt (it says this on the small lock icon in the upper left corner of the webbrowser).

Before 30 May 2020, all the domains were using the correct certificate issued by Sectigo.

Do we need to do anything manually to change back the ssl certificates to Sectigo or will cpanel do this automatically with an update??
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,295
1,272
313
Houston
This is dependent on your selection of providers at WHM>>SSL/TLS>>Manage AutoSSL if you have Let's Encrypt Selected then you will only receive certificates from them and vice versa.
 

mikopes

Registered
Jun 1, 2020
2
0
1
slo
cPanel Access Level
Website Owner
Thx for the reply.

Do we need to run these commands:
/scripts/autorepair update_sectigo_cabundles
/usr/local/cpanel/bin/checkallsslcerts --force
/scripts/restartsrv_apache

as is stated here Root CA Certificate Expiration

? Will this change back the ssl certificates of our domains to Sectigo as they were before 30 may 2020?
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,295
1,272
313
Houston
No, like I said this is dependent on your provider selection. The Sectigo issue with CA bundles only affects certificates issued prior to May 1st. If you select Sectigo as your provider when certificates renew they will renew with Sectigo certificates. Furthermore the command /usr/local/cpanel/bin/checkallsslcerts --force will only change your hostname SSL not your domain's SSL's. If for some reason you need Sectigo SSL's you'd need to remove the SSL's currently installed and re-run AutoSSL through WHM to install new certificates once you've selected the Sectigo provider.
 

HostXNow_Chris

Well-Known Member
PartnerNOC
Jan 22, 2016
76
44
68
United Kingdom
cPanel Access Level
DataCenter Provider
Twitter
I noticed a bit of an issue where I had the Let's Encrypt plugin installed on the server and had AutoSSL from cPanel. Now that cPanel supports free SSLs, I removed the custom Let's Encrypt plugin to help prevent conflict.

It works fine with the SSLs provided by cPanel now.

If you don't want to use SSL from Let's Encrypt you could remove it and then run

Code:
/scripts/autorepair update_sectigo_cabundles
/usr/local/cpanel/bin/checkallsslcerts --force
/scripts/restartsrv_apache
 
  • Like
Reactions: cPanelLauren

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,295
1,272
313
Houston
I noticed a bit of an issue where I had the Let's Encrypt plugin installed on the server and had AutoSSL from cPanel. Now that cPanel supports free SSLs, I removed the custom Let's Encrypt plugin to help prevent conflict.

It works fine with the SSLs provided by cPanel now.

If you don't want to use SSL from Let's Encrypt you could remove it and then run

Code:
/scripts/autorepair update_sectigo_cabundles
/usr/local/cpanel/bin/checkallsslcerts --force
/scripts/restartsrv_apache
You shouldn't need the autorepair for new certificates. Just to repair certificates issued prior to May 1