All certificates changed to Let's encrypt

[mikopes]

We have a server which hosts more than 100 different webpages on different domains.

From 30 May 2020 onwards, when visiting any domain on our server in a webbrowser, the webbrowser says that the domain is using a certificate issued by Let's encrypt (it says this on the small lock icon in the upper left corner of the webbrowser).

Before 30 May 2020, all the domains were using the correct certificate issued by Sectigo.

Do we need to do anything manually to change back the ssl certificates to Sectigo or will cpanel do this automatically with an update??

 

[cPanelLauren]

This is dependent on your selection of providers at WHM>>SSL/TLS>>Manage AutoSSL if you have Let's Encrypt Selected then you will only receive certificates from them and vice versa.

 

[mikopes]

Thx for the reply.

Do we need to run these commands:
/scripts/autorepair update_sectigo_cabundles
/usr/local/cpanel/bin/checkallsslcerts --force
/scripts/restartsrv_apache

as is stated here Root CA Certificate Expiration

? Will this change back the ssl certificates of our domains to Sectigo as they were before 30 may 2020?

 

[cPanelLauren]

No, like I said this is dependent on your provider selection. The Sectigo issue with CA bundles only affects certificates issued prior to May 1st. If you select Sectigo as your provider when certificates renew they will renew with Sectigo certificates. Furthermore the command /usr/local/cpanel/bin/checkallsslcerts --force will only change your hostname SSL not your domain's SSL's. If for some reason you need Sectigo SSL's you'd need to remove the SSL's currently installed and re-run AutoSSL through WHM to install new certificates once you've selected the Sectigo provider.

 

[HostXNow_Chris]

I noticed a bit of an issue where I had the Let's Encrypt plugin installed on the server and had AutoSSL from cPanel. Now that cPanel supports free SSLs, I removed the custom Let's Encrypt plugin to help prevent conflict.

It works fine with the SSLs provided by cPanel now.

If you don't want to use SSL from Let's Encrypt you could remove it and then run

/scripts/autorepair update_sectigo_cabundles
/usr/local/cpanel/bin/checkallsslcerts --force
/scripts/restartsrv_apache

 

[cPanelLauren]

I noticed a bit of an issue where I had the Let's Encrypt plugin installed on the server and had AutoSSL from cPanel. Now that cPanel supports free SSLs, I removed the custom Let's Encrypt plugin to help prevent conflict.

It works fine with the SSLs provided by cPanel now.

If you don't want to use SSL from Let's Encrypt you could remove it and then run

/scripts/autorepair update_sectigo_cabundles
/usr/local/cpanel/bin/checkallsslcerts --force
/scripts/restartsrv_apache

You shouldn't need the autorepair for new certificates. Just to repair certificates issued prior to May 1