Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

All signed purchased SSL certificates replaced with self-signed versions

Discussion in 'Security' started by techguide, Aug 10, 2017.

  1. techguide

    techguide Member

    Joined:
    Aug 29, 2012
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Reseller Owner
    cpanel Support Request ID 8778891 opened. Did a server migration from 62.x to 64.0.36. One-time after migration, ALL signed purchased SSL certificates were replaced with self-signed versions, and many more "default" subdomains were added to existing accounts which weren't there previously, and there are a lot of self-signed certificates that showed up. Once a day now for three days, other functions like an upgrade from mysql-> mariadb10.1, and a system update, which have nothing to do with SSL certs, causes a subset of the signed certificates to regress back to the self-signed version, and I have to go through and select the signed certificate on each domain. Upon further investigation when re-applying the signed certificates, only certificates that are under "Apache" which is most of our certs, are the ones that are reverting. The few accounts we have with the certificate under the cpanel user account are not reverting. More important than just visiting websites and seeing the warning, users with email using SSL on the newest IOS and Android will stop connecting all together when a self-signed cert shows up; they can't get their email on the phone at all anymore (lots of support calls to verify this). Once we put the signed cert back on the domain/subdomain, the phones connect again with no problems. Some older phones still connect but the user gets the error about a certificate but they can accept and continue on. This is PITA to have to deal with this each day, hoping for a good resolution soon!
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,165
    Likes Received:
    1,371
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    I see we are currently assisting you with this issue as part of ticket number 8778891. I'll monitor this support ticket and update this thread with the outcome once it's complete.

    Thank you.
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,165
    Likes Received:
    1,371
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    To update, cPanel version 66 adds the following option to "WHM >> Tweak Settings":

    Generate a self signed SSL certificate if a CA signed certificate is not available when setting up new domains.

    Per it's description:

    When you create a new domain, cPanel will apply the best available certificate (CA signed); otherwise cPanel will apply a self-signed SSL certificate and request a new certificate via AutoSSL if it is enabled. Warning: If you disable this option, and a CA signed certificate is not available, when a user attempts to visit the newly created domain over https, the user will see the first SSL certificate installed on that IP address. Warning: If you enable this option and do not have a CA signed certificate or AutoSSL enabled, Google search results may point to the SSL version of the site with a self-signed certificate, which will generate warnings in the users’ browser. To avoid both of these concerns, we strongly recommend that you enable AutoSSL.

    This option would prevent the self-signed certificate installations referenced in the original post.

    Thank you.
     
Loading...

Share This Page