The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

auto resetting certificates

Discussion in 'Security' started by alpanhell, Nov 22, 2015.

  1. alpanhell

    alpanhell Registered

    Joined:
    Nov 22, 2015
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    dublin, ca
    cPanel Access Level:
    Website Owner
    Hello,

    I have a simple virtual server setup at a hosting company with mostly all the default features. I'm pretty new to this so haven't changed much.

    However, I wanted to have email security, so I created some self-signed certificates (using my host name) and installed them using cpanel/whm and "Manage Service SSL Certificates". I assigned my self-signed certs to all 4 services listed (ftp, exim, dovecot, calendar (this last includes Calendar, cPanel, WebDisk, Webmail, and WHM Services)) and hit Install. This asks me to restart the cpsrvd and once I do that everything works fine and my email client is happy.

    However, sometime (I can't say when for sure but it seems to happen daily) those certs get reset to the default installed certs which doesn't match the domain of my server which causes my email client to complain and fail when trying to send emails. After this happens, I go look in xpanel/whm and "Manage Service SSL Certificates" and see the self-signed certs I installed are gone and I have to do my install all over again. Once I do that install all over again my email works fine until the next day when I have the same problem again.

    What I was hoping someone could tell me is what is resetting those certs? and why? Hopefully that will help me figure out how to stop it happening.

    Thanks!
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,684
    Likes Received:
    654
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  3. alpanhell

    alpanhell Registered

    Joined:
    Nov 22, 2015
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    dublin, ca
    cPanel Access Level:
    Website Owner
    Thanks for replying! My self-signed certs match the domain name that is mapped to this server, but they don't match the actual hostname of the server. Would that be a problem? What would decide it's a problem and change the certs?
     
    #3 alpanhell, Nov 24, 2015
    Last edited: Nov 24, 2015
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,684
    Likes Received:
    654
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    It's currently by design that service SSL certificates are reset to match the hostname of the server. There's an open feature request to change this behavior at:

    Make automatic reset of Service SSL Certificates Configurable

    Please vote and add your feedback to this request.

    Thank you.
     
    alpanhell likes this.
  5. alpanhell

    alpanhell Registered

    Joined:
    Nov 22, 2015
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    dublin, ca
    cPanel Access Level:
    Website Owner
    Thank you very much, I changed my hostname and that fixed the problem! I would have NEVER figured this out without your help, thanks again!
     
  6. rotmax

    rotmax Registered

    Joined:
    Aug 6, 2007
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    does that means I can not use mail.myserver.com for my mail servers, unless my server hostname is mail.myserver.com?
     
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,684
    Likes Received:
    654
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    You can disable this automatic reset by creating the following file on cPanel version 56.0.13 and newer:

    Code:
    /var/cpanel/ssl/disable_service_certificate_management 
    However, keep in mind you will need to manually manage your service SSL certificates after creating this file.

    Thank you.
     
Loading...

Share This Page