Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

AutoSSL After Web Host Migration

Discussion in 'Security' started by sli.studios, Jul 31, 2018.

  1. sli.studios

    sli.studios Registered

    Joined:
    Jul 14, 2015
    Messages:
    4
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Miami Beach
    cPanel Access Level:
    Reseller Owner
    I recently changed web hosting companies. Domains were issued AutoSSLs via Let's Encrypt on the previous web host, and will be expiring next month. The new web host offers AutoSSL via Comodo.

    **SCENARIO**

    cPanel 'Notices' based on WHM AutoSSL settings – cPanel > SSL/TLS Status > Various Domains / WHM > Manage AutoSSL > [Options]

    - WHM: Without [ ] Allow AutoSSL to replace invalid or expiring non-AutoSSL certificates checked
    - cPanel SSL/TLS Status Domain Notice:
    |-> Domain Validated
    |-> Expires on August 22, 2018. The certificate will not renew via AutoSSL because it was not issued via AutoSSL.


    - WHM: With [√] Allow AutoSSL to replace invalid or expiring non-AutoSSL certificates checked
    - cPanel SSL/TLS Status Domain Notice:
    |-> The certificate will renew via AutoSSL.


    QUESTIONS:
    • By checking [√] Allow AutoSSL to replace invalid or expiring non-AutoSSL certificates in WHM > Manage AutoSSL > [Options], will this override the currently installed Let's Encrypt SSL certificate for every domain/alias domain?
    • Is there a way to 'Force' certificate renewal? (as to force the new server to 'manage' SSLs going-forward, rather than wait for renewal)
    • Once AutoSSL is being generated by the new web hosting server, will newly-added Alias Domains be automatically included on the certificate?
      • On the previous web host, when a new Alias was added to cPanel, within an hour, it would be included in the SSL Certificate generated by Let's Encrypt without having to Renew the cert.
      • NOTICE -> The installed certificate does not cover this domain.
    • Can I DELETE the Let's Encrypt Certificate to force AutoSSL to generate a new one?

    If anyone has any experience with this, it would be greatly appreciated if you could provide some insight before I do something 'stupid'.

    Thanks,
    -scott
     

    Attached Files:

  2. cPanelLauren

    cPanelLauren Forums Analyst II
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    3,204
    Likes Received:
    228
    Trophy Points:
    173
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @sli.studios

    Checking this will override the currently installed certificate when it expires.

    The only way to do what you're requesting would be to remove the existing certificate which can be done by going to WHM>>SSL/TLS>>Manage SSL hosts and clicking delete next to the certificates you'd like to remove - this would depend on whether or not your reseller user has access to this UI. If not you can remove these from cPanel>>Security>>SSL/TLS -> Install and Manage SSL for your site

    If they're added after the certificate is provisioned AutoSSL should run again in an attempt to provide coverage for all domains so yes they should be covered under a new certificate encompassing all domains on the account.

    Yes, definitely this would resolve the issue if you'd like to remove the Let's Encrypt Certificate in favor of the cPanel Backed by Comodo certificate.

    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. sli.studios

    sli.studios Registered

    Joined:
    Jul 14, 2015
    Messages:
    4
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Miami Beach
    cPanel Access Level:
    Reseller Owner
    Hello @cPanelLauren, thank you for the reply! I think I'll go with the DELETE & Re-Issue option and see how it goes..

    FYI, I have root access to the server & software :)
     
  4. cPanelLauren

    cPanelLauren Forums Analyst II
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    3,204
    Likes Received:
    228
    Trophy Points:
    173
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @sli.studios

    Sounds like a good plan, I wasn't sure if you had root access as your Access level is set to Reseller Owner in your profile.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice