Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

AutoSSL Revoked

Discussion in 'Security' started by Daniel Shakhmundes, Sep 20, 2017.

Tags:
  1. Daniel Shakhmundes

    Daniel Shakhmundes Registered

    Joined:
    Sep 20, 2017
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Canada
    cPanel Access Level:
    Root Administrator
    Hi folks, I have a cPanel/WHM server running in Google Cloud, using AutoSSL.

    It was fine for weeks, but suddenly I was unable to access WHM on the server hostname with HTTPS using Firefox, which stated the error "Peer’s Certificate has been revoked. Error code: SEC_ERROR_REVOKED_CERTIFICATE"…

    It works in Chrome…

    I tried diagnosing, only to find "Revocation status Revoked

    Any advice?
     
    #1 Daniel Shakhmundes, Sep 20, 2017
    Last edited by a moderator: Sep 20, 2017
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,803
    Likes Received:
    1,898
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. ottdev

    ottdev Well-Known Member

    Joined:
    Oct 1, 2013
    Messages:
    115
    Likes Received:
    3
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Did you resolve it?

    I had this happen last night as well.
    It started with Firefox stating the WHM/cpanel services cert was revoked. I could still get in using Chrome initially, but then the WHM was telling me the cPanel license was invalid [ but was okay per cPanel & WHM License Verification | cPanel Inc. ]. Then Chrome stopped letting me in as well and SSL Labs also reported the cert was revoked.

    What happened was the hostname went bad after a reboot. It no longer matched the hostname on the license; so all got invalidated?
    Fixing the hostname, then generating and installing a new cPanel/Comodo cert onto the services and running /usr/local/cpanel/cpkeyclt fixed the revocation error and the cPanel license error.

    Now we need to find out where the bad hostname is coming from because it went bad several weeks ago as well and I thought it was a fluke. It was noticed right away though, so SSL and license were unaffected that time. It's correct in WHM "Change hostname" and also in host's admin panel (it's a Virtuozzo VPS). It's correct in the file /etc/sysconfig/network

    Where else can hostname be set - or where is it pulled from at reboot time - it's CentOS 7.4 and WHM v currently 66.0.26

    PTR record was and is correct. It's not some random or default hostname coming back - what's happening is the hostname is for example - city.myhostdomain.tld - well it reboots and comes back up with just the word city as the hostname. It caused outgoing email rejections as well because it's not a FQDN.
     
    #3 ottdev, Oct 21, 2017
    Last edited: Oct 21, 2017
  4. cPAusaf

    cPAusaf Linux Technical Analyst II
    Staff Member

    Joined:
    Aug 24, 2016
    Messages:
    25
    Likes Received:
    1
    Trophy Points:
    78
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Virtuozzo controls the hostname via VPS configuration (the --hostname parameter of the vzctl or prlctl commands). If you set Virtuozzo manually from inside the VPS, Virtuozzo will reset the hostname on the next reboot.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,803
    Likes Received:
    1,898
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    Note that internal case CPANEL-12824 in cPanel 68.0.16 will prevent hostname changes from causing this issue in the future by deferring the revocation of old hostname certificates until the new hostname passes domain control validation:

    Fixed case CPANEL-12824: Defer revocation of old hostname cert until new hostname passes DCV.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice