Cannot install ssl certificate

[screege]

Hi I am trying to renew my sll certificate via tustwave (which was xramp) as I have done everytime, purchase the certificate thru whm and install it, the thing is my certicate is issued and when clicking on the submit button to install it whm gives me this error:

Sorry, you must have a dedicated ip to use this feature for the user: sgx! If you are intending to install a shared certificate you must use the username "nobody" for security and bandwidth reporting reasons.
SSL Install aborted due to error.


If I put the user nobody the it gives me this error:

Modulus mismatch, key file does not match certificate. Please use the correct key file

and shows me both the key and crt file.

Can anyone please help me?

Thank you

 

[screege]

Never mind posted the .key that cpanel sent me and user nobody on user and it installed.

Thanks anyway

 

[avera]

I had this problem too.

Just for a heads up for anyone else having this problem. - I think that cpanel caches any old ssl keys you have had on your server. It's important that when you are installing your ssl, you use the key that whm/cpanel sent you by email.

Don't make the same mistake I did and assume that cpanel/whm will use the correct key - it doesn't.

 

[imaginarynumber]

I had this problem too.

Just for a heads up for anyone else having this problem. - I think that cpanel caches any old ssl keys you have had on your server. It's important that when you are installing your ssl, you use the key that whm/cpanel sent you by email.

Don't make the same mistake I did and assume that cpanel/whm will use the correct key - it doesn't.

Thanks Avera

I kept getting mismatches until I followed your advice and pasted the key in manually

 

[cPanelMichael]

Hello

I would like to point out that we do not recommend installing SSL certificates on the "nobody" username. Ideally, you should obtain a dedicated IP address to ensure the certificate is installed properly. If you decide to install a certificate using the "nobody" username for one of your domain names, you should complete the following steps to ensure your domain name functions properly when using SSL:

1. Install the certificate using the "nobody" username
2. Edit the SSL file (ie: domain.com_SSL) for the domain name under /var/cpanel/userdata/nobody changing "nobody" to the username (for both group: and user: )
3. Move the file to /var/cpanel/userdata/username and delete the .cache file
4. Remove the domain from /var/cpanel/userdata/nobody/main
5. Run /scripts/rebuildhttpdconf

Thank you.

 

[cPanelTristan]

Additionally, you may well need to edit the homedir and documentroot fields to be that of the domain in the domain.com_SSL file.

For homedir, it should be /home/username for the cPanel account (where username is the cPanel username. For documentroot, it should be /home/username/public_html/pathtodomain for the domain being used where you only add pathtodomain if it is a subdomain or addon domain. If it is the account's main domain, simply using /home/username/public_html would be the correct path.

 

[OcalaDesigns]

Hello

I would like to point out that we do not recommend installing SSL certificates on the "nobody" username. Ideally, you should obtain a dedicated IP address to ensure the certificate is installed properly. If you decide to install a certificate using the "nobody" username for one of your domain names, you should complete the following steps to ensure your domain name functions properly when using SSL:

1. Install the certificate using the "nobody" username
2. Edit the SSL file (ie: domain.com_SSL) for the domain name under /var/cpanel/userdata/nobody changing "nobody" to the username (for both group: and user: )
3. Move the file to /var/cpanel/userdata/username and delete the .cache file
4. Remove the domain from /var/cpanel/userdata/nobody/main
5. Run /scripts/rebuildhttpdconf

Thank you.

You don't recommend using 'nobody' but whm forces you to install the ssl this way?? Why?

I have a dedicated IP for the user, and it still states "SSL install aborted due to error: Sorry, you must have a dedicated ip to use this feature for the user: MYUSERNAME! If you are intending to install a shared certificate you must use the username "nobody" for security and bandwidth reporting reasons."

Then I do it using 'nobody' and it works, but then I have to go and follow all the other instructions to make work under the user name?? Is this a flaw in the system or am I doing something wrong?

 

[cPanelTristan]

The current system requires a dedicated IP to install an SSL onto a cPanel account. While we are working on a system for SSL certificates to be installed as wildcards in the future without the user nobody being required, the current system does indeed function the way you are describing.

 

[cat1999]

Hello

I would like to point out that we do not recommend installing SSL certificates on the "nobody" username. Ideally, you should obtain a dedicated IP address to ensure the certificate is installed properly. If you decide to install a certificate using the "nobody" username for one of your domain names, you should complete the following steps to ensure your domain name functions properly when using SSL:

1. Install the certificate using the "nobody" username
2. Edit the SSL file (ie: domain.com_SSL) for the domain name under /var/cpanel/userdata/nobody changing "nobody" to the username (for both group: and user: )
3. Move the file to /var/cpanel/userdata/username and delete the .cache file
4. Remove the domain from /var/cpanel/userdata/nobody/main
5. Run /scripts/rebuildhttpdconf

Thank you.

Hi, I am having an issue with the above, I am not able to do the above successfully.
Is there any support to help me through the steps further?

Thanks

 

[cPanelTristan]

Could we see the contents of the file you've edited and be given the details of what has been done so far?

 

[Silent Ninja]

Sorry for reviving this old thread, but it would be awesome if when we add the SSL with a regular user (instead of nobody) and that user don't have a Dedicated IP, perhaps it should give us the chance to add it with this process automated (the change of nobody the document root and such), or to assign a dedicated IP to it, to do it normally.

This way there's no need for us to memorize these steps.

 

[egillette]

Sorry for reviving this old thread, but it would be awesome if when we add the SSL with a regular user (instead of nobody) and that user don't have a Dedicated IP, perhaps it should give us the chance to add it with this process automated (the change of nobody the document root and such), or to assign a dedicated IP to it, to do it normally.

This way there's no need for us to memorize these steps.

Typically, as long as the user you're attempting to install an SSL certificate for is one an IP alone (meaning the domain itself is on a specific IP that is not the server's main IP), installing the SSL certificate using the user instead of nobody works just fine.

The only time you'd have to install the certificate as "nobody" is if the domain is on the main server IP or on a shared IP.

However, even if you install the certificate using the user nobody on a shared or main server IP, if you're using mod_suPHP the files won't load anyway for the domain on the main IP, so you'd either have to go with the DSO option (less secure), or simply move the site to a unique IP.

I'll add however, that using mod_ruid2 is a way around this. . .it allows you to install the cert on the main/shared IP with the user nobody, and your files will still run, while you have mod_suPHP running. ;-)

Just my 3 cents. . .