The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Cannot install ssl certificate

Discussion in 'General Discussion' started by screege, Jul 22, 2010.

  1. screege

    screege Well-Known Member

    Joined:
    Aug 11, 2004
    Messages:
    186
    Likes Received:
    0
    Trophy Points:
    16
    Hi I am trying to renew my sll certificate via tustwave (which was xramp) as I have done everytime, purchase the certificate thru whm and install it, the thing is my certicate is issued and when clicking on the submit button to install it whm gives me this error:

    Sorry, you must have a dedicated ip to use this feature for the user: sgx! If you are intending to install a shared certificate you must use the username "nobody" for security and bandwidth reporting reasons.
    SSL Install aborted due to error.


    If I put the user nobody the it gives me this error:

    Modulus mismatch, key file does not match certificate. Please use the correct key file

    and shows me both the key and crt file.

    Can anyone please help me?

    Thank you
     
  2. screege

    screege Well-Known Member

    Joined:
    Aug 11, 2004
    Messages:
    186
    Likes Received:
    0
    Trophy Points:
    16
    Never mind posted the .key that cpanel sent me and user nobody on user and it installed.

    Thanks anyway
     
  3. avera

    avera Registered

    Joined:
    Jan 14, 2010
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    I had this problem too.

    Just for a heads up for anyone else having this problem. - I think that cpanel caches any old ssl keys you have had on your server. It's important that when you are installing your ssl, you use the key that whm/cpanel sent you by email.

    Don't make the same mistake I did and assume that cpanel/whm will use the correct key - it doesn't.
     
  4. imaginarynumber

    imaginarynumber Registered

    Joined:
    Jul 2, 2007
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1

    Thanks Avera

    I kept getting mismatches until I followed your advice and pasted the key in manually
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    I would like to point out that we do not recommend installing SSL certificates on the "nobody" username. Ideally, you should obtain a dedicated IP address to ensure the certificate is installed properly. If you decide to install a certificate using the "nobody" username for one of your domain names, you should complete the following steps to ensure your domain name functions properly when using SSL:

    1. Install the certificate using the "nobody" username
    2. Edit the SSL file (ie: domain.com_SSL) for the domain name under /var/cpanel/userdata/nobody changing "nobody" to the username (for both group: and user: )
    3. Move the file to /var/cpanel/userdata/username and delete the .cache file
    4. Remove the domain from /var/cpanel/userdata/nobody/main
    5. Run /scripts/rebuildhttpdconf

    Thank you.
     
  6. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Additionally, you may well need to edit the homedir and documentroot fields to be that of the domain in the domain.com_SSL file.

    For homedir, it should be /home/username for the cPanel account (where username is the cPanel username. For documentroot, it should be /home/username/public_html/pathtodomain for the domain being used where you only add pathtodomain if it is a subdomain or addon domain. If it is the account's main domain, simply using /home/username/public_html would be the correct path.
     
  7. OcalaDesigns

    OcalaDesigns Member

    Joined:
    Jun 10, 2011
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    You don't recommend using 'nobody' but whm forces you to install the ssl this way?? Why?

    I have a dedicated IP for the user, and it still states "SSL install aborted due to error: Sorry, you must have a dedicated ip to use this feature for the user: MYUSERNAME! If you are intending to install a shared certificate you must use the username "nobody" for security and bandwidth reporting reasons."

    Then I do it using 'nobody' and it works, but then I have to go and follow all the other instructions to make work under the user name?? Is this a flaw in the system or am I doing something wrong?
     
  8. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    The current system requires a dedicated IP to install an SSL onto a cPanel account. While we are working on a system for SSL certificates to be installed as wildcards in the future without the user nobody being required, the current system does indeed function the way you are describing.
     
  9. cat1999

    cat1999 Registered

    Joined:
    Oct 17, 2012
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Wellingborough, Northamptonshire, United Kingdom
    cPanel Access Level:
    Website Owner
    Hi, I am having an issue with the above, I am not able to do the above successfully.
    Is there any support to help me through the steps further?

    Thanks
     
  10. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Could we see the contents of the file you've edited and be given the details of what has been done so far?
     
  11. Silent Ninja

    Silent Ninja Well-Known Member

    Joined:
    Apr 18, 2006
    Messages:
    198
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Buenos Aires, Argentina
    Sorry for reviving this old thread, but it would be awesome if when we add the SSL with a regular user (instead of nobody) and that user don't have a Dedicated IP, perhaps it should give us the chance to add it with this process automated (the change of nobody the document root and such), or to assign a dedicated IP to it, to do it normally.

    This way there's no need for us to memorize these steps.
     
  12. egillette

    egillette Well-Known Member

    Joined:
    Jan 5, 2010
    Messages:
    68
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Orlando, FL
    cPanel Access Level:
    DataCenter Provider
    Typically, as long as the user you're attempting to install an SSL certificate for is one an IP alone (meaning the domain itself is on a specific IP that is not the server's main IP), installing the SSL certificate using the user instead of nobody works just fine.

    The only time you'd have to install the certificate as "nobody" is if the domain is on the main server IP or on a shared IP.

    However, even if you install the certificate using the user nobody on a shared or main server IP, if you're using mod_suPHP the files won't load anyway for the domain on the main IP, so you'd either have to go with the DSO option (less secure), or simply move the site to a unique IP.

    I'll add however, that using mod_ruid2 is a way around this. . .it allows you to install the cert on the main/shared IP with the user nobody, and your files will still run, while you have mod_suPHP running. ;-)

    Just my 3 cents. . .
     
Loading...

Share This Page