The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Can't get SSL Cert Installed

Discussion in 'General Discussion' started by rwoody, Nov 2, 2005.

  1. rwoody

    rwoody Member

    Joined:
    Jul 26, 2003
    Messages:
    24
    Likes Received:
    0
    Trophy Points:
    1
    I've been doing this for years and never had this kind of problem. I created a CSR in WHM for ordering a cert. Using this CSR to order the cert is creating a mismatch. I've been on the phone with the provider and they are telling me that per their system this is correct, nothing matches!! So I went into whm, created a new CSR and once again ordered the cert and we still have a mismatch. Now the one thing I've noticed here is that somehow, WHM created a "self signing" certificate. I didn't create it and I don't know how it magically appeared and I can find no where to remove it. The only place I see it is when generating a CSR it's there and it's there in the SSL manager, yet it is not there in the home directory of the site where I could delete it.

    I'm in a real crunch to get this done and I am just dumb founded as what could be creating this issue. By the way an added note: I am creating the SSL with "www" as the preface to the domain to try to "avoid" the ugly error messages as the site's cart config. file is set for "www".

    Any suggestions or enlightenment anyone can offer would be much appreciated.

    I have also just submitted a ticket to Cpanel, but I was hoping someone might have a quick answer for me.

    Thanks in advance for any help offered.
     
  2. budway

    budway Well-Known Member

    Joined:
    Apr 16, 2003
    Messages:
    186
    Likes Received:
    0
    Trophy Points:
    16
    And here I tought I was the only one with this problem...


    I also am having problems posting/installing a renewed cert.

    I even created a new csr and key to issue the crt.

    But still is giving miss-match when installing.
     
  3. budway

    budway Well-Known Member

    Joined:
    Apr 16, 2003
    Messages:
    186
    Likes Received:
    0
    Trophy Points:
    16
    Analising the error output I notice the key field output is blank while the crt field carry's the inserted .crt data/file.

    Mayble we should open a bug ticket.
     
  4. bp1942

    bp1942 Member

    Joined:
    Apr 1, 2004
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    ... And me, too. Glad to see your post.

    I created a new csr, deleted everything and then started all over 4 times with the same result being a mismatch. I've done this several times before also, with no problems at all; now my deadline for renewal is getting to be too close for comfort.
     
  5. budway

    budway Well-Known Member

    Joined:
    Apr 16, 2003
    Messages:
    186
    Likes Received:
    0
    Trophy Points:
    16
    At least you didn't remove/delete your old ssl cert. to install the new one.
    (I only did to avoid any problems our errors)

    I actually generated a new cert. request sign. and did the renew again with and also with new key and still no good.

    I have a support ticket that is getting responses pretty fast... (that's good) :)
     
  6. easyhoster1

    easyhoster1 Well-Known Member

    Joined:
    Sep 25, 2003
    Messages:
    659
    Likes Received:
    0
    Trophy Points:
    16
    I had the same problem a few months ago, looks like during a nightly upcp it removed openssl. See if it exist, if not reinstall it and try again.
     
  7. budway

    budway Well-Known Member

    Joined:
    Apr 16, 2003
    Messages:
    186
    Likes Received:
    0
    Trophy Points:
    16
    I was talking to support and they reminded me that the SSL cert Company has to send the key true e-mail.

    (Yeah I actually forgot about this), but no e-mail with the key was received...
     
  8. easyhoster1

    easyhoster1 Well-Known Member

    Joined:
    Sep 25, 2003
    Messages:
    659
    Likes Received:
    0
    Trophy Points:
    16
    No, the key is suppose to be generated when you create the CSR. It is suppose to stay on the server. You only submit the CSR (Certificate Siging Request) to the SSL company. They are suppose to only send the SSL Certificate.

    Check to make sure the key is on the server through the SSL Manager.
     
  9. budway

    budway Well-Known Member

    Joined:
    Apr 16, 2003
    Messages:
    186
    Likes Received:
    0
    Trophy Points:
    16
    Well no e-mail was sent from the server to me with the private key I have checked this and last key generation was sent by the server to the e-mail on the csr contact....
     
  10. rwoody

    rwoody Member

    Joined:
    Jul 26, 2003
    Messages:
    24
    Likes Received:
    0
    Trophy Points:
    1
    Fixed SSl Install

    I'm not sure what was going on, but I put in a support ticket and the folks at Cpanel finally got it installed. I sent them all the keys... RSA, CSR and the Cert.
     
  11. budway

    budway Well-Known Member

    Joined:
    Apr 16, 2003
    Messages:
    186
    Likes Received:
    0
    Trophy Points:
    16
    I belive there is some bug on the ssl install true cpanel side (Client login).

    They told me they installed ok true WHM.. (Just a head's up for all you guys)
     
  12. rwoody

    rwoody Member

    Joined:
    Jul 26, 2003
    Messages:
    24
    Likes Received:
    0
    Trophy Points:
    1
    Same problem... back again - SSL Key Mismatch

    I originally posted this issue back in November/05 - here I am again. :( Back in Nov. Cpanel support installed my cert, but when I asked how they got it to work , I did not receive an answer.

    Now here I am again, another SSL to install for a customer and no joy... I'm just pulling my hair out over this. This used to be a snap... now no matter what I do I get a key mismatch.

    Has anyone figured out exactly how to get these in without Cpanel support doing it for you? Bless their hearts that they take care of it when they have time to get to it, but when a customer is waiting, it's a bit frustrating that I can't take care of a formerly simple task right away.

    Hopefully someone has a solution :confused:

    PROBLEM SOLVED - I'm a bit embarrassed as I didn't catch this at all. For some reason the when the last three or four RSA keys were emailed to me by the system, the lines of encryption were wrapped starting at the top. In other words a return needed to be placed after ------Start RSA Key. It was simply a format error. Once I corrected it all went in just fine.

    Garbage in... Garbage out..lol
     
    #12 rwoody, Mar 11, 2006
    Last edited: Mar 30, 2006
  13. handsonhosting

    handsonhosting Well-Known Member

    Joined:
    Feb 17, 2002
    Messages:
    151
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Omaha, NE
    cPanel Access Level:
    Root Administrator
    likewise having the same issue.

    I can install the certs with no problem in WHM but not through a clients control panel interface.

    WHM 10.8.0 cPanel 10.8.1-R113
    Fedora i686 - WHM X v3.1.0
     
  14. iconraul

    iconraul Member

    Joined:
    Mar 14, 2006
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    me too

    Hi have a similar problem.

    I have some *.old.yyyymmdd certificates and active certificates. How do I remove these certificates? I tried removing the certificate using the Cpanel user interface but it says, "unable to remove because the certificate has already been added to the SSL registry." -or similiar message. Can I do these manually? I just want to clean the SSL Manager (WHM) listing... also, just you guys I have a problem installing SSL certificates as well..

    scenario:

    siteA -- has certificate installed, can be accessed by https://

    siteB -- no cerfificate installed (not an SSL host) but share the same IP as with siteA.. visiting siteB using https:// protocol will have me to siteA's page.

    How to I prevent this behaviour from happening? At least if I can store a shared certificate of some sort.. any suggestion?




    Thanks Thanks


    jun
     
    #14 iconraul, Mar 15, 2006
    Last edited: Mar 15, 2006
  15. daniel.eriksson

    Joined:
    Jan 18, 2004
    Messages:
    24
    Likes Received:
    0
    Trophy Points:
    1

    ---


    Hey there!


    You need to add a separate ip for each ssl-certificate you install. as they are domain/ip-specific.
    (had the very same issue myself, added a new ip and voila).

    best

    daniel
     
  16. tagdolphin

    tagdolphin Registered

    Joined:
    Jun 26, 2005
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Does that IP must be public? Is there any way to configure it with a private IP address in a NAT environment?
     
  17. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Yes, the IP must be a publicly visible static IP for the SSL Cert, not an internal IP address.
     
Loading...

Share This Page