[Case 192121] Certificate bundle verification failed

sehh

Well-Known Member
Feb 11, 2006
579
5
168
Europe
I'm trying to install a wildcard certificate issued by CACERT.org, for all WHM/cpanel services (cPanel/WHM/Dovecot/Exim).

I copy paste the CRT file, the KEY file and the Class 3 bundle. I see all three boxes with a green checkmark and I click on the "Install" button. Then I get the following error (same error for each service, I'm pasting the last one, which is for the FTP server):

Code:
The SSL certificate update failed.
FTP Server Certificate bundle verification failed! Verification Result [ stdin: O = CAcert Inc., OU = http://www.CAcert.org, CN = CAcert Class 3 Root error 20 at 0 depth lookup:unable to get local issuer certificate ]
Any suggestions please?

PS:
I tried adding a normal certificate issued by GoDaddy and that worked fine.
 

madmanmachines

Well-Known Member
Nov 28, 2014
94
4
8
cPanel Access Level
Root Administrator
I have seen this issue as few times in the past and the fault was with the SSL Issuer and their intermediate certificate. I would contact your SSL Issuer's support as a first step.
 

sehh

Well-Known Member
Feb 11, 2006
579
5
168
Europe
I don't think so, because the same certificate works fine on the "old" server. But now that you mention it I'll go check it anyway.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,222
463
Hello :)

1. A valid chain is required to install a non-self signed certificate in cPanel version 11.50. This prevents an issue where the certificate installation succeeds but browsers such as Firefox show the "Untrusted" warning message. Internal case number 192121 is open to address the issue by improving the error message for a missing cabundle during the SSL installation.

2. Also, if anyone else is experiencing this issue with a different SSL provider, could you please verify the full URL where you obtained the CA bundle?

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,222
463
Hello :)

Cases 198033 and 198025 were opened to add the cacert.org and GeoTrust Global CA intermediate certs to cabundle.cpanel.net so these fields will populate automatically and the SSL installation won't fail when utilizing those specific CA Bundles.

Thank you.
 

rains

Registered
Jun 1, 2011
1
0
51
Cases 198033 and 198025 were opened to add the cacert.org and GeoTrust Global CA intermediate certs to cabundle.cpanel.net so these fields will populate automatically and the SSL installation won't fail when utilizing those specific CA Bundles.

Dear Support,

I still see this error:

Code:
Certificate bundle verification failed! Verification Result [ stdin: O = CAcert Inc., OU = http://www.CAcert.org, CN = CAcert Class 3 Root error 20 at 0 depth lookup:unable to get local issuer certificate ]
On a WHM 11.52.0 (build 21)

Can you please elaborate on how this can be resolved?

Many thanks,

Richard