Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

[Case 192121] Certificate bundle verification failed

Discussion in 'Security' started by sehh, Jun 22, 2015.

  1. sehh

    sehh Well-Known Member

    Joined:
    Feb 11, 2006
    Messages:
    579
    Likes Received:
    5
    Trophy Points:
    168
    Location:
    Europe
    I'm trying to install a wildcard certificate issued by CACERT.org, for all WHM/cpanel services (cPanel/WHM/Dovecot/Exim).

    I copy paste the CRT file, the KEY file and the Class 3 bundle. I see all three boxes with a green checkmark and I click on the "Install" button. Then I get the following error (same error for each service, I'm pasting the last one, which is for the FTP server):

    Code:
    The SSL certificate update failed.
    FTP Server Certificate bundle verification failed! Verification Result [ stdin: O = CAcert Inc., OU = http://www.CAcert.org, CN = CAcert Class 3 Root error 20 at 0 depth lookup:unable to get local issuer certificate ]
    
    Any suggestions please?

    PS:
    I tried adding a normal certificate issued by GoDaddy and that worked fine.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. madmanmachines

    madmanmachines Well-Known Member

    Joined:
    Nov 28, 2014
    Messages:
    94
    Likes Received:
    4
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    I have seen this issue as few times in the past and the fault was with the SSL Issuer and their intermediate certificate. I would contact your SSL Issuer's support as a first step.
     
  3. sehh

    sehh Well-Known Member

    Joined:
    Feb 11, 2006
    Messages:
    579
    Likes Received:
    5
    Trophy Points:
    168
    Location:
    Europe
    I don't think so, because the same certificate works fine on the "old" server. But now that you mention it I'll go check it anyway.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,802
    Likes Received:
    1,895
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello :)

    1. A valid chain is required to install a non-self signed certificate in cPanel version 11.50. This prevents an issue where the certificate installation succeeds but browsers such as Firefox show the "Untrusted" warning message. Internal case number 192121 is open to address the issue by improving the error message for a missing cabundle during the SSL installation.

    2. Also, if anyone else is experiencing this issue with a different SSL provider, could you please verify the full URL where you obtained the CA bundle?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,802
    Likes Received:
    1,895
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello :)

    Cases 198033 and 198025 were opened to add the cacert.org and GeoTrust Global CA intermediate certs to cabundle.cpanel.net so these fields will populate automatically and the SSL installation won't fail when utilizing those specific CA Bundles.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. rains

    rains Registered

    Joined:
    Jun 1, 2011
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    51

    Dear Support,

    I still see this error:

    Code:
    Certificate bundle verification failed! Verification Result [ stdin: O = CAcert Inc., OU = http://www.CAcert.org, CN = CAcert Class 3 Root error 20 at 0 depth lookup:unable to get local issuer certificate ]
    On a WHM 11.52.0 (build 21)

    Can you please elaborate on how this can be resolved?

    Many thanks,

    Richard
     
  7. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,802
    Likes Received:
    1,895
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Could you verify the exact steps you are taking to reproduce the issue, in addition to what fields you are populating when installing the certificate?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice