Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Changed document root - AutoSSL

Discussion in 'Security' started by kamm, Feb 5, 2019.

  1. kamm

    kamm Well-Known Member

    Joined:
    Jan 17, 2004
    Messages:
    45
    Likes Received:
    1
    Trophy Points:
    158
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    After changing the document root from public_html to public following the instructions here:
    SOLVED - Changing document root for primary domain does not work

    Is there anything I need to do to ensure that AutoSSL / Let's Encrypt will continue to run normally for that domain?

    I just wondered because the .well-known/acme-challenge directory doesn't exist in the new document root.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,476
    Likes Received:
    507
    Trophy Points:
    263
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    I'm not 100% sure since this is a customization that we don't necessarily support. What happens when you run the following:

    Code:
    /usr/local/cpanel/bin/autossl_check --user=$USER
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. kamm

    kamm Well-Known Member

    Joined:
    Jan 17, 2004
    Messages:
    45
    Likes Received:
    1
    Trophy Points:
    158
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    That seems OK, I'm just a bit concerned what will happen when it expires.

    Code:
    [[email protected]~]# /usr/local/cpanel/bin/autossl_check --user=example
    AutoSSL’s configured provider is “Let’s Encrypt™”.
    Checking websites for “example” …
            Analyzing “example.es” …
                    TLS Status: OK
                    Certificate expiry: 3/12/19, 1:10 AM UTC (33.8 days from now)
            Analyzing “es.example.es” …
                    TLS Status: OK
                    Certificate expiry: 3/12/19, 1:10 AM UTC (33.8 days from now)
            Analyzing “static.example.es” …
                    TLS Status: OK
                    Certificate expiry: 3/12/19, 1:10 AM UTC (33.8 days from now)
    The system has completed the AutoSSL check for “example”.
    
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,476
    Likes Received:
    507
    Trophy Points:
    263
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @kamm

    The same process is run when the certificate expires, it's run automatically every day and it checks for expired certificates. Are you able to create a subdomain in the same documentroot? It isn't going to tell you much if the domain already has a certificate but you could create a test subdomain to see if it'll pick it up.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. kamm

    kamm Well-Known Member

    Joined:
    Jan 17, 2004
    Messages:
    45
    Likes Received:
    1
    Trophy Points:
    158
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    Hi @cPanelLauren,

    Good idea. I've done that and I'll report back tomorrow to let you know whether it picks it up over night.

    ** I notice that creating the subdomain has created a .well-known/acme-challange directory in the public directory (I have all the subdomains pointed to public), so that seems like a good sign.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    cPanelLauren likes this.
  6. kamm

    kamm Well-Known Member

    Joined:
    Jan 17, 2004
    Messages:
    45
    Likes Received:
    1
    Trophy Points:
    158
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    ...so I see it created the certificate while creating the subdomain.

    It's working OK, but shows a couple of errors - not sure how important they are - the certificate looks good in the browser (checked in Chrome and Firefox).

    Code:
    Log for the AutoSSL run for “example”: Wednesday, February 6, 2019 3:22:58 PM GMT+0100 (Let’s Encrypt™)
    3:22:58 PM AutoSSL’s configured provider is “Let’s Encrypt™”.
    Checking websites for “example” …
    3:22:58 PM Analyzing “example.es” …
    3:22:58 PM SUCCESS TLS Status: OK
    Certificate expiry: 3/12/19, 1:10 AM UTC (33.45 days from now)
    3:22:58 PM Analyzing “es.example.es” …
    3:22:58 PM SUCCESS TLS Status: OK
    Certificate expiry: 3/12/19, 1:10 AM UTC (33.45 days from now)
    3:22:58 PM Analyzing “static.example.es” …
    3:22:58 PM SUCCESS TLS Status: OK
    Certificate expiry: 3/12/19, 1:10 AM UTC (33.45 days from now)
    *** 3:22:58 PM Analyzing “test.example.es” …
    *** 3:22:58 PM ERROR TLS Status: Defective
    Certificate expiry: 2/6/20, 2:22 PM UTC (365 days from now)
    *** ERROR Defect: OPENSSL_VERIFY: The certificate chain failed OpenSSL’s verification (0:18:DEPTH_ZERO_SELF_SIGNED_CERT).
    3:22:58 PM Performing DCV (Domain Control Validation) …
    3:22:58 PM Local HTTP DCV OK: test.example.es
    Local HTTP DCV OK: www.test.example.es
    3:22:58 PM Analyzing “test.example.es”’s DCV results …
    3:22:58 PM No CAA record added because there is no CAA record from another provider in the DNS for example.es.
    3:23:01 PM “Let’s Encrypt™” HTTP DCV OK: www.test.example.es
    “Let’s Encrypt™” HTTP DCV OK: test.example.es
    AutoSSL will request a new certificate.
    3:23:01 PM The system will attempt to renew the SSL certificate for the website (test.example.es: test.example.es www.test.example.es).
    3:23:03 PM SUCCESS The system has installed a new certificate onto “example”’s website “test.example.es”.
    3:23:03 PM The system has completed the AutoSSL check for “example”.
    
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice