Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Command lines to provision and install main SSL?

Discussion in 'Security' started by ottdev, Nov 22, 2017.

  1. ottdev

    ottdev Well-Known Member

    Joined:
    Oct 1, 2013
    Messages:
    96
    Likes Received:
    3
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    My hostname reverted again after a reboot.
    AutoSSL Revoked

    I can not access WHM due to revoked certificate
    (WHM set to only allow SSL?)
    I do have SSH and reset the hostname
    What commands line will provision and install a new certificate for all services please ?

    Or is there a config file I can edit to turn off forcing the use of SSL to reach the WHM ?
     
    #1 ottdev, Nov 22, 2017
    Last edited by a moderator: Nov 22, 2017
  2. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,547
    Likes Received:
    44
    Trophy Points:
    328
    cPanel Access Level:
    Root Administrator
    If you have the correct certificate to install, then see:

    WHM API 1 Functions - install_service_ssl_certificate - Software Development Kit - cPanel Documentation

    To use this from the command line, you would do something like:

    /usr/local/cpanel/bin/whmapi1 install_service_ssl_certificate service=cpanel crt=%urlencodedcert% key=%urlencodedkey% cabundle=%urlencodedcabundle%

    Although probably the easiest and quickest solution for you, would be to just generate and install a self-signed certificate

    WHM API 1 Functions - reset_service_ssl_certificate - Software Development Kit - cPanel Documentation

    From the command line this would be:

    /usr/local/cpanel/bin/whmapi1 reset_service_ssl_certificate service=cpanel

    This will install a self-signed certificate for your WHM access. Probably not ideal, but it will at least get you into the WHM.

    I'm not sure if this restarts cPanel or not, so for good measure, restart cPanel after installing the certificate:

    /scripts/restartsrv_cpsrvd
     
  3. ottdev

    ottdev Well-Known Member

    Joined:
    Oct 1, 2013
    Messages:
    96
    Likes Received:
    3
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    In my panic, I forgot I recorded those commands before.
    First fix the hostname if you haven't:
    hostname myserver.hostname.tld

    Then attempt to reissue a cert:
    whmapi1 reset_service_ssl_certificate service=cpanel

    If it gives you "Invalid license file" then run this:
    /usr/local/cpanel/cpkeyclt
    If that succeeds run again:
    whmapi1 reset_service_ssl_certificate service=cpanel
     
  4. ottdev

    ottdev Well-Known Member

    Joined:
    Oct 1, 2013
    Messages:
    96
    Likes Received:
    3
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Not working.
    I did get into the WHM with default self-signed cert, then went to reinstall the real cert for the services. I am back to certificate revoked again.
     
  5. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,547
    Likes Received:
    44
    Trophy Points:
    328
    cPanel Access Level:
    Root Administrator
    Unfortunately, I don't know enough about cPanel's AutoSSL system. I don't know why it was revoked or how you tell AutoSSL to reissue a certificate that been revoked.

    But if the certificate has been revoked, then reinstalling the revoked certificate won't help you. As you saw, it will just lead you back to where you started.

    You would need to have a new certificate issued. I don't know if AutoSSL even has that functionality, since it's all automatic.

    There's not a whole lot of control of AutoSSL.

    The instructions I gave were meant to just give you access back into your WHM.
     
  6. ottdev

    ottdev Well-Known Member

    Joined:
    Oct 1, 2013
    Messages:
    96
    Likes Received:
    3
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    I also need to increase a disk quota for a user - how can I force this by command line since I can't access WHM ?
     
  7. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,547
    Likes Received:
    44
    Trophy Points:
    328
    cPanel Access Level:
    Root Administrator
    Your best bet would be to install the self-signed certificate and access your WHM using it.

    Perhaps someone else will chime in here and tell you how to resolve your AutoSSL revoked issue.
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    41,516
    Likes Received:
    1,616
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Could you verify which version of cPanel is installed on your system? This issue was addressed in cPanel 68.0.16 with a case that defers the revocation of old hostname certificates until the new hostname passes domain control validation:

    Fixed case CPANEL-12824: Defer revocation of old hostname cert until new hostname passes DCV.

    Thank you.
     
Loading...

Share This Page