In Progress CPANEL-40511 - SSL/TLS CONFIGURATION - how can we configure hostname SSL/TLS Configuration to RSA, 4,096-bit

Spirogg

Well-Known Member
Feb 21, 2018
696
151
43
chicago
cPanel Access Level
Root Administrator
How can we change the hostname server.domain.(com) to RSA, 4,096-bit, so the SSL certificate will run AutoSSL and will update the hostname certificate to the same RSA, 4,096-bit


I know These settings below are for Domain names on cpanel accounts but not for the hostname.
SSL/TLS CONFIGURATION
Show Help Text

Default SSL/TLS Key Type Expand
RSA, 2,048-bit
ECDSA, P-384 (secp384r1)
ECDSA, P-256 (prime256v1)
RSA, 4,096-bit Current


Thanks
Spiro
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
10,360
1,631
363
cPanel Access Level
Root Administrator
Hey there! This page does also change the bit length for the hostname SSL. I changed the value to 4096 on my personal machine, reset my hostname SSL certificates, and then ran "/usr/local/cpanel/bin/checkallsslcerts" which showed this output:

Code:
[WARN] The system will replace the old certificate (RSA, 2,048-bit) with a new certificate that matches the system’s default key type (RSA, 4,096-bit).
Let me know if that helps!
 

Spirogg

Well-Known Member
Feb 21, 2018
696
151
43
chicago
cPanel Access Level
Root Administrator
reset my hostname SSL certificates, and then ran "/usr/local/cpanel/bin/checkallsslcerts"
Hey there,
Thanks for your reply
When changing the RSA to a different one and clicking save, it runs the cPanel domains AutoSSL and updates them accordingly. But the hostname we have to reset ourselves ? Then rerun /checkallsslcerts?

Also would be nice for it to run that for the hostname.
 
Last edited:

Spirogg

Well-Known Member
Feb 21, 2018
696
151
43
chicago
cPanel Access Level
Root Administrator
I don't disagree - I've created case CPANEL-40511 so our team can look into that possibility.
PS just found this for AlmaLinux8 and CloudLinux8
you canlt set RSA to 4096 for When using AlmaLinux 8 or CloudLinux 8, after changing the SSL/TLS Key type in the WHM you find the Hostname AutoSSL service becomes stuck.