CPanel error being sent regularly " doesn’t match non-SSL vhost IP"

Operating System & Version
CENTOS 7.7 xen hvm
cPanel & WHM Version
86.0 (build 17)

cPanelLauren

Product Owner II
Staff member
Nov 14, 2017
13,274
1,295
313
Houston
And @andrew.n you're most likely correct. NAT misconfiguration is almost always the issue, not the fact that the server is NAT routed at all but the fact that when these configurations are created they're done so incorrectly. I'd advise you to open a ticket so that our analysts can look at this further and hopefully let you know where the issue lies.
 
Jul 31, 2020
13
5
3
Boston
cPanel Access Level
Website Owner
The files /var/cpanel/userdata/natmaws/example.com and /var/cpanel/userdata/natmaws/example.com_SSL needed updating. It contained the 10.7.7.7 entry. Once I changed it to the servers IP, the new cert was installed.

One thing to note, where as all the sub domains were green and secure, it seems the majority of the list were then http and not SSL secured. The cert we installed is indeed a *.example.com cert for the remaining subdomains.

The subdomains required a manual rebuild and restart of Apache in order to get this corrected.

I ran:
/scripts/rebuildhttpdconf

Then:
/scripts/restartsrv_httpd

The first command rebuilt the Apache configuration, putting the correct SSL properties back into place; while the 2nd command restarts the Apache server.

Thank you @andrew.n @cPanelLauren for your consistent approach at troubleshooting this. I hope we are able to help someone with a similar issue.

Cheer, Health, Love to all !!!
 
Jul 31, 2020
13
5
3
Boston
cPanel Access Level
Website Owner
Hi, thanks Andrew. Youre a cpanel soldier!

Im trying to get the apache config sorted out as it has the private IP posted all around.

All the files (apache config and user/domain & domain_ssl) contain the private IP address.

Apache config:
Code:
<VirtualHost 10.7.7.7:80>
ServerName example.com
ServerAlias mail.example.com www.example.com
DocumentRoot /home/user/public_html
ServerAdmin [email protected]
--
<VirtualHost 10.7.7.7:443>
ServerName example.com
ServerAlias mail.example.com www.example.com cpcontacts.example.com webdisk.example.com cpanel.example.com webmail.example.com cpcalendars.example.com whm.example.com


This cpanel server looks direct ? (non NAT). We only have a private ip and a public IP to access the cpanel server.


Code:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc mq state UP group default qlen 1000
link/ether 09:xx:1c:xx:cd:8d brd ff:ff:ff:ff:ff:ff
inet 10.7.7.7/24 brd 10.7.7.255 scope global dynamic eth0
valid_lft 2363sec preferred_lft 2363sec
inet6 kv92::8d:1cff:fea2:dd93/64 scope link
valid_lft forever preferred_lft forever

Thus far, every other cpanel error references the public IP when I try to install the cert, should I be updating :

a) all references be updated to public IP including the apache config and domain files,
b) the cpnat file be deleted
c) try to reinstall the cert
d) restart apache and cpanel


What I didnt do in the 1st attempt, when it broke, was change the apache config details manually. I believe they may have still been private IPs as they are now (see above) I did remove the cpnat file but everything broke during the cpanel scripted apache rebuild config script.
 

andrew.n

Well-Known Member
Jun 9, 2020
930
345
63
EU
cPanel Access Level
Root Administrator
Okay there is a way to rebuild all the configs as I recall I hope I remember all the steps here:

1. First backup the userdata folder
mv /var/cpanel/userdata /var/cpanel/userdata.backup
2. Re-create the folder
mkdir /var/cpanel/userdata
3. Re-generate the content
/usr/local/cpanel/bin/userdata_update –reset
4. Fix permissions
/usr/local/cpanel/bin/fix_userdata_perms
4. Update internal cache
/scripts/updateuserdatacache
5. Now rebuild apache config
/scripts/rebuildhttpdconf
6. Restart apache to take affect the changes
/scripts/restartsrv_httpd

Let me know how it works out
 
  • Like
Reactions: cPanelLauren