cPanel on unsecure connection while wildcard SSL Cert. installed

ronaldst

Well-Known Member
Feb 22, 2016
85
16
8
Norway
cPanel Access Level
Root Administrator
I got some annoyances going on regarding SSL. I can't quite figure this out.

My CPanel runs on vps.example.com (example) and I also got a user added running a website on the same domain w ww.example.com. I got a Wildcard SSL installed for *.example.com.

w ww.example.com shows no errors, green locker icon in browser and everything is dandy. Hiwever, hxtps://vps.example.com comes up as insecure conmection in browser.

I've changed the service ssl to use the wildcard cert but without any solution.

Can anyone please explain how this specific scenario is solved?
 

Dave Smith

Active Member
Mar 20, 2016
44
12
8
Lisbon
cPanel Access Level
Root Administrator
Have you set-up a subdomain and DNS for vps.example.com? If not, set up DNS and create a sub domain in CPanel, and then go to SSL/TLS settings in the control panel for the domain. Install and manage SSL for your site. From the drop down list select the sub domain and click autofill by Domain and install the certificate.

Hope that helps.
 

ronaldst

Well-Known Member
Feb 22, 2016
85
16
8
Norway
cPanel Access Level
Root Administrator
I'm pretty sure the DNS is set up for vps.example.c om. This is one of the first steps when installing and configuring CPanel.

I've installed the SSL as root (WHM) for the vps subdomain. The main domain w ww.example.com was done from the domain cpanel user.

I'm not allowed to install cert for the subdomain, or recreate vps.example.c om while logged in as CPanel user.

I'm thinking it's something to do with the wildcard cert, it doesn't work for the WHM/CPanel subdomain.
 
Last edited:

Dave Smith

Active Member
Mar 20, 2016
44
12
8
Lisbon
cPanel Access Level
Root Administrator
I'm not allowed to install cert for the subdomain, or recreate vps.example.c om while logged in as CPanel user.
Can you do this logged in as Root in WHM and then through Accounts Information / List Accounts / Select Account / and then make the changes through CPanel as the Root user?

An alternative would be to generate a specific certificate for vps.example.com using Lets Encrypt. Unfortunately that is not a solution but more of a temporary fix to help you see if it resolves the issue at hand with the *wildcard certificate (if there is an issue). There are some great guides on here for setting up Lets Encrypt. Or if you don't want to do that I would happily create you a certificate and mail it across to you if that would be useful.

I know from first hand experience that getting SSL operational can be a pain.
 

ronaldst

Well-Known Member
Feb 22, 2016
85
16
8
Norway
cPanel Access Level
Root Administrator
I've installed the cert in WHM for *.example.com (under Manage SSL menu) and I've also installed the same cert for all services including cPanel under 'Manage Service SSL'.

After further testing today and it seems to be working like it should on desktops now. On mobile Firefox it's ok too, but I get unsecure connection with the following error with mobile version of Chrome:

err_cert_authority_invalid

After a quick search on Google I find this is relatedto the cert being installed twice (?) or it has two separate instances on server.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,908
2,218
463

ronaldst

Well-Known Member
Feb 22, 2016
85
16
8
Norway
cPanel Access Level
Root Administrator
I guess I have misunderstood the meaning of 'hostname that a cPanel account on your server will use.' I figured this was isolated to the subdomain.

Can you confirm this is the reason of the problems I've had?

Is there a workaround or is it better to have a isolated domain for cPanel?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,908
2,218
463
Yes, creating a subdomain name associated the configured server hostname on a cPanel account is unsupported and can result in configuration conflicts. Could you let us know if the issue persists after adjusting the hostname?

Thank you.
 

ronaldst

Well-Known Member
Feb 22, 2016
85
16
8
Norway
cPanel Access Level
Root Administrator
Thanks for making that clear.

I'm still not able to resolve the unsecure connection/authority error I'm getting in Chrome (mobile).

I have deleted the user account who shared domain with WHM. EasyApache rebuild and restarted services.
 

Spork Schivago

Well-Known Member
Jan 21, 2016
597
64
28
corning, ny
cPanel Access Level
Root Administrator
Thanks for making that clear.

I'm still not able to resolve the unsecure connection/authority error I'm getting in Chrome (mobile).

I have deleted the user account who shared domain with WHM. EasyApache rebuild and restarted services.
I know that this is probably not your problem and you've probably already have this setup, however, when I was setting up SSL for my site (I use Let's Encrypt), Chrome wouldn't recognize the certs. I had similar issues. The problem was with that meta-tag that works for Firefox and other browsers that says not to cache the page. Chrome, however, ignores that meta-tag.

Have you tried visiting the site incognito mode to make sure it's not a caching issue? I found away to get my server not to cache the pages for Chrome, thankfully, but it took a while to find something that worked. It's just a thought. If you cannot set the mobile version of Chrome to incognito mode, perhaps you could manually try clearing the cache in Chrome. We cleared everything, from the beginning of time, then the errors stopped and everything worked as expected.
 

ronaldst

Well-Known Member
Feb 22, 2016
85
16
8
Norway
cPanel Access Level
Root Administrator
I'm still not able to resolve this error. Incognito mode makes no difference. Tried a different mobile which never visited the domain and am still getting: "err_cert_authority_invalid"
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,908
2,218
463
New I'm still not able to resolve this error. Incognito mode makes no difference. Tried a different mobile which never visited the domain and am still getting: "err_cert_authority_invalid"
Could you open a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome.

Thank you.
 

ronaldst

Well-Known Member
Feb 22, 2016
85
16
8
Norway
cPanel Access Level
Root Administrator
Im currently away on hollidays, but I'll make sure to post a ticket when I get back home.

We already concluded that making a user account for the domain used by WHM is no good. I was wondering though, is it still possible to use the domain for email accounts? This is why I had a user for the same domain in the first place. Maybe I need to rethink the vps domain.
 
Last edited:

ronaldst

Well-Known Member
Feb 22, 2016
85
16
8
Norway
cPanel Access Level
Root Administrator
I've solved the problem. After migrating to my new VPS I've not had the issue anymore.

I can't find any other conclusion than it has to be some kind of caching issue either on the server or browser.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,908
2,218
463
I'm happy to see the issue is now resolved. Thank you for updating this thread with the outcome.