The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cPanel on unsecure connection while wildcard SSL Cert. installed

Discussion in 'Security' started by ronaldst, Jul 31, 2016.

Tags:
  1. ronaldst

    ronaldst Member

    Joined:
    Feb 22, 2016
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Norway
    cPanel Access Level:
    Root Administrator
    I got some annoyances going on regarding SSL. I can't quite figure this out.

    My CPanel runs on vps.example.com (example) and I also got a user added running a website on the same domain w ww.example.com. I got a Wildcard SSL installed for *.example.com.

    w ww.example.com shows no errors, green locker icon in browser and everything is dandy. Hiwever, hxtps://vps.example.com comes up as insecure conmection in browser.

    I've changed the service ssl to use the wildcard cert but without any solution.

    Can anyone please explain how this specific scenario is solved?
     
  2. Dave Smith

    Dave Smith Member

    Joined:
    Mar 20, 2016
    Messages:
    13
    Likes Received:
    3
    Trophy Points:
    3
    Location:
    Lisbon
    cPanel Access Level:
    Root Administrator
    Have you set-up a subdomain and DNS for vps.example.com? If not, set up DNS and create a sub domain in CPanel, and then go to SSL/TLS settings in the control panel for the domain. Install and manage SSL for your site. From the drop down list select the sub domain and click autofill by Domain and install the certificate.

    Hope that helps.
     
  3. ronaldst

    ronaldst Member

    Joined:
    Feb 22, 2016
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Norway
    cPanel Access Level:
    Root Administrator
    I'm pretty sure the DNS is set up for vps.example.c om. This is one of the first steps when installing and configuring CPanel.

    I've installed the SSL as root (WHM) for the vps subdomain. The main domain w ww.example.com was done from the domain cpanel user.

    I'm not allowed to install cert for the subdomain, or recreate vps.example.c om while logged in as CPanel user.

    I'm thinking it's something to do with the wildcard cert, it doesn't work for the WHM/CPanel subdomain.
     
    #3 ronaldst, Jul 31, 2016
    Last edited: Jul 31, 2016
  4. Dave Smith

    Dave Smith Member

    Joined:
    Mar 20, 2016
    Messages:
    13
    Likes Received:
    3
    Trophy Points:
    3
    Location:
    Lisbon
    cPanel Access Level:
    Root Administrator
    Can you do this logged in as Root in WHM and then through Accounts Information / List Accounts / Select Account / and then make the changes through CPanel as the Root user?

    An alternative would be to generate a specific certificate for vps.example.com using Lets Encrypt. Unfortunately that is not a solution but more of a temporary fix to help you see if it resolves the issue at hand with the *wildcard certificate (if there is an issue). There are some great guides on here for setting up Lets Encrypt. Or if you don't want to do that I would happily create you a certificate and mail it across to you if that would be useful.

    I know from first hand experience that getting SSL operational can be a pain.
     
  5. ronaldst

    ronaldst Member

    Joined:
    Feb 22, 2016
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Norway
    cPanel Access Level:
    Root Administrator
    I've installed the cert in WHM for *.example.com (under Manage SSL menu) and I've also installed the same cert for all services including cPanel under 'Manage Service SSL'.

    After further testing today and it seems to be working like it should on desktops now. On mobile Firefox it's ok too, but I get unsecure connection with the following error with mobile version of Chrome:

    err_cert_authority_invalid

    After a quick search on Google I find this is relatedto the cert being installed twice (?) or it has two separate instances on server.
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    651
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    It's important to keep in mind that your server's hostname should not be utilized as a subdomain for hosting website content. Per Change Hostname - Documentation - cPanel Documentation:

    If you want to use the hostname for user's connecting to a service, then you would install the SSL certificate for the individual service via "WHM >> Manage Service SSL Certificates".

    Thank you.
     
  7. ronaldst

    ronaldst Member

    Joined:
    Feb 22, 2016
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Norway
    cPanel Access Level:
    Root Administrator
    I guess I have misunderstood the meaning of 'hostname that a cPanel account on your server will use.' I figured this was isolated to the subdomain.

    Can you confirm this is the reason of the problems I've had?

    Is there a workaround or is it better to have a isolated domain for cPanel?
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    651
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Yes, creating a subdomain name associated the configured server hostname on a cPanel account is unsupported and can result in configuration conflicts. Could you let us know if the issue persists after adjusting the hostname?

    Thank you.
     
  9. ronaldst

    ronaldst Member

    Joined:
    Feb 22, 2016
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Norway
    cPanel Access Level:
    Root Administrator
    Thanks for making that clear.

    I'm still not able to resolve the unsecure connection/authority error I'm getting in Chrome (mobile).

    I have deleted the user account who shared domain with WHM. EasyApache rebuild and restarted services.
     
  10. Spork Schivago

    Spork Schivago Well-Known Member

    Joined:
    Jan 21, 2016
    Messages:
    266
    Likes Received:
    20
    Trophy Points:
    18
    Location:
    corning, ny
    cPanel Access Level:
    Website Owner
    I know that this is probably not your problem and you've probably already have this setup, however, when I was setting up SSL for my site (I use Let's Encrypt), Chrome wouldn't recognize the certs. I had similar issues. The problem was with that meta-tag that works for Firefox and other browsers that says not to cache the page. Chrome, however, ignores that meta-tag.

    Have you tried visiting the site incognito mode to make sure it's not a caching issue? I found away to get my server not to cache the pages for Chrome, thankfully, but it took a while to find something that worked. It's just a thought. If you cannot set the mobile version of Chrome to incognito mode, perhaps you could manually try clearing the cache in Chrome. We cleared everything, from the beginning of time, then the errors stopped and everything worked as expected.
     
  11. ronaldst

    ronaldst Member

    Joined:
    Feb 22, 2016
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Norway
    cPanel Access Level:
    Root Administrator
    I'm still not able to resolve this error. Incognito mode makes no difference. Tried a different mobile which never visited the domain and am still getting: "err_cert_authority_invalid"
     
  12. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    651
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Could you open a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
  13. ronaldst

    ronaldst Member

    Joined:
    Feb 22, 2016
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Norway
    cPanel Access Level:
    Root Administrator
    Im currently away on hollidays, but I'll make sure to post a ticket when I get back home.

    We already concluded that making a user account for the domain used by WHM is no good. I was wondering though, is it still possible to use the domain for email accounts? This is why I had a user for the same domain in the first place. Maybe I need to rethink the vps domain.
     
    #13 ronaldst, Aug 12, 2016
    Last edited: Aug 12, 2016
  14. ronaldst

    ronaldst Member

    Joined:
    Feb 22, 2016
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Norway
    cPanel Access Level:
    Root Administrator
    I've solved the problem. After migrating to my new VPS I've not had the issue anymore.

    I can't find any other conclusion than it has to be some kind of caching issue either on the server or browser.
     
  15. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    651
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page