cPanel on unsecure connection while wildcard SSL Cert. installed

[ronaldst]

I got some annoyances going on regarding SSL. I can't quite figure this out.

My CPanel runs on vps.example.com (example) and I also got a user added running a website on the same domain w ww.example.com. I got a Wildcard SSL installed for *.example.com.

w ww.example.com shows no errors, green locker icon in browser and everything is dandy. Hiwever, hxtps://vps.example.com comes up as insecure conmection in browser.

I've changed the service ssl to use the wildcard cert but without any solution.

Can anyone please explain how this specific scenario is solved?

 

[Dave Smith]

Have you set-up a subdomain and DNS for vps.example.com? If not, set up DNS and create a sub domain in CPanel, and then go to SSL/TLS settings in the control panel for the domain. Install and manage SSL for your site. From the drop down list select the sub domain and click autofill by Domain and install the certificate.

Hope that helps.

 

[ronaldst]

I'm pretty sure the DNS is set up for vps.example.c om. This is one of the first steps when installing and configuring CPanel.

I've installed the SSL as root (WHM) for the vps subdomain. The main domain w ww.example.com was done from the domain cpanel user.

I'm not allowed to install cert for the subdomain, or recreate vps.example.c om while logged in as CPanel user.

I'm thinking it's something to do with the wildcard cert, it doesn't work for the WHM/CPanel subdomain.

 

[Dave Smith]

I'm not allowed to install cert for the subdomain, or recreate vps.example.c om while logged in as CPanel user.

Can you do this logged in as Root in WHM and then through Accounts Information / List Accounts / Select Account / and then make the changes through CPanel as the Root user?

An alternative would be to generate a specific certificate for vps.example.com using Lets Encrypt. Unfortunately that is not a solution but more of a temporary fix to help you see if it resolves the issue at hand with the *wildcard certificate (if there is an issue). There are some great guides on here for setting up Lets Encrypt. Or if you don't want to do that I would happily create you a certificate and mail it across to you if that would be useful.

I know from first hand experience that getting SSL operational can be a pain.

 

[ronaldst]

I've installed the cert in WHM for *.example.com (under Manage SSL menu) and I've also installed the same cert for all services including cPanel under 'Manage Service SSL'.

After further testing today and it seems to be working like it should on desktops now. On mobile Firefox it's ok too, but I get unsecure connection with the following error with mobile version of Chrome:

err_cert_authority_invalid

After a quick search on Google I find this is relatedto the cert being installed twice (?) or it has two separate instances on server.

 

[cPanelMichael]

Hello,

It's important to keep in mind that your server's hostname should not be utilized as a subdomain for hosting website content. Per Change Hostname - Documentation - cPanel Documentation:

Do not choose a hostname that a cPanel account on your server will use.

If you want to use the hostname for user's connecting to a service, then you would install the SSL certificate for the individual service via "WHM >> Manage Service SSL Certificates".

Thank you.

 

[ronaldst]

I guess I have misunderstood the meaning of 'hostname that a cPanel account on your server will use.' I figured this was isolated to the subdomain.

Can you confirm this is the reason of the problems I've had?

Is there a workaround or is it better to have a isolated domain for cPanel?

 

[cPanelMichael]

Yes, creating a subdomain name associated the configured server hostname on a cPanel account is unsupported and can result in configuration conflicts. Could you let us know if the issue persists after adjusting the hostname?

Thank you.

 

[ronaldst]

Thanks for making that clear.

I'm still not able to resolve the unsecure connection/authority error I'm getting in Chrome (mobile).

I have deleted the user account who shared domain with WHM. EasyApache rebuild and restarted services.

 

[Spork Schivago]

Thanks for making that clear.

I'm still not able to resolve the unsecure connection/authority error I'm getting in Chrome (mobile).

I have deleted the user account who shared domain with WHM. EasyApache rebuild and restarted services.

I know that this is probably not your problem and you've probably already have this setup, however, when I was setting up SSL for my site (I use Let's Encrypt), Chrome wouldn't recognize the certs. I had similar issues. The problem was with that meta-tag that works for Firefox and other browsers that says not to cache the page. Chrome, however, ignores that meta-tag.

Have you tried visiting the site incognito mode to make sure it's not a caching issue? I found away to get my server not to cache the pages for Chrome, thankfully, but it took a while to find something that worked. It's just a thought. If you cannot set the mobile version of Chrome to incognito mode, perhaps you could manually try clearing the cache in Chrome. We cleared everything, from the beginning of time, then the errors stopped and everything worked as expected.

 

[ronaldst]

I'm still not able to resolve this error. Incognito mode makes no difference. Tried a different mobile which never visited the domain and am still getting: "err_cert_authority_invalid"

 

[cPanelMichael]

New I'm still not able to resolve this error. Incognito mode makes no difference. Tried a different mobile which never visited the domain and am still getting: "err_cert_authority_invalid"

Could you open a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome.

Thank you.

 

[ronaldst]

Im currently away on hollidays, but I'll make sure to post a ticket when I get back home.

We already concluded that making a user account for the domain used by WHM is no good. I was wondering though, is it still possible to use the domain for email accounts? This is why I had a user for the same domain in the first place. Maybe I need to rethink the vps domain.

 

[ronaldst]

I've solved the problem. After migrating to my new VPS I've not had the issue anymore.

I can't find any other conclusion than it has to be some kind of caching issue either on the server or browser.

 

[cPanelMichael]

I'm happy to see the issue is now resolved. Thank you for updating this thread with the outcome.