Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cPanel + pfSense + Let's Encrypt + Curl

Discussion in 'Workarounds and Optimization' started by SeanLee, Sep 13, 2017.

  1. SeanLee

    SeanLee Well-Known Member

    Joined:
    May 23, 2004
    Messages:
    52
    Likes Received:
    0
    Trophy Points:
    156
    I'm putting this in General Discussion, but if the mods want to move it, feel free.

    I had the dreaded “SSL certificate problem: unable to get local issuer certificate” problem when working with Let's Encrypt and scripts that were using CURL. My SSL certs for domains worked just fine in web browsers - it was only CURL that had the problems. I tried all the fixes involving editing php.ini and downloading the pem from http://curl.haxx.se/ca/, but nothing seemed to work.

    It seemed that in most cases, if you edit your php.ini file and provide the cainfo (curl.cainfo = "/path/to/cacert.pem") that seemed to fix most people's problems. My situation ended up being different, simply because I'm running my cPanel server behind a pfSense firewall using NAT. I spent about 4 days troubleshooting this, so I figured I'd share what I did, in case somebody else runs across it.

    1) Install the ACME package on my pfSense fw, and follow this HowTo very carefully (PDF attached in case link dies). Make sure you enable the new SSL cert, and that it shows up as valid (green) in a web browser.

    2) If you are using port 443 to access your pfSense admin area, change it (i.e. port 8443). Do this under System -> Advanced, under "webConfigurator", under the "TCP port" area. This configuration option allows you to change which port PFSense listens on. This is because you need to forward port 443 to your cPanel server.

    3) Make sure you have a NAT rule to forward the above port 443, to your (internal) cPanel server. Do this in PFSense, under Firewall -> NAT. You should change the following options on that screen:
    - Interface: WAN
    - Protocol: TCP
    - Destination: The VIP (external IP) that maps to your cPanel server
    - Destination port range: HTTPS (both from & to)
    - Redirect target IP: The main internal IP of your cPanel server
    - Redirect target port: HTTPS
    - Filter rule association: (create new rule)
    (all other options leave as default)

    4) This was the final step that got everything working for me. You need to follow Method 1 of this guide (PDF attached in case link dies) in order to enable Pure NAT reflection.

    You should now have a working version of Curl that uses your Let's Encrypt SSL certs on your cPanel server. Many thanks to Andrew, Laure, Seth and Chad at cPanel support for helping me with this.
     

    Attached Files:

  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,165
    Likes Received:
    1,371
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    We've moved this thread to our "Workarounds" forum category.

    Thanks!
     
Loading...

Share This Page