Does AutoSSL work with server hostname SSL?

postcd · Apr 4, 2017

Hello,

does AutoSSL works to setup certificate for the WHM server hostname (which is not subdomain setup in cPanel, or should i setu new subdomain for my server hostname in its cpanel)?

in WHM/Service Configuration/Manage Service SSL Certificates

i have SSL certificate and it is valid when i access WHM/cpanel using my WHM server hostname

https://my.hostname.here:2087

But when i access:
https://my.hostname.here

it shows SSL mismatch as the WHM is using default SSL for the server and it is first cpanel account in the server's apache virtualhost file (/etc/httpd/conf/httpd.conf). When i go to WHM/SSL/Manage SSL hosts and use as a default the SSL of a domain name that match my server hostname (my.hostname.here -> hostname.here), then it still shows mismatch because it is using SSL for one of the addon domains that i have in that cPanel :-/ and indeed in /etc/httpd/conf/httpd.conf under virtualhost of my servber hostname domain i see something like this (i modified numbers):

SSLCertificateFile /var/cpanel/ssl/installed/certs/mail_myaddondomain_tk_cd4da_73aa1_1499068981_a25fe76db4f25a53dfa26df3a7d20476.crt
SSLCertificateKeyFile /var/cpanel/ssl/installed/keys/cd4da_73aa1_8f19dff0d14fd949387a82798e69b05a.key
SSLCACertificateFile /var/cpanel/ssl/installed/cabundles/Let_s_Encrypt_d5a69d0f2effae8513e08eaced2ccf24_1615999242.cabundle

and in /var/cpanel/ssl/installed/keys/
is not .crt file for my main server domain name.

The AutoSSL log shows:

The website “hostname.here”, owned by “cpanelnamehere”, has no SSL certificate. AutoSSL will attempt to obtain a new certificate and install it.

But it installed SSL only for my addon domains, i not reported any installation for main domain name.

So i wanted to solve this by installing AutoSSL for my WHM server hostname. Is it now possible after WHM is made to create cetificates also for subdomains?

cPanelMichael · Apr 4, 2017

Hello,

Information about how the free cPanel-signed hostname certificate works is available at:

Manage Service SSL Certificates - Version 76 Documentation - cPanel Documentation

postcd said:
does AutoSSL works to setup certificate for the WHM server hostname (which is not subdomain setup in cPanel, or should i setu new subdomain for my server hostname in its cpanel)?

Setting up a subdomain under an account for your server's hostname is not recommended.

postcd said:
i have SSL certificate and it is valid when i access WHM/cpanel using my WHM server hostname

https://my.hostname.here:2087

But when i access:
https://my.hostname.here

it shows SSL mismatch as the WHM is using default SSL for the server and it is first cpanel account in the server's apache virtualhost file (/etc/httpd/conf/httpd.conf).

This is the expected behavior. The free cPanel-signed SSL certificate for the server's hostname is not installed for Apache. You can install the hostname's certificate to Apache using the following option:

"WHM Home » SSL/TLS »Install an SSL Certificate on a Domain"

Thank you.

postcd · Apr 4, 2017

cPanelMichael said:
free cPanel-signed SSL certificate for the server's hostname is not installed for Apache. You can install the hostname's certificate to Apache using the following option:
"WHM Home » SSL/TLS »Install an SSL Certificate on a Domain"

Hello, and thank You.

There is no way yet to Generate new auto-renewing (AutoSSL, cPanel-Comodo, LetsEncrypt) certificate for the server hostname? I need to generate only self signed one within WHM or use some third party tool for creating and renewing free signed cert.? it would be good if it is easier to establish signed auto-renewing certificate for the server hostname.

AutoSSL/cPanel SSL on server hostname for Apache

mtindor · Apr 5, 2017

postcd said:
Hello, and thank You.

There is no way yet to Generate new auto-renewing (AutoSSL, cPanel-Comodo, LetsEncrypt) certificate for the server hostname? I need to generate only self signed one within WHM or use some third party tool for creating and renewing free signed cert.? it would be good if it is easier to establish signed auto-renewing certificate for the server hostname.

AutoSSL/cPanel SSL on server hostname for Apache

By default your server should automatically renew your server hostname certificate with a cPanel-signed SSL certificate.

Manage Service SSL Certificates - Documentation - cPanel Documentation
- scroll down to "Free cPanel-signed certificate"

However, if you manually touched (created) /var/cpanel/ssl/disable_service_certificate_management and /var/cpanel/ssl/disable_auto_hostname_certificate, then your server will not automatically renew your hostname SSL with a free cPanel-signed SSL.

If you read the "free cPanel-signed certificate" section, it specifically tells you what criteria need to be met in order for the server to automatically generated a new cPanel-signed certificate for your server hostname.

Mike

postcd · Apr 12, 2017

@mtindor
I think that you are speaking about hostname based certificate for cpanel/WHM services, but i am talking about hostname certificate itself.

service certificate:
https://host.name.here:2087 - WORKS good for me, no problem with that, it is signed

hostname certificate:
https://host.name.here - problem. shows insecure warning / SSL match other domain on same server

cPanel Michael said that "free cPanel-signed SSL certificate for the server's hostname is not installed for Apache."
I understand i can somehow manually install signed certificate for hostname, but that is not my point, my point is to do it so 1) the renewals are automated, 2) i do not need to use third party tools for that 3) i do not need to order paid certificate somewhere

i think your answer does not answer my issue (if i am not wrong

).. you address services but me address hostname itself

mtindor · Apr 12, 2017

You are correct. I misunderstood. Now that I understand what you are wanting, I do agree that it would be nice if the free cPanel hostname SSL cert would automatically be applied to https://serverhostname:443.

You can do it manually though. I just did it manually via WHM -> Install an SSL Certificate on a Domain, where I then browsed the account root (not apache) and chose/installed the cPanel Inc signed certificate.

Would it be nice for this all to happen automatically? I think so. But, at least you can manually assign the certificate to https://serverhostname:443.

Mike

cPanelMichael · Apr 12, 2017

Hello,

This would require new functionality (including the hostname with the AutoSSL feature for Apache). I encourage anyone else wanting this feature to vote and add feedback to the existing feature request at:

AutoSSL/cPanel SSL on server hostname for Apache

Thank you.

Thread starter	Similar threads	Forum	Replies	Date
J	Autossl does not work for addon domain root name but works with www	Security	3	Aug 5, 2019
	In Progress [CPANEL-22039] AutoSSL doesn't cover Service Subdomains when parent domain uses third-party cert	Security	11	Feb 8, 2019
J	AutoSSL error This partner does not offer free 90-day certificates	Security	3	Jan 29, 2019
B	Potential reduced AutoSSL coverage for subdomain that doesn't exist?	Security	4	Sep 16, 2018
L	How Does Server Migration Affect AutoSSL Certificates?	Security	2	May 5, 2017

Search

Search

Does AutoSSL work with server hostname SSL?

postcd

Well-Known Member

cPanelMichael

Administrator

postcd

Well-Known Member

mtindor

Well-Known Member

postcd

Well-Known Member

mtindor

Well-Known Member

cPanelMichael

Administrator