Does AutoSSL work with server hostname SSL?

postcd

Well-Known Member
Oct 22, 2010
717
19
68
Hello,

does AutoSSL works to setup certificate for the WHM server hostname (which is not subdomain setup in cPanel, or should i setu new subdomain for my server hostname in its cpanel)?

in WHM/Service Configuration/Manage Service SSL Certificates

i have SSL certificate and it is valid when i access WHM/cpanel using my WHM server hostname

https://my.hostname.here:2087

But when i access:
https://my.hostname.here

it shows SSL mismatch as the WHM is using default SSL for the server and it is first cpanel account in the server's apache virtualhost file (/etc/httpd/conf/httpd.conf). When i go to WHM/SSL/Manage SSL hosts and use as a default the SSL of a domain name that match my server hostname (my.hostname.here -> hostname.here), then it still shows mismatch because it is using SSL for one of the addon domains that i have in that cPanel :-/ and indeed in /etc/httpd/conf/httpd.conf under virtualhost of my servber hostname domain i see something like this (i modified numbers):
SSLCertificateFile /var/cpanel/ssl/installed/certs/mail_myaddondomain_tk_cd4da_73aa1_1499068981_a25fe76db4f25a53dfa26df3a7d20476.crt
SSLCertificateKeyFile /var/cpanel/ssl/installed/keys/cd4da_73aa1_8f19dff0d14fd949387a82798e69b05a.key
SSLCACertificateFile /var/cpanel/ssl/installed/cabundles/Let_s_Encrypt_d5a69d0f2effae8513e08eaced2ccf24_1615999242.cabundle
and in /var/cpanel/ssl/installed/keys/
is not .crt file for my main server domain name.

The AutoSSL log shows:
The website “hostname.here”, owned by “cpanelnamehere”, has no SSL certificate. AutoSSL will attempt to obtain a new certificate and install it.
But it installed SSL only for my addon domains, i not reported any installation for main domain name.

So i wanted to solve this by installing AutoSSL for my WHM server hostname. Is it now possible after WHM is made to create cetificates also for subdomains?
 
Last edited:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,911
2,234
363
Hello,

Information about how the free cPanel-signed hostname certificate works is available at:

Manage Service SSL Certificates - Version 76 Documentation - cPanel Documentation

does AutoSSL works to setup certificate for the WHM server hostname (which is not subdomain setup in cPanel, or should i setu new subdomain for my server hostname in its cpanel)?
Setting up a subdomain under an account for your server's hostname is not recommended.

i have SSL certificate and it is valid when i access WHM/cpanel using my WHM server hostname

https://my.hostname.here:2087

But when i access:
https://my.hostname.here

it shows SSL mismatch as the WHM is using default SSL for the server and it is first cpanel account in the server's apache virtualhost file (/etc/httpd/conf/httpd.conf).
This is the expected behavior. The free cPanel-signed SSL certificate for the server's hostname is not installed for Apache. You can install the hostname's certificate to Apache using the following option:

"WHM Home » SSL/TLS »Install an SSL Certificate on a Domain"

Thank you.
 
Last edited:

postcd

Well-Known Member
Oct 22, 2010
717
19
68
free cPanel-signed SSL certificate for the server's hostname is not installed for Apache. You can install the hostname's certificate to Apache using the following option:
"WHM Home » SSL/TLS »Install an SSL Certificate on a Domain"
Hello, and thank You.

There is no way yet to Generate new auto-renewing (AutoSSL, cPanel-Comodo, LetsEncrypt) certificate for the server hostname? I need to generate only self signed one within WHM or use some third party tool for creating and renewing free signed cert.? it would be good if it is easier to establish signed auto-renewing certificate for the server hostname.

AutoSSL/cPanel SSL on server hostname for Apache
 

mtindor

Well-Known Member
Sep 14, 2004
1,361
64
178
inside a catfish
cPanel Access Level
Root Administrator
Hello, and thank You.

There is no way yet to Generate new auto-renewing (AutoSSL, cPanel-Comodo, LetsEncrypt) certificate for the server hostname? I need to generate only self signed one within WHM or use some third party tool for creating and renewing free signed cert.? it would be good if it is easier to establish signed auto-renewing certificate for the server hostname.

AutoSSL/cPanel SSL on server hostname for Apache
By default your server should automatically renew your server hostname certificate with a cPanel-signed SSL certificate.

Manage Service SSL Certificates - Documentation - cPanel Documentation
- scroll down to "Free cPanel-signed certificate"

However, if you manually touched (created) /var/cpanel/ssl/disable_service_certificate_management and /var/cpanel/ssl/disable_auto_hostname_certificate, then your server will not automatically renew your hostname SSL with a free cPanel-signed SSL.

If you read the "free cPanel-signed certificate" section, it specifically tells you what criteria need to be met in order for the server to automatically generated a new cPanel-signed certificate for your server hostname.

Mike
 
  • Like
Reactions: cPanelMichael

postcd

Well-Known Member
Oct 22, 2010
717
19
68
@mtindor
I think that you are speaking about hostname based certificate for cpanel/WHM services, but i am talking about hostname certificate itself.

service certificate:
https://host.name.here:2087 - WORKS good for me, no problem with that, it is signed

hostname certificate:
https://host.name.here - problem. shows insecure warning / SSL match other domain on same server

cPanel Michael said that "free cPanel-signed SSL certificate for the server's hostname is not installed for Apache."
I understand i can somehow manually install signed certificate for hostname, but that is not my point, my point is to do it so 1) the renewals are automated, 2) i do not need to use third party tools for that 3) i do not need to order paid certificate somewhere

i think your answer does not answer my issue (if i am not wrong :confused:).. you address services but me address hostname itself
 

mtindor

Well-Known Member
Sep 14, 2004
1,361
64
178
inside a catfish
cPanel Access Level
Root Administrator
You are correct. I misunderstood. Now that I understand what you are wanting, I do agree that it would be nice if the free cPanel hostname SSL cert would automatically be applied to https://serverhostname:443.

You can do it manually though. I just did it manually via WHM -> Install an SSL Certificate on a Domain, where I then browsed the account root (not apache) and chose/installed the cPanel Inc signed certificate.

Would it be nice for this all to happen automatically? I think so. But, at least you can manually assign the certificate to https://serverhostname:443.

Mike
 
  • Like
Reactions: postcd

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,911
2,234
363
Hello,

This would require new functionality (including the hostname with the AutoSSL feature for Apache). I encourage anyone else wanting this feature to vote and add feedback to the existing feature request at:

AutoSSL/cPanel SSL on server hostname for Apache

Thank you.