Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Does AutoSSL work with server hostname SSL?

Discussion in 'Security' started by postcd, Apr 4, 2017.

Tags:
  1. postcd

    postcd Well-Known Member

    Joined:
    Oct 22, 2010
    Messages:
    670
    Likes Received:
    11
    Trophy Points:
    68
    Hello,

    does AutoSSL works to setup certificate for the WHM server hostname (which is not subdomain setup in cPanel, or should i setu new subdomain for my server hostname in its cpanel)?

    in WHM/Service Configuration/Manage Service SSL Certificates

    i have SSL certificate and it is valid when i access WHM/cpanel using my WHM server hostname

    https://my.hostname.here:2087

    But when i access:
    https://my.hostname.here

    it shows SSL mismatch as the WHM is using default SSL for the server and it is first cpanel account in the server's apache virtualhost file (/etc/httpd/conf/httpd.conf). When i go to WHM/SSL/Manage SSL hosts and use as a default the SSL of a domain name that match my server hostname (my.hostname.here -> hostname.here), then it still shows mismatch because it is using SSL for one of the addon domains that i have in that cPanel :-/ and indeed in /etc/httpd/conf/httpd.conf under virtualhost of my servber hostname domain i see something like this (i modified numbers):
    and in /var/cpanel/ssl/installed/keys/
    is not .crt file for my main server domain name.

    The AutoSSL log shows:
    But it installed SSL only for my addon domains, i not reported any installation for main domain name.

    So i wanted to solve this by installing AutoSSL for my WHM server hostname. Is it now possible after WHM is made to create cetificates also for subdomains?
     
    #1 postcd, Apr 4, 2017
    Last edited: Apr 4, 2017
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,659
    Likes Received:
    1,428
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Information about how the free cPanel-signed hostname certificate works is available at:

    Free cPanel-Signed Hostname Certificate - cPanel Knowledge Base - cPanel Documentation

    Setting up a subdomain under an account for your server's hostname is not recommended.

    This is the expected behavior. The free cPanel-signed SSL certificate for the server's hostname is not installed for Apache. You can install the hostname's certificate to Apache using the following option:

    "WHM Home » SSL/TLS »Install an SSL Certificate on a Domain"

    Thank you.
     
  3. postcd

    postcd Well-Known Member

    Joined:
    Oct 22, 2010
    Messages:
    670
    Likes Received:
    11
    Trophy Points:
    68
    Hello, and thank You.

    There is no way yet to Generate new auto-renewing (AutoSSL, cPanel-Comodo, LetsEncrypt) certificate for the server hostname? I need to generate only self signed one within WHM or use some third party tool for creating and renewing free signed cert.? it would be good if it is easier to establish signed auto-renewing certificate for the server hostname.

    AutoSSL/cPanel SSL on server hostname for Apache
     
  4. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,304
    Likes Received:
    42
    Trophy Points:
    178
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    By default your server should automatically renew your server hostname certificate with a cPanel-signed SSL certificate.

    Manage Service SSL Certificates - Documentation - cPanel Documentation
    - scroll down to "Free cPanel-signed certificate"

    However, if you manually touched (created) /var/cpanel/ssl/disable_service_certificate_management and /var/cpanel/ssl/disable_auto_hostname_certificate, then your server will not automatically renew your hostname SSL with a free cPanel-signed SSL.

    If you read the "free cPanel-signed certificate" section, it specifically tells you what criteria need to be met in order for the server to automatically generated a new cPanel-signed certificate for your server hostname.

    Mike
     
    cPanelMichael likes this.
  5. postcd

    postcd Well-Known Member

    Joined:
    Oct 22, 2010
    Messages:
    670
    Likes Received:
    11
    Trophy Points:
    68
    @mtindor
    I think that you are speaking about hostname based certificate for cpanel/WHM services, but i am talking about hostname certificate itself.

    service certificate:
    https://host.name.here:2087 - WORKS good for me, no problem with that, it is signed

    hostname certificate:
    https://host.name.here - problem. shows insecure warning / SSL match other domain on same server

    cPanel Michael said that "free cPanel-signed SSL certificate for the server's hostname is not installed for Apache."
    I understand i can somehow manually install signed certificate for hostname, but that is not my point, my point is to do it so 1) the renewals are automated, 2) i do not need to use third party tools for that 3) i do not need to order paid certificate somewhere

    i think your answer does not answer my issue (if i am not wrong :confused:).. you address services but me address hostname itself
     
  6. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,304
    Likes Received:
    42
    Trophy Points:
    178
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    You are correct. I misunderstood. Now that I understand what you are wanting, I do agree that it would be nice if the free cPanel hostname SSL cert would automatically be applied to https://serverhostname:443.

    You can do it manually though. I just did it manually via WHM -> Install an SSL Certificate on a Domain, where I then browsed the account root (not apache) and chose/installed the cPanel Inc signed certificate.

    Would it be nice for this all to happen automatically? I think so. But, at least you can manually assign the certificate to https://serverhostname:443.

    Mike
     
    postcd likes this.
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,659
    Likes Received:
    1,428
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    This would require new functionality (including the hostname with the AutoSSL feature for Apache). I encourage anyone else wanting this feature to vote and add feedback to the existing feature request at:

    AutoSSL/cPanel SSL on server hostname for Apache

    Thank you.
     
Loading...

Share This Page