The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Domain goes to default page after install trial SSL cert

Discussion in 'Security' started by Shane3673, Aug 25, 2014.

  1. Shane3673

    Shane3673 Well-Known Member

    Joined:
    Dec 20, 2013
    Messages:
    96
    Likes Received:
    1
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    First time messing with SSL Certs installed a trial cert for cpanel.domain.com to do some testing. I am going to get a wildcard cert for our domain but wanted to make sure that it would work for webmail/cpanel/whm.domain.com. Well I installed it. Now I get the default page when I try to go to cpanel.domain.com.
    webmail/whm.domain.com work still, with the untrusted message of course because the cert is not for those subdomains. The way I installed it was through whm, it gave me an error saying cpanel.domain.com is not a domain on the server so I tried installing it to domain.com. It gave me an error saying the cert doesn't match domain.com because it is setup for cpanel.domain.com and I needed to select an IP. I selected the IP that domain.com is on which is the shared IP. First of all I need to get cpanel.domain.com to work again. Then if someone could tell me what I did wrong, that would be great. I also tried removing the cert I just install and that did not fix it.
     
  2. Shane3673

    Shane3673 Well-Known Member

    Joined:
    Dec 20, 2013
    Messages:
    96
    Likes Received:
    1
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Re: cpanel.domain.com goes to default page after install trial SSL cert

    Okay, I removed the wrong thing when trying to delete the cert. Deleted some old stuff that didn't matter, thank god. I removed it from the right place and now it is back to normal. Still have the question of the correct way of installing a trial cert to cpanel.domain.com in order to get rid of the untrusted warning. I would imagine that a wildcard cert would be a whole lot easier that this and would work, but want to be sure before spending that much on one.
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Re: cpanel.domain.com goes to default page after install trial SSL cert

    Hello :)

    The Apache configuration uses the same certificate as cpsrvd for proxy subdomains. If the certificate is for a service such as cPanel/WHM, then you should install it via:

    "WHM Home » Service Configuration » Manage Service SSL Certificates"

    Thank you.
     
  4. Shane3673

    Shane3673 Well-Known Member

    Joined:
    Dec 20, 2013
    Messages:
    96
    Likes Received:
    1
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Re: cpanel.domain.com goes to default page after install trial SSL cert

    Thank you. That helps. New problem though. I paste the cert into that area and select it for cpanel/whm/webmail services click autofill by cert. It fills out everything but Private Key and will not let me continue because there is no private key. When I did it in the other area, it autofilled correctly.
     
  5. Shane3673

    Shane3673 Well-Known Member

    Joined:
    Dec 20, 2013
    Messages:
    96
    Likes Received:
    1
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Re: cpanel.domain.com goes to default page after install trial SSL cert

    Shit. Never mind. It is what I deleted while trying to fix.
     
  6. Shane3673

    Shane3673 Well-Known Member

    Joined:
    Dec 20, 2013
    Messages:
    96
    Likes Received:
    1
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Re: cpanel.domain.com goes to default page after install trial SSL cert

    I redid everything, got a new cert for cpanel.domain.com. Installed it for WHM/CPanel/Webmail service. The actually server I am trying it on has a hostname of cpanel2.domain.com because I have two servers, this one is a backup that is not always accessible from the outside. I am testing it from an inside computer on the same LAN which routes to this server instead of the main one for cpanel.domain.com. I tried it with two different certs. One for cpanel.domain.com and cpanel2.domain.com. I have them signed with verisign test certs. I installed the cert to firefox that they provided for testing the cert. Both of them still show up as untrusted and say that they are self signed certs. Has any got experience with verisign test certs with cpanel?
     
  7. Shane3673

    Shane3673 Well-Known Member

    Joined:
    Dec 20, 2013
    Messages:
    96
    Likes Received:
    1
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Installing SSL cert on services

    I got a trial cert to test from verisign. I installed it to all services. Removed all keys and certs from server. Followed all instructions for the test cert. When I go to cpanel.domain.com, it still uses a self signed cert. Why can I not install a cert to the services?
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Re: cpanel.domain.com goes to default page after install trial SSL cert

    Are you only experiencing the issue when using proxy subdomains? Is the certificate installed for both the service, and for the domain name through Apache?

    Thank you.
     
  9. Shane3673

    Shane3673 Well-Known Member

    Joined:
    Dec 20, 2013
    Messages:
    96
    Likes Received:
    1
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Re: cpanel.domain.com goes to default page after install trial SSL cert

    At the moment, I removed it from everything and went back to random generated self-sign keys. Basically I want SSL to not give an error when end-users type in webmail.domain.com or cpanel.domain.com, which I guess would be using proxy subdomains. This has always been the easiest to tell the end-users vs. www.domain.com/webmail or www.domain.com/cpanel so that is what everyone uses. I used to host on InMotion and they either prevented it from using SSL or had certs installed that worked and didn't give out errors. Now that I am hosting my own servers, we have always had the error and get very frequent calls from end-users freaking out thinking its not safe (thanks to google,microsoft, and mozilla telling them its not). I have to explain to them that it is safe and encrypted, the warning just means it cannot verify the server is what it says it is. Anyway, the to answer your questions:
    I have only tried it with the proxy subdomain of cpanel.domain.com because that is where I need it to work and the trial cert was created for cpanel.domain.com. It should be noted that the servers actual hostname is cpanel2.domain.com.
    After the first problem I had of getting with the default page coming up for cpanel.domain.com, I removed it from Apache which fixed that problem. Then installed it in WHM/Service Config/SSL and no matter what I do, I cannot get it to work.
    I have contacted support at verisign also. Here is everything that I explained to them:
    I am using WHM 11.44.1 (build 17) which is the latest stable build. I am trying to use it for cpanel.domain.com, which takes you to a secured login for the Cpanel interface. First I installed it wrong trying to install it in apache because CPanel recognizes cpanel.domain.com as a service not as a subdomain. After asking in Cpanel forums, I was told that it needed to be installed into WHM/Service Config/SSL Certs. I installed the cert to the Cpanel/WHM/Webmail service using the cert and provider cert from the email and your website and the private key that was used to create the request. I did not get any errors while installing the cert. I did this on a backup server that is not accessible from the internet at this time. The hostname for this server is actually cpanel2.domain.com, but cpanel.domain.com resolves to the correct place I am trying to go on a computer that is on the same LAN. I installed the client test cert from your website on both IE and Firefox. After trying cpanel.domain.com, it still said I have a self-signed cert error. At one point I was able to get firefox to recognize the cert from verisign and list the information but still gave me the error page saying it was invalid but when I tried to add execption it would say it is valid but I could not get past the error. I can't remember if this was the cert I had created for cpanel.domain.com or cpanel2.domain.com. Next I thought I would try it on the main server that does have access from the outside internet so I could use your tool. I used the cpanel.domain.com cert, the cert from your website, and the private key I created on the other server when I made the cert request. It installed fine on the WHM/Cpanel/Webmail service. This server, I could never get to show the verisgn info for the cert, always said it was self-signed. Used your test online, said same thing. Your test requested I remove the other self-signed certs from the server so I set all services on this cert and removed all the certs and keys under WHM/SSL/TLS/SSL Storage Manager. Still got the same thing. Since then I reset both servers back to use newly made self-signed keys and certs until I can figure out how exactly to do it.

    This is what I am trying to do:
    We have 2 servers that are set to the same IPs, a /27. They sync with each other using rsync using private IPs and private SSH keys. The main server has a hostname of cpanel1.domain.com. The backup server has a hostname of cpanel2.domain.com. If cpanel1 has issues, I can use OSPF routing to switch to cpanel2 within minutes. A lot faster that DNS switching. The rsync always me to have email up to date whenever I have to switch quick, which is very rare. This allows me to have 99% uptime during outages and updates. We are a WISP, so we have our own IPs and have complete control of the machines and network that they are on. We host webpages and email for other people and businesses. For people to edit there webpages, add emails, etc. they go to cpanel.domain.com. To check webmail, they go to webmail.domain.com. For me to log into WHM, I can go to whm.domain.com, don't usually go this way so not as important. I like having these SSL forced as to not have passwords compromised. I don't really care about having to add exception in my browser, but end-users freak out when they see that screen and call in. My company is going to buy a wildcard cert for *.domain.com to use on these two servers and a hotspot radius server, but before I spend my companies money, I need to be sure it is going to work for this which is why I am trying to use a trial cert right now.

    I guess questions would be:
    Do I create a key/cert for the hostname of the server or for the address in which I am typing in my browser?
    Will the SSH keys I am using for rsync with root access effect the SSL certs I am trying to setup, even though they do not show up in Cpanel, WHM, Apache?
    I am supposed to be removing the self-signed cert from a different location other than WHM/Service Config./SSL Certs. and WHM/SSL/TLS/SSL Storage Manager?
    Am I missing a step?
    Will a Wildcard SSL cert for *.domain.com work for webpages including hotspot.domain.com and www.domain.com? (pretty sure this is a yes with no issues) Will a Wildcard SSL cert for *.domain.com work for Cpanel services including cpanel.domain.com, whm.domain.com, webmail.domain.com, ftp.domain.com, mail.domain.com?
    Will a Wildcard SSL cert for *.domain.com work for the 3 servers I need it installed on?

    I do understand that the trial cannot be a wildcard cert so some of these questions don't pertain to the task at hand so for the trial cert specifically:
    Can I put one cert on both servers using the same key for the service cpanel.domain.com or do I need to use each servers hostname, which means one cert would be for cpanel1.domain.com and the other would be cpanel2.domain.com?
     
    #9 Shane3673, Aug 26, 2014
    Last edited: Aug 26, 2014
  10. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Re: cpanel.domain.com goes to default page after install trial SSL cert

    Are you referring to a wildcard SSL certificate or a UCC/Multi-Domain certificate? Could you open a support ticket with the certificate installed so we can take a closer look and determine why it's not working as intended? It's easier to troubleshoot an issue like this if we see exactly how it's configured. You can post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
  11. Shane3673

    Shane3673 Well-Known Member

    Joined:
    Dec 20, 2013
    Messages:
    96
    Likes Received:
    1
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Re: cpanel.domain.com goes to default page after install trial SSL cert

    Eventually, I am going to get a wildcard cert, but want to test with a trial cert for cpanel.jcwifi.com. Verisign support said I must be missing some step in installing the cert, but don't have enough info on WHM/CPanel in order to tell me what I am doing wrong. I will install the cert on the server that is accessible from the internet and put in a ticket.
     
  12. Shane3673

    Shane3673 Well-Known Member

    Joined:
    Dec 20, 2013
    Messages:
    96
    Likes Received:
    1
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Verisign gave me wrong information about hostname vs the site you type in. Cpanel said it needs to be the hostname for this. Also I was installing it wrong I guess.
     
  13. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Thank you for taking the time to update this thread with the outcome.
     
  14. Shane3673

    Shane3673 Well-Known Member

    Joined:
    Dec 20, 2013
    Messages:
    96
    Likes Received:
    1
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Okay. Another Update after getting a new cert and working with support again. I was installing the correct cert and the correct way. I needed to regenerate the httpd.conf afterward in order for it to work.
     
Loading...

Share This Page