Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Force SSL certificate install

Discussion in 'Security' started by John Schmerold, Apr 27, 2019.

Tags:
  1. John Schmerold

    John Schmerold Well-Known Member

    Joined:
    Apr 21, 2004
    Messages:
    74
    Likes Received:
    5
    Trophy Points:
    158
    Location:
    st. louis
    cPanel Access Level:
    Root Administrator
    I use /usr/local/cpanel/bin/autossl_check --user $account to install certificates.

    We have a number of certificates expiring in three weeks, we are switching from Let's Encrypt to cPanel's certificates, so I'd like to get the certificates replaced now. When I run "autossl_check --user $account" it sees the active certificate and takes no action.

    Is there an option to force the certificate update?

    I have removed all existing certificates, but that causes other problems.
     
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,272
    Likes Received:
    2,154
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. John Schmerold

    John Schmerold Well-Known Member

    Joined:
    Apr 21, 2004
    Messages:
    74
    Likes Received:
    5
    Trophy Points:
    158
    Location:
    st. louis
    cPanel Access Level:
    Root Administrator
    I was using FleetSSL, I uninstalled that plugin and am using the cPanel (powered by Sectigo) AutoSSL script. Fleet worked well, however I have come to rely on your excellent support, so I am working to reduce third party apps on our server.
     
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,272
    Likes Received:
    2,154
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    AutoSSL should install the new certificates as long as the existing certificates were removed. Can you open a support ticket so we can take a closer look to see why it's not issuing the certificates? You can post the ticket number here and I'll link this thread to it.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. John Schmerold

    John Schmerold Well-Known Member

    Joined:
    Apr 21, 2004
    Messages:
    74
    Likes Received:
    5
    Trophy Points:
    158
    Location:
    st. louis
    cPanel Access Level:
    Root Administrator
    If I remove the old certificates, AutoSSL works. Is there a command line to remove a user's certificates?
     
  6. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,272
    Likes Received:
    2,154
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. John Schmerold

    John Schmerold Well-Known Member

    Joined:
    Apr 21, 2004
    Messages:
    74
    Likes Received:
    5
    Trophy Points:
    158
    Location:
    st. louis
    cPanel Access Level:
    Root Administrator
    That's better than using the gui, but, the problem we then have is if we remove the SSL, then CloudFlare doesn't serve the page. So to get Sectigo to serve a certificate, we have to bypass CloudFlare, remove the old certs, order a Sectigo cert, then enable CloudFlare.

    That's a lot of work. I guess I don't mind if this is the only time we have to do this, will we have to go through this every 60 days on every domain?
     
  8. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,272
    Likes Received:
    2,154
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @John Schmerold,

    AutoSSL will automatically attempt renew the cPanel (Powered by Sectigo) certificates before the existing (Powered by Sectigo) certificate expires. Thus, the website will remain accessible via HTTPS throughout the renewal process (assuming that's the CloudFlare requirement you are referring to). If AutoSSL is unable to renew the certificate (e.g. domain validation fails for some reason) you will receive an alert before the certificate expires to let you know about the renewal failure.

    You can manage the AutoSSL notifications under the Options tab in WHM >> Manage AutoSSL.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice