How to change SSL cert for WHM server itself?

Hi. I am setting up an WHM server on AWS for a client. I've never used WHM/cPanel before, but I am experienced with Linux servers.

The server has automatically installed an SSL/TLS certificate for the server's hostname, but I want to install a free wildcard cert from Let's Encrypt.

$ sudo /scripts/install_lets_encrypt_autossl_provider

I ran that script and selected Let's Encrypt as the certificate provider. Now what do I do to replace the server's own certificate? When I try the regular way in the terminal using CertBot I get an error saying that mod_ssl is not enabled in Apache, even though it is enabled in WHM, but I cannot alter the Apache configuration because of WHM.

 

The only way I can think of so far is to change DNS records so that the domain is used on another non-WHM server and to make the certificates there and then change the records back and somehow install them on the WHM server (using the web interface), but I would like to avoid having to do that.

 

It's so that some subdomains can be used, like mail.domain.com, whmcs.domain.com and cpanel.domain.com, some using SRV records pointing to the server services.

 

But, for example, currently when I go to https://cpanel.domain.com I get a Not Secure warning in Chrome, as the current certificate doesn't include that subdomain.

(for this example, it's a lot easier than remembering port numbers)

 

There are no errors in the log and currently there are no accounts.

As the subdomains I have created so far only exist as SRV records, I guess that making them as dummy websites in WHM/cPanel would be the way to having the subdomains included in the AutoSSL certificate? How would I do that?

Thanks.

 

This seems to be what I was looking for, at least for the SRV records, but it doesn't seem to be working.

At the moment, the server's FQDN hostname is hostname.domain.tld. WHM is accessed using https://hostname.domain.tld. The only domain in WHM >> DNS Function >> Edit DNS Zones is hostname.domain.tld and, for some reason, the four nameservers at AWS Route 53 (can these be deleted?).

Going to https://domain.tld shows an error message saying that there is no site there.

Both "Proxy subdomains" and "Proxy subdomain creation" are enabled by default in Tweak Settings.

This is what happens when I try to use the script:

Code:

# /scripts/proxydomains add --domain=domain.tld
Adding proxy subdomains for domain domain.tld.
The domain domain.tld is does not belong to any user on this system

# /scripts/proxydomains add --domain=hostname.domain.tld
Adding proxy subdomains for domain hostname.domain.tld.
The domain hostname.domain.tld is does not belong to any user on this system

# /scripts/proxydomains add --domain=domain.tld --subdomain=cpanel
Adding proxy subdomains for domain domain.tld.
The domain domain.tld is does not belong to any user on this system

# /scripts/proxydomains add --subdomain=cpanel
Adding proxy subdomains for all users.
This may take several minutes if there are many accounts on the system.

Nothing seems to have changed anywhere I look. Thanks.

 

Okay, I deleted the DNS zone for hostname.domain.tld and made a new one for domain.tld and made an A record for hostname within that zone.

Code:

# /scripts/proxydomains add --domain=domain.tld
Adding proxy subdomains for domain domain.tld.
domain.tld                   [ADD:A@cpcalendars:[B]127.0.0.1[/B], ADD:A@cpanel:[B]127.0.0.1[/B], ADD:A@whm:[B]127.0.0.1[/B], ADD:A@cpcontacts:[B]127.0.0.1[/B], ADD:A@webmail:[B]127.0.0.1[/B], ADD:A@webdisk:[B]127.0.0.1[/B]]

So these DNS records have been added. Do I just wait and the SSL certificate will be updated to include these subdomains?

Thanks.