How to generate Hostname SSL without AutoSSL

gwen_the_hen

Member
Sep 3, 2016
22
4
3
Worcester
cPanel Access Level
Root Administrator
Hello,

One of my servers recently emailed me an SSL certificate for the hostname, which I installed and has been working great. AutoSSL is disabled on this server.

I now have a new server where this hasn't happened, and I can't find any way to generate the SSL for the server's hostname. Can anyone help?
 

gwen_the_hen

Member
Sep 3, 2016
22
4
3
Worcester
cPanel Access Level
Root Administrator
Hello,

I've had a look through there but there aren't any certificates for the hostname. I can see certificates for the default hostname (this is what the server came with but I updated it to my own hostname almost immediately, and that was a couple of months ago). I think I must have selected 'Reseller Owner' by mistake, I rent the VPS myself from Heart Internet.

Thanks for the response.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463
I now have a new server where this hasn't happened, and I can't find any way to generate the SSL for the server's hostname. Can anyone help?
Hello,

Free cPanel-signed certificates for the hostname are generated as of cPanel 56. Here's the relevant quote from the cPanel 56 Release Notes:

Free cPanel-signed hostname certificate
As part of the introduction of this feature, cPanel offers valid cPanel & WHM license holders a free cPanel-signed hostname certificate for your server's services. This replaces the certificates for these services that meet any of the following conditions:
  • Has a weak signature algorithm. — New in version 56
  • Revoked. — New in version 56
  • Self-signed.
  • Invalid (For example, your server's hostname must be valid and resolve in DNS).
  • Expires in less than one week.
Note:
Comodo™ cross-signs these cPanel-signed certificates for additional security.

Your server will automatically order the free signed certificate when the server runs the /usr/local/cpanel/bin/checkallsslcerts tool as part of the upcp maintenance script and connects to the license server. The server will download and install the certificate when it is available.

When that signed certificate is less than seven days from expiration, your server will automatically order a replacement free signed certificate. The server will download and install the certificate when it is available. Otherwise, if the signed certificate expires, the server will install a self-signed certificate, and then replace that certificate with the free signed certificate when it is ready.

If you wish to replace your services certificate with one from another provider, use WHM's Manage Service SSL Certificates interface (Home >> Service Configuration >> Manage Service SSL Certificates).

Important:
  • Your server's hostname must be valid and resolve in DNS.
  • Your server must have a valid cPanel & WHM license.
  • This system will only replace self-signed or expired certificates. It will not replace an existing valid certificate from a certificate authority.
Important:

You can disable the free cPanel-signed hostname certificate. You can configure this setting in Manage2's Update Company Information interface (Dashboard >> Company >> Update Company Information).

For more information, see the section on updated features in Manage2.
Could you verify which version of cPanel is installed on this system, and that /var/cpanel/ssl/disable_auto_hostname_certificate doesn't exist as a file on the system?

Code:
cat /usr/local/cpanel/version
stat /var/cpanel/ssl/disable_auto_hostname_certificate
Thank you.
 

gwen_the_hen

Member
Sep 3, 2016
22
4
3
Worcester
cPanel Access Level
Root Administrator
Hi,

I've checked and that file isn't there. It does look like the certificate has been generated, but it seems to be for the main domain rather than the server itself. The hostname is [removed] but the only SSL I can see generated by cPanel is for [Removed]

I'm running 11.58.0.25 according to the command you provided.

Thanks.
 
Last edited by a moderator:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463
Do you have access to Manage2 as a license holder? If so, check to see if the installation of free cPanel-signed hostname certificates is disabled via "Manage2 >> Dashboard >> Company >> Update Company Information". Otherwise, please report this issue to your license provider to determine if that feature is disabled.

Thank you.
 

gwen_the_hen

Member
Sep 3, 2016
22
4
3
Worcester
cPanel Access Level
Root Administrator
Hello,

Apparently this feature is enabled. It looks like the SSL has been issued, but it's been issued to the full domain, rather than the sub-domain that is set up as my hostname. The hostname is server.example.com but the cPanel issued SSL has been issued to example.com.

I have checked on a different server which doesn't have this problem and I can see that the SSL has been issued correctly to the sub-domain (see attached screenshot).

Can you advise further?

Thank you.
 
Last edited by a moderator:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463
Could you open a support ticket using the link in my signature so we can take a closer look and determine why that's happening? You can post the ticket number here so we can update this thread with the outcome.

Thank you.
 

gwen_the_hen

Member
Sep 3, 2016
22
4
3
Worcester
cPanel Access Level
Root Administrator
Got it sorted:

"The reason your server was not provisioned a new certificate is because there's already a "trusted" certificate for your server, which expireson September 7th, 2017.


If you wish to use a cPanel-provided hostname certificate, please navigate to WHM -> Service Configuration -> Manage Service SSL Certificates, and reset all 4 service groups certificates, and then navigate to WHM -> cPanel -> Upgrade to the Latest Version and perform an update. "

I had installed a different certificate when I was messing around with stuff, and this was blocking the cPanel issued one.

Thank you for your help.

Also, can I remove the attachment from my previous post as it contains details of my installation?
 
Last edited by a moderator: