How to install the SSL certificate for all subdomains?

[leobibiano]

CPanel automatically installed the SSL certificate in the primary domain. So far so good (attached image).

However, the problem is in the subdomains. For example: sandbox.
In Manage SSL Hosts, everything is fine with the SSL from sandbox. (attached image). But when I access it through the browser, the "Not secure" message continues (image attached).

In another cPanel account that I used, the certificate was installed automatically and always contained the message "Secure". But I'm having problems with this one.

Could it be some misconfiguration? Can someone help me? I have access to the WHM root user.

Thank you.

 

[kodeslogic]

Currently, the SSL you have on sandbox.patamar.app.br is self-signed certificate and not certificate authority (CA) issued for which the browser won't show a secure green padlock.

You can uninstall the current self-signed certificate and reinstall the SSL from AutoSSL option in WHM WHM > SSL-TLS > Manage AutoSSL

Manage AutoSSL | cPanel & WHM Documentation

This interface allows you to manage the AutoSSL feature, which automatically installs domain-validated SSL certificates for the Apache®, Dovecot®, Exim, Web Disk, and cPanel Server services for users' domains.

docs.cpanel.net

 

[leobibiano]

Currently, the SSL you have on sandbox.patamar.app.br is self-signed certificate and not certificate authority (CA) issued for which the browser won't show a secure green padlock.

You can uninstall the current self-signed certificate and reinstall the SSL from AutoSSL option in WHM WHM > SSL-TLS > Manage AutoSSL

Thanks for the answer.

I performed the procedure as instructed, now it appears that it was issued by cPanel but still the message "Not secure". (Attached image)

 

[kodeslogic]

From what I see AutoSSL is yet not installed for sub-domain sandbox.

 

[leobibiano]

From what I see AutoSSL is yet not installed for sub-domain sandbox.patamar.app.br

I'll tell you what procedures I did:

In cPanel, I entered Manage SSL Hosts, clicked on Unistall in the line where there was a certificate installed for sandbox.
Then, the line that included the installation of this subdomain disappeared.

Then I accessed WHM -> SSL / TLS -> Manage AutoSSL and clicked on Run AutoSSL For All Users. The message "AutoSSL is now checking all users. The process has ID 19138."

That's what I did. Is correct?

 

[kodeslogic]

Yes, that is correct. If there are many accounts then process ID 19138 may take some time, wait till it completes.
Just running AutoSSL for "patamar" only would be quicker.

 

[leobibiano]

Yes, that is correct. If there are many accounts then process ID 19138 may take some time, wait till it completes.
Just running AutoSSL for "patamar" only would be quicker.

I only have this account with this primary domain.
I checked the list of ongoing processes, ID 19138 is not there, I believe it has already been finalized.

Is there anything else that can be done?

 

[kodeslogic]

Please share AutoSSL logs for analysis.

 

[leobibiano]

Please share AutoSSL logs for analysis.

***Moderator note: I've removed the log entries with the domain name but the primary error is the following:

WARN Sectigo HTTP DCV verification failure (www.ss.subdomain.tl.d): (XID zyrkx3) The system failed to set the permissions on “/home/patamarapp/public_html/sistema_imobiliario/patamar-adm/.well-known/pki-validation” to “0755” (as EUID: 1002, EGID: 1004 1004) because of the following error: Operation not permitted

 

[kodeslogic]

Please review the ownership values configured on the /home/patamarapp/public_html/sistema_imobiliario/patamar-adm/.well-known/pki-validation directory to ensure they are owned by the account user and share output for the below command:

lsattr -d /home/patamarapp/public_html/sistema_imobiliario/patamar-adm/.well-known/pki-validation

 

[cPanelLauren]

@kodeslogic has the right of it, this isn't a DCV failure it looks like an ownership issue or an inability to modify the file within that directory.

 

[leobibiano]

Please review the ownership values configured on the /home/patamarapp/public_html/sistema_imobiliario/patamar-adm/.well-known/pki-validation directory to ensure they are owned by the account user and share output for the below command:

lsattr -d /home/patamarapp/public_html/sistema_imobiliario/patamar-adm/.well-known/pki-validation

I tried to run the suggested code, but I received the following error:

lsattr: Permission denied while trying to stat /home/patamarapp/public_html/sistema_imobiliario/patamar-adm/.well-known/pki-validation

I ran it through the root user. I should have permission for everything, right?

 

[kodeslogic]

Yes, As a root user you should have all permission.

You can contact a certified System Administrator to help you with this Or Open a ticket to cPanel Support Team

 

[leobibiano]

Yes, As a root user you should have all permission.

You can contact a certified System Administrator to help you with this Or Open a ticket to cPanel Support Team

I think I managed to execute it by inserting the command "sudo" before the main one.

He returned to me like this:

---------------- /home/patamarapp/public_html/sistema_imobiliario/patamar-adm/.well-known/pki-validation

What do I do now? Do I try to run AutoSSL again?

 

[kodeslogic]

Execute below two commands in the given sequence

cd /home/patamarapp/public_html/sistema_imobiliario/patamar-adm/
find . -type d -exec chmod 755 {} \;

After this again check output it should as below

lsattr -d /home/patamarapp/public_html/sistema_imobiliario/patamar-adm/.well-known/pki-validation

drwxr-xr-x /home/patamarapp/public_html/sistema_imobiliario/patamar-adm/.well-known/pki-validation

FYI: Use sudo if required.

 

[leobibiano]

Execute below two commands in the given sequence

cd /home/patamarapp/public_html/sistema_imobiliario/patamar-adm/
find . -type d -exec chmod 755 {} \;

After this again check output it should as below

lsattr -d /home/patamarapp/public_html/sistema_imobiliario/patamar-adm/.well-known/pki-validation

drwxr-xr-x /home/patamarapp/public_html/sistema_imobiliario/patamar-adm/.well-known/pki-validation

FYI: Use sudo if required.

I executed the commands as you instructed me.

Below are the returns:

[centos@ip-172-31-22-177 patamar-adm]$ find . -type d -exec chmod 755 {} \;
[centos@ip-172-31-22-177 patamar-adm]$ lsattr -d /home/patamarapp/public_html/sistema_imobiliario/patamar-adm/.well-known/pki-validation
---------------- /home/patamarapp/public_html/sistema_imobiliario/patamar-adm/.well-known/pki-validation
[centos@ip-172-31-22-177 patamar-adm]$ drwxr-xr-x /home/patamarapp/public_html/sistema_imobiliario/patamar-adm/.well-known/pki-validation
-bash: drwxr-xr-x: command not found
[centos@ip-172-31-22-177 patamar-adm]$

 

[kodeslogic]

Try

cd /home/patamarapp/public_html/sistema_imobiliario/patamar-adm/

sudo chmod -R 755 .well-known

 

[leobibiano]

I think I solved it. I removed the pki-validation folder and started AutoSSL.
Apparently he created a new one, without permission problems.

I looked in my cPanel, all subdomains are valid AutoSSL now.
However, accessing through the browser still counts as "Not secure". Is it necessary to wait a while to be propagated?

 

[kodeslogic]

Happy to hear finally SSL is installed

Force HTTPS Redirection | cPanel Blog

HTTPS provides a level of security and encryption protecting the transfer of your data across the internet.

blog.cpanel.com

 

[leobibiano]

Thank you all for your efforts to help me.