Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Install AutoSSL cert without disrupting live site?

Discussion in 'Security' started by nivekau, Nov 4, 2018.

  1. nivekau

    nivekau Active Member

    Joined:
    Jul 22, 2011
    Messages:
    42
    Likes Received:
    3
    Trophy Points:
    58
    Location:
    Australia
    cPanel Access Level:
    Root Administrator
    My undertstanding is that AutoSSL requires mod_rewrite rules to work. Like this:

    RewriteEngine on

    RewriteCond %{HTTPS} !=on
    RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
    RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=302]

    But if I put this in the .htaccess file before I run AutoSSL, I get security warnings in the browser, but the same thing happens if I enable AutoSSL before editing the .htaccess file.

    What is the best way to enable AutoSSL and install the cPanel certificate without disrupting a live web site (so that visitors do not get a security warning)?
     
  2. linux4me2

    linux4me2 Well-Known Member

    Joined:
    Aug 21, 2015
    Messages:
    223
    Likes Received:
    57
    Trophy Points:
    28
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    I use WHM > Tweak Settings > Domains > Use a Global DCV Passthrough instead of .htaccess modification (requires EA4) set to "On" instead of .htaccess modification for each site for AutoSSL. With that set, I haven't had any issues with adding AutoSSL certificates to live sites at all, and despite the caution in Tweak Settings, haven't noticed any performance penalty or increase in site load times with it enabled. You might give it a try and see how it works.
     
    cPanelLauren and nivekau like this.
  3. nivekau

    nivekau Active Member

    Joined:
    Jul 22, 2011
    Messages:
    42
    Likes Received:
    3
    Trophy Points:
    58
    Location:
    Australia
    cPanel Access Level:
    Root Administrator
    Thanks linux4me2. Would I still need the http to https re-write in .htaccess ?
     
  4. nivekau

    nivekau Active Member

    Joined:
    Jul 22, 2011
    Messages:
    42
    Likes Received:
    3
    Trophy Points:
    58
    Location:
    Australia
    cPanel Access Level:
    Root Administrator
    I have enabled Global DCV Passthrough and my .htaccess file for the domain in question now reads:

    RewriteEngine on
    RewriteCond %{HTTPS} !=on
    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=302]

    However when I run AutoSSL check domain I get the following error in the log:

    6:51:38 PM WARN The domain “---------.com” failed domain control validation: “---------.com” does not resolve to any IPv4 addresses on the internet.

    The domain in question definitely does resolve to an IPv4 address on the internet.

    In Manage SSL Hosts it says the domain has a self signed certificate.

    Any suggestions please?
     
  5. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    5,752
    Likes Received:
    437
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    nivekau likes this.
  6. linux4me2

    linux4me2 Well-Known Member

    Joined:
    Aug 21, 2015
    Messages:
    223
    Likes Received:
    57
    Trophy Points:
    28
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    Yes, you should still include the HTTP to HTTPS redirect in case someone tries to access the site using an old HTTP link.
     
    nivekau likes this.
  7. nivekau

    nivekau Active Member

    Joined:
    Jul 22, 2011
    Messages:
    42
    Likes Received:
    3
    Trophy Points:
    58
    Location:
    Australia
    cPanel Access Level:
    Root Administrator
    Thanks linux4me2

    Thanks also CpanelLauren, there was a DNS problem! I resolved that and Cpanel installed the SSL certitificate. All good now :)
     
    cPanelLauren likes this.
  8. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    5,752
    Likes Received:
    437
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    HI @nivekau

    I'm glad to hear you were able to find the cause! Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice