keep getting xx-xx-xx-xx.cprapid.com in my SSL certificates under my hostname in Ubuntu cpanel setup

[Spirogg]

I setup dev cpanel account with Ubuntu cPanel 102.2
I added my ns1 ns2 and IP address
I changed hostname to server2.mydomain.tld
I performed a dns cleanup
restarted DNS
restarted named via ssh
soft reboot of server

went to terminal and ran

/usr/local/cpanel/bin/checkallsslcerts

then got a few errors and it kept saying its using my ip and cprapid.com
under host certificates I see this below?

server2.mydomain.tld, xx-xx-xx-xx.cprapid.com, cpanel.server2.mydomain.tld, cpcalendars.mydomain.tld, cpcontacts.server2.mydomain.tld, mail.xx-xx-xx-xx.cprapid.com, mail.server2.mydomain.tld, webmail.server2.mydomain.tld, whm.server2.mydomain.tld, www.xx-xx-xx-xx.cprapid.com, and www.server2.mydomain.tld

why does it keep adding xx-xx-xx-xx.cprapid.com and my hostname?
when i go to my server2.mydomain.tld:2087 it works but when it's getting the certificate it keeps adding cprapid as well not just my hostname?

everything else in cpanel under dns is showing ok and only ns1 ns1 .mydomain.tld are showing in nameservers list host name is showing correctly

Just don;t know how I can get rid of the xx-xx-xx-xx.cprapid.com

any Idea where I can go to remove and get rid of the cprapid.com
and then rerun

/usr/local/cpanel/bin/checkallsslcerts

to only have SSL cert for my hostname


when I view the certificate in Firefox under
Subject alt Names
DNS Name server2,mydomain.tld
DNS Name xx-xx-xx-xx.cprapid.com
and the www,
and the mail.

am I missing something or something changed. my other dev that is AlmaLinux and cPanel 100 worked perfect no cprapid in certificate?

Thank you
Kind Regards
Spiro

 

[quietFinn]

If you look in /etc/hosts you might see xx-xx-xx-xx.cprapid.com there. You can just remove that.

 

[cPRex]

Did you use the WHM >> Change Hostname function? While I agree with @quietFinn as that is the most likely place, if a WHM function was used it should be cleaning up the old hostname properly.

 

[Spirogg]

Did you use the WHM >> Change Hostname function? While I agree with @quietFinn as that is the most likely place, if a WHM function was used it should be cleaning up the old hostname properly.

Hello I Used the WHM >> Change Hostname Function.

If you look in /etc/hosts you might see xx-xx-xx-xx.cprapid.com there. You can just remove that.

you were correct I just removed it from there restarted named and rebooted server just to make sure. now waiting to boot and try again

crossing my fingers

Kind Regards,
Spiro

 

[Spirogg]

Did you use the WHM >> Change Hostname function? While I agree with @quietFinn as that is the most likely place, if a WHM function was used it should be cleaning up the old hostname properly.

yes I changed from WHM>> Hostname Function

Thanks for your reply - for some reason its not removing it from /etc/hosts

Kind Regards,
Spiro

 

[Spirogg]

@quietFinn @cPRex

127.0.0.1               localhost
127.0.1.1               localhost

# The following lines are desirable for IPv6 capable hosts
::1             localhost ip6-localhost ip6-loopback
fe00::0         ip6-localnet
ff00::0         ip6-mcastprefix
ff02::1         ip6-allnodes
ff02::2         ip6-allrouters
xx.xx.xx.xx          server2.mydomain.tld server2 xx-xx-xx-xx.cprapid.com xx-xx-xx-xx

I removed the line

server2 xx-xx-xx-xx.cprapid.com xx-xx-xx-xx

and now it looks like this ( DOES THIS LOOK CORRECT) or should my IP be at the end as well ?

127.0.0.1               localhost
127.0.1.1               localhost

# The following lines are desirable for IPv6 capable hosts
::1             localhost ip6-localhost ip6-loopback
fe00::0         ip6-localnet
ff00::0         ip6-mcastprefix
ff02::1         ip6-allnodes
ff02::2         ip6-allrouters
xx.xx.xx.xx          server2.mydomain.tld

thanks for your help
Spiro

 

[cPRex]

I did some research into this and cPanel does keep a record of the old hostnames, both in the /etc/hosts file and in the /var/cpanel/hostname_history.json file. The hostname certificates do get issued for old hostnames as well, just in case there is anything still referencing it.

This has caused an issue in the past (COBRA-13308 - not able to switch from self-signed to DC certificates) but at this time I wouldn't expect it to cause problems - the other hostnames are added to the certificate "just in case"

Other than the cosmetic oddity of them showing up, are you seeing this causing problems with the SSL system?

 

[quietFinn]

I think it should be:
xx.xx.xx.xx server2.mydomain.tld server2

 

[Spirogg]

I did some research into this and cPanel does keep a record of the old hostnames, both in the /etc/hosts file and in the /var/cpanel/hostname_history.json file. The hostname certificates do get issued for old hostnames as well, just in case there is anything still referencing it.

This has caused an issue in the past (COBRA-13308 - not able to switch from self-signed to DC certificates) but at this time I wouldn't expect it to cause problems - the other hostnames are added to the certificate "just in case"

Other than the cosmetic oddity of them showing up, are you seeing this causing problems with the SSL system?

nothing that i can see it did add my hostname to SSL Cert and seemed to work.
just thought it would look non professional for a business if someone looks at the certificate and sees another domain other than yours on the certificate. hostname. I guess.

thanks for your help as always

Spiro

 

[Spirogg]

I think it should be:
xx.xx.xx.xx server2.mydomain.tld server2

@quietFinn I did what you said, and now I tried got a couple errors about cpanel not available to give certs.. tried again now and it did it,

@cPRex but added the xx-xx-xx-xx-cpraid.com address again even though I removed it.. on my other dev setup with AlmaLinux and cPanel 100 it does not add the xx-xx-xx-xx-cpraid.com

why would you still be forced to use this BS hostname - on Ubuntu cPanel 102 ?

[EDIT] why AlmaLinux and cPanel does not ?
Answer

Verified

/var/cpanel/hostname_history.json   is non existent in my production server AlmaLinux and cPanel 100.0.9

is it the version Ubuntu and cPanel102 ?
or just cPanel 102?

this is the file it keeps as @cPRex said /var/cpanel/hostname_history.json

If we delete this, will it ruin the setup ?


thanks
Spiro

 

[Spirogg]

@cPRex Now this is weird

Just looking at /etc/hosts on my production server (it's a different IP) and server hostname.

I see my Developers server IP with cpraid.com address which we are talking about in the above posts.

why did it add the hostname cpraid from one server to production server ?

- Is it because that is my production cPanel license?

- ( but if so why the other developers lic with AlmaLinux and cPanel does not show up there?)

that is weird it would edit my production server in /etc/hosts and add that IP ?
how is this possible does seems a little fishy to me.

Spiro

 

[cPRex]

From what I can see, we rest /etc/hosts to match data in /var/cpanel/hostname_history.json.

SSLs always get issued with multiple SAN names - that's how the AutoSSL system issues certificates for multiple domain names under one vhost.

 

[Spirogg]

From what I can see, we rest /etc/hosts to match data in /var/cpanel/hostname_history.json.

SSLs always get issued with multiple SAN names - that's how the AutoSSL system issues certificates for multiple domain names under one vhost.

@cPRex

Ok. I figured out how I got the Ubuntu server ip cpraid.com on my production server.
I must be getting old.
When installing new server AlmaLinux I used 1235ip
Temporarily for install new server and cPanel
Transfer from 1234ip cPanel all accounts
Closed my centos7 machine and changed ips to my old server. So it stayed in /etc/hosts. So I will just remove it.
100 version AlmaLinux does not have the old json file that 102 has.

 

[cPRex]

If you haven't made any hostname changes, I wouldn't expect that json file to exist.

 

[Spirogg]

Ok thanks again for always helping.

 

[cPRex]

Anytime!

 

[Spirogg]

Just found this on cPanel support shows you how to set .json file to a bak and then When running the cPanel AutoSSL check, /usr/local/cpanel/bin/checkallsslcerts it does not show this xx.xx.xx.xx.cpraid.com any longer.
Workaround
Move or remove the following file and rerun the AutoSSL service.

mv /var/cpanel/hostname_history.json /root/hostname_history.json.backup
/usr/local/cpanel/bin/checkallsslcerts

https://support.cpanel.net/hc/en-us/articles/4406515008023?input_string=hostname+ssl+says+stale+or+null+errors+in+emails

 

[Spirogg]

Stale hostname CSRs causes the cPanel store to fail creating an SSL order
Workaround

Symptoms
When a stale hostname CSR is detected, the checkallsslcerts script is unable to create an order for a new hostname SSL.



Description
When a stale hostname CSR is detected, the system is unable to get an SSL for the hostname and fails with the following message:

The system failed to acquire a signed certificate from the cPanel Store because of the following error: The system failed to acquire a signed certificate from the cPanel Store. at bin/checkallsslcerts.pl line 607.

We've opened an internal case for our development team to investigate this further. For reference, the case number is CPANEL-38478. Follow this article to receive an email notification when a solution is published in the product.



I also read this that helped me on one server.

At this moment in time, moving the hostname CSR out of the way allows for the script to complete and put in an order for a new hostname SSL.

mv /var/cpanel/hostname_cert_csrs{,.cpbkp} -v

then ran this
/usr/local/cpanel/bin/checkallsslcerts