keep getting xx-xx-xx-xx.cprapid.com in my SSL certificates under my hostname in Ubuntu cpanel setup

Spirogg

Well-Known Member
Feb 21, 2018
700
161
43
chicago
cPanel Access Level
Root Administrator
I setup dev cpanel account with Ubuntu cPanel 102.2
I added my ns1 ns2 and IP address
I changed hostname to server2.mydomain.tld
I performed a dns cleanup
restarted DNS
restarted named via ssh
soft reboot of server

went to terminal and ran
Code:
/usr/local/cpanel/bin/checkallsslcerts
then got a few errors and it kept saying its using my ip and cprapid.com
under host certificates I see this below?

Code:
server2.mydomain.tld, xx-xx-xx-xx.cprapid.com, cpanel.server2.mydomain.tld, cpcalendars.mydomain.tld, cpcontacts.server2.mydomain.tld, mail.xx-xx-xx-xx.cprapid.com, mail.server2.mydomain.tld, webmail.server2.mydomain.tld, whm.server2.mydomain.tld, www.xx-xx-xx-xx.cprapid.com, and www.server2.mydomain.tld
why does it keep adding xx-xx-xx-xx.cprapid.com and my hostname?
when i go to my server2.mydomain.tld:2087 it works but when it's getting the certificate it keeps adding cprapid as well not just my hostname?

everything else in cpanel under dns is showing ok and only ns1 ns1 .mydomain.tld are showing in nameservers list host name is showing correctly

Just don;t know how I can get rid of the xx-xx-xx-xx.cprapid.com

any Idea where I can go to remove and get rid of the cprapid.com
and then rerun
Code:
/usr/local/cpanel/bin/checkallsslcerts
to only have SSL cert for my hostname


when I view the certificate in Firefox under
Subject alt Names
DNS Name server2,mydomain.tld
DNS Name xx-xx-xx-xx.cprapid.com
and the www,
and the mail.

am I missing something or something changed. my other dev that is AlmaLinux and cPanel 100 worked perfect no cprapid in certificate?

Thank you
Kind Regards
Spiro
 
Last edited by a moderator:

quietFinn

Well-Known Member
Feb 4, 2006
1,701
352
438
Finland
cPanel Access Level
Root Administrator
If you look in /etc/hosts you might see xx-xx-xx-xx.cprapid.com there. You can just remove that.
 
  • Love
Reactions: Spirogg

Spirogg

Well-Known Member
Feb 21, 2018
700
161
43
chicago
cPanel Access Level
Root Administrator
Did you use the WHM >> Change Hostname function? While I agree with @quietFinn as that is the most likely place, if a WHM function was used it should be cleaning up the old hostname properly.

Hello I Used the WHM >> Change Hostname Function.
If you look in /etc/hosts you might see xx-xx-xx-xx.cprapid.com there. You can just remove that.
you were correct I just removed it from there restarted named and rebooted server just to make sure. now waiting to boot and try again

crossing my fingers :)

Kind Regards,
Spiro
 

Spirogg

Well-Known Member
Feb 21, 2018
700
161
43
chicago
cPanel Access Level
Root Administrator
Did you use the WHM >> Change Hostname function? While I agree with @quietFinn as that is the most likely place, if a WHM function was used it should be cleaning up the old hostname properly.
yes I changed from WHM>> Hostname Function

Thanks for your reply - for some reason its not removing it from /etc/hosts

Kind Regards,
Spiro
 

Spirogg

Well-Known Member
Feb 21, 2018
700
161
43
chicago
cPanel Access Level
Root Administrator
@quietFinn @cPRex

Code:
127.0.0.1               localhost
127.0.1.1               localhost

# The following lines are desirable for IPv6 capable hosts
::1             localhost ip6-localhost ip6-loopback
fe00::0         ip6-localnet
ff00::0         ip6-mcastprefix
ff02::1         ip6-allnodes
ff02::2         ip6-allrouters
xx.xx.xx.xx          server2.mydomain.tld server2 xx-xx-xx-xx.cprapid.com xx-xx-xx-xx
I removed the line
Code:
server2 xx-xx-xx-xx.cprapid.com xx-xx-xx-xx
and now it looks like this ( DOES THIS LOOK CORRECT) or should my IP be at the end as well ?
Code:
127.0.0.1               localhost
127.0.1.1               localhost

# The following lines are desirable for IPv6 capable hosts
::1             localhost ip6-localhost ip6-loopback
fe00::0         ip6-localnet
ff00::0         ip6-mcastprefix
ff02::1         ip6-allnodes
ff02::2         ip6-allrouters
xx.xx.xx.xx          server2.mydomain.tld
thanks for your help
Spiro
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
12,499
1,971
363
cPanel Access Level
Root Administrator
I did some research into this and cPanel does keep a record of the old hostnames, both in the /etc/hosts file and in the /var/cpanel/hostname_history.json file. The hostname certificates do get issued for old hostnames as well, just in case there is anything still referencing it.

This has caused an issue in the past (COBRA-13308 - not able to switch from self-signed to DC certificates) but at this time I wouldn't expect it to cause problems - the other hostnames are added to the certificate "just in case"

Other than the cosmetic oddity of them showing up, are you seeing this causing problems with the SSL system?
 
  • Like
Reactions: Lee Roberts

quietFinn

Well-Known Member
Feb 4, 2006
1,701
352
438
Finland
cPanel Access Level
Root Administrator
I think it should be:
xx.xx.xx.xx server2.mydomain.tld server2
 

Spirogg

Well-Known Member
Feb 21, 2018
700
161
43
chicago
cPanel Access Level
Root Administrator
I did some research into this and cPanel does keep a record of the old hostnames, both in the /etc/hosts file and in the /var/cpanel/hostname_history.json file. The hostname certificates do get issued for old hostnames as well, just in case there is anything still referencing it.

This has caused an issue in the past (COBRA-13308 - not able to switch from self-signed to DC certificates) but at this time I wouldn't expect it to cause problems - the other hostnames are added to the certificate "just in case"

Other than the cosmetic oddity of them showing up, are you seeing this causing problems with the SSL system?
nothing that i can see it did add my hostname to SSL Cert and seemed to work.
just thought it would look non professional for a business if someone looks at the certificate and sees another domain other than yours on the certificate. hostname. I guess.

thanks for your help as always

Spiro
 

Spirogg

Well-Known Member
Feb 21, 2018
700
161
43
chicago
cPanel Access Level
Root Administrator
I think it should be:
xx.xx.xx.xx server2.mydomain.tld server2

@quietFinn I did what you said, and now I tried got a couple errors about cpanel not available to give certs.. tried again now and it did it,

@cPRex but added the xx-xx-xx-xx-cpraid.com address again even though I removed it.. on my other dev setup with AlmaLinux and cPanel 100 it does not add the xx-xx-xx-xx-cpraid.com

why would you still be forced to use this BS hostname - on Ubuntu cPanel 102 ?

[EDIT] why AlmaLinux and cPanel does not ?
Answer

Verified
Code:
/var/cpanel/hostname_history.json   is non existent in my production server AlmaLinux and cPanel 100.0.9

is it the version Ubuntu and cPanel102 ?
or just cPanel 102?

this is the file it keeps as @cPRex said /var/cpanel/hostname_history.json

If we delete this, will it ruin the setup ?


thanks
Spiro
 
Last edited:

Spirogg

Well-Known Member
Feb 21, 2018
700
161
43
chicago
cPanel Access Level
Root Administrator
@cPRex Now this is weird

Just looking at /etc/hosts on my production server (it's a different IP) and server hostname.

I see my Developers server IP with cpraid.com address which we are talking about in the above posts.

why did it add the hostname cpraid from one server to production server ?

- Is it because that is my production cPanel license?

- ( but if so why the other developers lic with AlmaLinux and cPanel does not show up there?)

that is weird it would edit my production server in /etc/hosts and add that IP ?
how is this possible does seems a little fishy to me.

Spiro
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
12,499
1,971
363
cPanel Access Level
Root Administrator
From what I can see, we rest /etc/hosts to match data in /var/cpanel/hostname_history.json.

SSLs always get issued with multiple SAN names - that's how the AutoSSL system issues certificates for multiple domain names under one vhost.
 

Spirogg

Well-Known Member
Feb 21, 2018
700
161
43
chicago
cPanel Access Level
Root Administrator
From what I can see, we rest /etc/hosts to match data in /var/cpanel/hostname_history.json.

SSLs always get issued with multiple SAN names - that's how the AutoSSL system issues certificates for multiple domain names under one vhost.
@cPRex

Ok. I figured out how I got the Ubuntu server ip cpraid.com on my production server.
I must be getting old.
When installing new server AlmaLinux I used 1235ip
Temporarily for install new server and cPanel
Transfer from 1234ip cPanel all accounts
Closed my centos7 machine and changed ips to my old server. So it stayed in /etc/hosts. So I will just remove it.
100 version AlmaLinux does not have the old json file that 102 has.
 
  • Like
Reactions: cPRex

Spirogg

Well-Known Member
Feb 21, 2018
700
161
43
chicago
cPanel Access Level
Root Administrator
Just found this on cPanel support shows you how to set .json file to a bak and then When running the cPanel AutoSSL check, /usr/local/cpanel/bin/checkallsslcerts it does not show this xx.xx.xx.xx.cpraid.com any longer.
Workaround
Move or remove the following file and rerun the AutoSSL service.

mv /var/cpanel/hostname_history.json /root/hostname_history.json.backup
/usr/local/cpanel/bin/checkallsslcerts



 

Spirogg

Well-Known Member
Feb 21, 2018
700
161
43
chicago
cPanel Access Level
Root Administrator
Stale hostname CSRs causes the cPanel store to fail creating an SSL order
Workaround

Symptoms

When a stale hostname CSR is detected, the checkallsslcerts script is unable to create an order for a new hostname SSL.



Description
When a stale hostname CSR is detected, the system is unable to get an SSL for the hostname and fails with the following message:
Code:
The system failed to acquire a signed certificate from the cPanel Store because of the following error: The system failed to acquire a signed certificate from the cPanel Store. at bin/checkallsslcerts.pl line 607.
We've opened an internal case for our development team to investigate this further. For reference, the case number is CPANEL-38478. Follow this article to receive an email notification when a solution is published in the product.



I also read this that helped me on one server.

At this moment in time, moving the hostname CSR out of the way allows for the script to complete and put in an order for a new hostname SSL.

mv /var/cpanel/hostname_cert_csrs{,.cpbkp} -v

then ran this
/usr/local/cpanel/bin/checkallsslcerts