Let's Encrypt Support

Status
Not open for further replies.

weetabix

Well-Known Member
Oct 26, 2006
62
4
158
I have a small problem with a site using the wrong url for the certificate, see this;

certmismatch.png
 

ElviCities

Member
Aug 9, 2012
22
7
53
cPanel Access Level
Root Administrator
Twitter
I have a small problem with a site using the wrong url for the certificate, see this;

View attachment 39921
In my experience, this error occurs when:
1.) You have multiple domains in the autossl queue being assigned SSL certs.
2.) 1 or more SSL certs have already been assigned to other domains.
3.) The SSL cert for the domain showing the wrong address in the cert has not yet been installed (still in the queue).

With this being said, it's weird that autossl will default one of the new SSL certs as a "Shared" cert until the actual cert for the domain is installed. Once it is installed, however, weetabix, this error goes away - and the proper cert will display.
 

WorkinOnIt

Well-Known Member
Aug 3, 2016
195
28
28
UK
cPanel Access Level
Root Administrator
This plugin is fabulous and an easy way to offer SSL to client domains - however, what is the best way to secure the hostname and webroot?

I'm using the cPanel Let's Encrypt plugin.
I currently have a self-signed certificate for myserver.example.com

When I go to clientdomain.com:2083 I get the "connection not secure"

So what is the best way to secure the webroot, mail etc? Is there a manual script I should run?
 

cPanelFelipe

Member
Staff member
Apr 10, 2013
14
10
78
When I go to clientdomain.com:2083 I get the "connection not secure"

So what is the best way to secure the webroot, mail etc? Is there a manual script I should run?
Hi there!

2083 is a port for cpsrvd, which doesn’t have SNI support in 11.58. You can use SSL/TLS with port 2083, but you’ll need to use one of the domains that’s on the certificate that’s installed for cpsrvd (most likely just the server’s hostname).

BONUS: In 11.60 you’ll find SNI support in cpsrvd and cpdavd. Ports 2083, 2087, and 2096 will work as you want them to, with the same SSL domains you normally use with websites. Everything installed for Apache will automatically do double-duty for cpsrvd and cpdavd. It should “just work”. :)
 
  • Like
Reactions: Infopro

WorkinOnIt

Well-Known Member
Aug 3, 2016
195
28
28
UK
cPanel Access Level
Root Administrator
Thanks for your update!

So is there a work around for now? When users go to e.g. https://theirdomain.com/webmail it presents the "not secure" warning. Also when setting up their mailclient with the myserverhostname.serverdomain.com https

You can use SSL/TLS with port 2083, but you’ll need to use one of the domains that’s on the certificate that’s installed for cpsrvd (most likely just the server’s hostname).
Can you provide a step by step? Thanks
 

Abrahamclado

Registered
Aug 29, 2016
3
0
1
kerala
cPanel Access Level
Root Administrator
Hi,
I have tried to enable Let's encrypt for all users. But whenever I am trying to access the page using https:// , it automatically redirected to another page and displays an error message like "SORRY". Can anyone help me to solve this issue.?

Thank You.
 

Attachments

WorkinOnIt

Well-Known Member
Aug 3, 2016
195
28
28
UK
cPanel Access Level
Root Administrator
In my experience, this error occurs when:
1.) You have multiple domains in the autossl queue being assigned SSL certs.
2.) 1 or more SSL certs have already been assigned to other domains.
3.) The SSL cert for the domain showing the wrong address in the cert has not yet been installed (still in the queue).
I waited 48hrs for mine to update!
 

ElviCities

Member
Aug 9, 2012
22
7
53
cPanel Access Level
Root Administrator
Twitter
I waited 48hrs for mine to update!
Very strange! Can you double check to make sure that you do not have any .htaccess rules for that domain that may be keeping the SSL from being issued? I have actually recently experienced this exact same behavior, where a SSL for a domain sits in the queue waiting for the SSL to be issued - but never does. Turns out, in the .htaccess file, there were rules that were blocking the authentication portion of the auto-ssl script from running. Once the .htaccess file was temporarily disabled - the SSL cert was promptly assigned. However, since it was around 48hours after the initial attempt, I went and re-requested the SSL via the auto-ssl section.

TLDR:
f you have a domain sitting in the autossl queue, and the SSL cert is never assigned:
1. Temporarily disable any .htaccess files in the webroot of the domain.
2. Re-request SSL cert for the domain via auto-ssl
3. ???
4. Profit.

After your brand new cert is installed - re-enable your .htaccess file so things work again on your site. But please note, if you go this route, you will have to disable your .htaccess again for renewal.

So in the long-run it would be best for you to investigate which particular rule in the .htaccess file is blocking the SSL auth process from running in the first place, to see if there is a compatible work-around.


Now, I must locate coffee, as ^^^Rambling.
[ElviCities has left the building]
 

ElviCities

Member
Aug 9, 2012
22
7
53
cPanel Access Level
Root Administrator
Twitter
I had found an error on my domain settings and I resolved that. But the problem still remains. I have attached the screenshot of log file here. Please check it and help me to resolve this issue.

First, if you go directly to your website (via https), it still shows that your default SSL certificate (a self signed?) from your VPS provider is installed. It is pointing to your vps hostname (hostname.vps.provider.ca). Obviously, the cert shows your real hostname, but for security reasons I didn't post it.
However, it also shows portions of the Cpanel/Comodo SSL cert being installed too. But not the complete certificate.

For this to be fixed, in WHM do the following:
1. Go to the "Manage SSL Hosts" portion of WHM.
2. Locate your domain in the list.
3. On the far right of your domain listed in the section, click the "Delete" link. This will not delete your domain, it will just delete all the SSL certificates that are currently (improperly) installed and/or configured to it.
4. Now go back to the auto-ssl section, and try disabling auto-ssl for that domain, then re-enabling it. If all goes well, you should now be the proud operator of a secured domain!
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,910
2,213
363
Hello,

This thread is closed for further discussion, however please feel free to open a new thread for issues encountered when using the Let's Encrypt plugin with AutoSSL functionality. This will allow us to investigate each issue separately.

Note that unresolved posts have been moved to their own threads for further investigation.

Thanks!
 
Status
Not open for further replies.