Need some help with creating SSL for server wide please

Bashy

Well-Known Member
Feb 20, 2011
67
3
58
Hi folks

Im new to this SSL, need some help please... Basically i am wanting to create a cert for server wide, is this possible?

If so, I have a cert ready from namecheap, but i think i need to run the "Generate a SSL Certificate & Signing Request"

In the "Host to make cert for:" im not sure what to add in here for a server wide cert, would it be my main
server hostname please?

Regards

Bashy
 
Last edited:

Bashy

Well-Known Member
Feb 20, 2011
67
3
58
Hi

Thanks for the reply, does that mean i need to create a subdomain e.g. secure.mydomain.com
 

Bashy

Well-Known Member
Feb 20, 2011
67
3
58
oops, I think i messed something up....

I created a new account with a subdomain secure.mydomain.com
I then setup and bought a cert and installed it. Thats went ok.....

In the Manage SSL Hosts theres only one cert in there for sharing and thats just for
the normal domain (that i messed up last night) not the sub domain...

Its also a bit of a mess in the SSL Key/Crt Manager, sorry, SSL messes with my head
(must be getting too old for this lol) i have loads of csr.old that i cant remove and
theres a few other bits in there that i dont think should be there, there was a lot of
trial and error, more errors than trials i can tell you :(

When i try to remove them i just get errors like this

ERROR: Could not remove nonexistent crt “/etc/ssl/certs/mydomain.com.crt.old.1298926671.crt”.

I think i made a mess of things, SSL is new to me, as i have never really need to them in the past...
 
Last edited:

vanessa

Well-Known Member
PartnerNOC
Sep 26, 2006
833
28
178
Virginia Beach, VA
cPanel Access Level
DataCenter Provider
Go into /etc/ssl/certs and remove the files for the old SSL certificate you had installed, then remove the entry from /etc/ssldomains as well as /var/cpanel/userdata/$user/$domain/$domain_SSL, and run /scripts/rebuildhttpconf. This should remove the certificate so you can go back and install the new one.
 

Bashy

Well-Known Member
Feb 20, 2011
67
3
58
Hi vanessa, thanks for the reply and help, i followed what you said and ran the rebuild
It looks a bit tidier in there now, thank you....

btw after i ran the rebuild it did through up this error

Domain ownership conflict detected for my-domain.com, users nobody, myaccount

Is this something to worry about? Is it something i did, im thinking it is cause i vaguely
remember running a csr and it saying something about having to do it as "nobody" has this
caused an issue?

Sorry for being a complete noob on this topic :(
 

Bashy

Well-Known Member
Feb 20, 2011
67
3
58
Hi again, sorry vanessa, I just tried do the "Install a SSL Certificate and Setup the Domain" in whm and got the following;

SSL install aborted due to error: Sorry, you must have a dedicated ip to use this feature for the user: myusername! If you are intending to install a shared certificate you must use the username "nobody" for security and bandwidth reporting reasons.

I am wanting to install as a shared certificate, so do i choose the name "nobody"?
 

Bashy

Well-Known Member
Feb 20, 2011
67
3
58
Hi again...

Im so sorry, but i am struggling;

I think i should have said i wanted to secure cpanel and not use the wording server wide, i think!

i.e. when a client goes to https://theirdomain.com:2083 i would like so they dont see a certificate error

Does this make sense? Have i gone about this totally the wrong way?

Again, i am really sorry for being a thicket
 

Bashy

Well-Known Member
Feb 20, 2011
67
3
58
Hi vanessa, thanks for the reply, tried that but still get the browser errors saying its for the wrong domain... :(

Even though i set it as "nobody" its still assigned it to the proper username
 
Last edited:

Bashy

Well-Known Member
Feb 20, 2011
67
3
58
Been on this for a few days now on and off and i just cannot get it figured :(
 

cwalke32477

Well-Known Member
Mar 2, 2010
94
0
56
Atlanta, Georgia
cPanel Access Level
Root Administrator
I'm havuing issues with this as well.
I've did it beofre on an earlier version of cpanel, but this one is kicking my but.
I did all the steps above, and installed the cert and I get this.
Success!
Certificate verification passed

The Certificate for the domain vz1-atl01.servsystem.info was installed on the IP 74.81.83.14.
Finished SSL Install Process for vz1-atl01.servsystem.info (www.vz1-atl01.servsystem.info).

/usr/bin/ipcrm: invalid id (168296453)Apache successfully restarted.
And it still shows an invalid self signed cert.
Furthermore, even after manually deleting ssl entries, there is still 1 old crt stuck in ssl hosts that I cannot clear.
 

Mysticeti

Well-Known Member
Sep 16, 2002
57
5
158
Southern NH
(Yeah, I'm replying to an old message.)

If you made the same mistake as I did then you installed the cert OK but forgot to apply it to the services:

Main >> Service Configuration >> Manage Service SSL Certificates