Need some help with creating SSL for server wide please

[Bashy]

Hi folks

Im new to this SSL, need some help please... Basically i am wanting to create a cert for server wide, is this possible?

If so, I have a cert ready from namecheap, but i think i need to run the "Generate a SSL Certificate & Signing Request"

In the "Host to make cert for:" im not sure what to add in here for a server wide cert, would it be my main
server hostname please?

Regards

Bashy

 

[vanessa]

If this is a shared SSL, you can pretty much use any hostname that is set up on the server. Most people use secure.domain.com or something like that - but you can pretty much use anything.

 

[Bashy]

Hi

Thanks for the reply, does that mean i need to create a subdomain e.g. secure.mydomain.com

 

[vanessa]

Yes, if that is the subdomain you're using for your shared SSL. What I would recommend doing is setting up the subdomain on its own account, then installing the SSL on that account.

 

[Bashy]

Thanks vanessa, i will try that....

 

[Bashy]

oops, I think i messed something up....

I created a new account with a subdomain secure.mydomain.com
I then setup and bought a cert and installed it. Thats went ok.....

In the Manage SSL Hosts theres only one cert in there for sharing and thats just for
the normal domain (that i messed up last night) not the sub domain...

Its also a bit of a mess in the SSL Key/Crt Manager, sorry, SSL messes with my head
(must be getting too old for this lol) i have loads of csr.old that i cant remove and
theres a few other bits in there that i dont think should be there, there was a lot of
trial and error, more errors than trials i can tell you

When i try to remove them i just get errors like this

ERROR: Could not remove nonexistent crt “/etc/ssl/certs/mydomain.com.crt.old.1298926671.crt”.

I think i made a mess of things, SSL is new to me, as i have never really need to them in the past...

 

[vanessa]

Go into /etc/ssl/certs and remove the files for the old SSL certificate you had installed, then remove the entry from /etc/ssldomains as well as /var/cpanel/userdata/$user/$domain/$domain_SSL, and run /scripts/rebuildhttpconf. This should remove the certificate so you can go back and install the new one.

 

[Bashy]

Hi vanessa, thanks for the reply and help, i followed what you said and ran the rebuild
It looks a bit tidier in there now, thank you....

btw after i ran the rebuild it did through up this error

Domain ownership conflict detected for my-domain.com, users nobody, myaccount

Is this something to worry about? Is it something i did, im thinking it is cause i vaguely
remember running a csr and it saying something about having to do it as "nobody" has this
caused an issue?

Sorry for being a complete noob on this topic

 

[vanessa]

It's not really anything to worry about ,but you can fix it by editing /var/cpanel/userdata/nobody/main and removing the duplicate domain from the yaml file, since it's owned by another account.

 

[Bashy]

Ok thats good to know, i have removed it from the file, thank you...

 

[Bashy]

Hi again, sorry vanessa, I just tried do the "Install a SSL Certificate and Setup the Domain" in whm and got the following;

SSL install aborted due to error: Sorry, you must have a dedicated ip to use this feature for the user: myusername! If you are intending to install a shared certificate you must use the username "nobody" for security and bandwidth reporting reasons.

I am wanting to install as a shared certificate, so do i choose the name "nobody"?

 

[vanessa]

Oh - when you install the SSL in a shared IP, change the user to 'nobody', then follow the steps in my previous post to remove the domain conflict.

 

[Bashy]

Hi again...

Im so sorry, but i am struggling;

I think i should have said i wanted to secure cpanel and not use the wording server wide, i think!

i.e. when a client goes to https://theirdomain.com:2083 i would like so they dont see a certificate error

Does this make sense? Have i gone about this totally the wrong way?

Again, i am really sorry for being a thicket

 

[vanessa]

ah ok, go to whm > manage service ssl certificates and install the certificate for cpanel

Then in tweak settings > redirection, have it go to the ssl hostname

 

[Bashy]

Hi vanessa, thanks for the reply, tried that but still get the browser errors saying its for the wrong domain...

Even though i set it as "nobody" its still assigned it to the proper username

 

[Bashy]

Been on this for a few days now on and off and i just cannot get it figured

 

[cwalke32477]

I'm havuing issues with this as well.
I've did it beofre on an earlier version of cpanel, but this one is kicking my but.
I did all the steps above, and installed the cert and I get this.
Success!

Certificate verification passed

The Certificate for the domain vz1-atl01.servsystem.info was installed on the IP 74.81.83.14.
Finished SSL Install Process for vz1-atl01.servsystem.info (www.vz1-atl01.servsystem.info).

/usr/bin/ipcrm: invalid id (168296453)Apache successfully restarted.

And it still shows an invalid self signed cert.
Furthermore, even after manually deleting ssl entries, there is still 1 old crt stuck in ssl hosts that I cannot clear.

 

[Mysticeti]

(Yeah, I'm replying to an old message.)

If you made the same mistake as I did then you installed the cert OK but forgot to apply it to the services:

Main >> Service Configuration >> Manage Service SSL Certificates