The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Need some help with creating SSL for server wide please

Discussion in 'General Discussion' started by Bashy, Feb 25, 2011.

  1. Bashy

    Bashy Well-Known Member

    Joined:
    Feb 20, 2011
    Messages:
    55
    Likes Received:
    1
    Trophy Points:
    8
    Hi folks

    Im new to this SSL, need some help please... Basically i am wanting to create a cert for server wide, is this possible?

    If so, I have a cert ready from namecheap, but i think i need to run the "Generate a SSL Certificate & Signing Request"

    In the "Host to make cert for:" im not sure what to add in here for a server wide cert, would it be my main
    server hostname please?

    Regards

    Bashy
     
    #1 Bashy, Feb 25, 2011
    Last edited: Feb 25, 2011
  2. vanessa

    vanessa Well-Known Member
    PartnerNOC

    Joined:
    Sep 26, 2006
    Messages:
    817
    Likes Received:
    22
    Trophy Points:
    18
    Location:
    Virginia Beach, VA
    cPanel Access Level:
    DataCenter Provider
    If this is a shared SSL, you can pretty much use any hostname that is set up on the server. Most people use secure.domain.com or something like that - but you can pretty much use anything.
     
  3. Bashy

    Bashy Well-Known Member

    Joined:
    Feb 20, 2011
    Messages:
    55
    Likes Received:
    1
    Trophy Points:
    8
    Hi

    Thanks for the reply, does that mean i need to create a subdomain e.g. secure.mydomain.com
     
  4. vanessa

    vanessa Well-Known Member
    PartnerNOC

    Joined:
    Sep 26, 2006
    Messages:
    817
    Likes Received:
    22
    Trophy Points:
    18
    Location:
    Virginia Beach, VA
    cPanel Access Level:
    DataCenter Provider
    Yes, if that is the subdomain you're using for your shared SSL. What I would recommend doing is setting up the subdomain on its own account, then installing the SSL on that account.
     
  5. Bashy

    Bashy Well-Known Member

    Joined:
    Feb 20, 2011
    Messages:
    55
    Likes Received:
    1
    Trophy Points:
    8
    Thanks vanessa, i will try that....
     
  6. Bashy

    Bashy Well-Known Member

    Joined:
    Feb 20, 2011
    Messages:
    55
    Likes Received:
    1
    Trophy Points:
    8
    oops, I think i messed something up....

    I created a new account with a subdomain secure.mydomain.com
    I then setup and bought a cert and installed it. Thats went ok.....

    In the Manage SSL Hosts theres only one cert in there for sharing and thats just for
    the normal domain (that i messed up last night) not the sub domain...

    Its also a bit of a mess in the SSL Key/Crt Manager, sorry, SSL messes with my head
    (must be getting too old for this lol) i have loads of csr.old that i cant remove and
    theres a few other bits in there that i dont think should be there, there was a lot of
    trial and error, more errors than trials i can tell you :(

    When i try to remove them i just get errors like this

    ERROR: Could not remove nonexistent crt “/etc/ssl/certs/mydomain.com.crt.old.1298926671.crt”.

    I think i made a mess of things, SSL is new to me, as i have never really need to them in the past...
     
    #6 Bashy, Feb 28, 2011
    Last edited: Feb 28, 2011
  7. vanessa

    vanessa Well-Known Member
    PartnerNOC

    Joined:
    Sep 26, 2006
    Messages:
    817
    Likes Received:
    22
    Trophy Points:
    18
    Location:
    Virginia Beach, VA
    cPanel Access Level:
    DataCenter Provider
    Go into /etc/ssl/certs and remove the files for the old SSL certificate you had installed, then remove the entry from /etc/ssldomains as well as /var/cpanel/userdata/$user/$domain/$domain_SSL, and run /scripts/rebuildhttpconf. This should remove the certificate so you can go back and install the new one.
     
  8. Bashy

    Bashy Well-Known Member

    Joined:
    Feb 20, 2011
    Messages:
    55
    Likes Received:
    1
    Trophy Points:
    8
    Hi vanessa, thanks for the reply and help, i followed what you said and ran the rebuild
    It looks a bit tidier in there now, thank you....

    btw after i ran the rebuild it did through up this error

    Domain ownership conflict detected for my-domain.com, users nobody, myaccount

    Is this something to worry about? Is it something i did, im thinking it is cause i vaguely
    remember running a csr and it saying something about having to do it as "nobody" has this
    caused an issue?

    Sorry for being a complete noob on this topic :(
     
  9. vanessa

    vanessa Well-Known Member
    PartnerNOC

    Joined:
    Sep 26, 2006
    Messages:
    817
    Likes Received:
    22
    Trophy Points:
    18
    Location:
    Virginia Beach, VA
    cPanel Access Level:
    DataCenter Provider
    It's not really anything to worry about ,but you can fix it by editing /var/cpanel/userdata/nobody/main and removing the duplicate domain from the yaml file, since it's owned by another account.
     
  10. Bashy

    Bashy Well-Known Member

    Joined:
    Feb 20, 2011
    Messages:
    55
    Likes Received:
    1
    Trophy Points:
    8
    Ok thats good to know, i have removed it from the file, thank you...
     
  11. Bashy

    Bashy Well-Known Member

    Joined:
    Feb 20, 2011
    Messages:
    55
    Likes Received:
    1
    Trophy Points:
    8
    Hi again, sorry vanessa, I just tried do the "Install a SSL Certificate and Setup the Domain" in whm and got the following;

    SSL install aborted due to error: Sorry, you must have a dedicated ip to use this feature for the user: myusername! If you are intending to install a shared certificate you must use the username "nobody" for security and bandwidth reporting reasons.

    I am wanting to install as a shared certificate, so do i choose the name "nobody"?
     
  12. vanessa

    vanessa Well-Known Member
    PartnerNOC

    Joined:
    Sep 26, 2006
    Messages:
    817
    Likes Received:
    22
    Trophy Points:
    18
    Location:
    Virginia Beach, VA
    cPanel Access Level:
    DataCenter Provider
    Oh - when you install the SSL in a shared IP, change the user to 'nobody', then follow the steps in my previous post to remove the domain conflict.
     
  13. Bashy

    Bashy Well-Known Member

    Joined:
    Feb 20, 2011
    Messages:
    55
    Likes Received:
    1
    Trophy Points:
    8
    Hi again...

    Im so sorry, but i am struggling;

    I think i should have said i wanted to secure cpanel and not use the wording server wide, i think!

    i.e. when a client goes to https://theirdomain.com:2083 i would like so they dont see a certificate error

    Does this make sense? Have i gone about this totally the wrong way?

    Again, i am really sorry for being a thicket
     
  14. vanessa

    vanessa Well-Known Member
    PartnerNOC

    Joined:
    Sep 26, 2006
    Messages:
    817
    Likes Received:
    22
    Trophy Points:
    18
    Location:
    Virginia Beach, VA
    cPanel Access Level:
    DataCenter Provider
    ah ok, go to whm > manage service ssl certificates and install the certificate for cpanel

    Then in tweak settings > redirection, have it go to the ssl hostname
     
  15. Bashy

    Bashy Well-Known Member

    Joined:
    Feb 20, 2011
    Messages:
    55
    Likes Received:
    1
    Trophy Points:
    8
    Hi vanessa, thanks for the reply, tried that but still get the browser errors saying its for the wrong domain... :(

    Even though i set it as "nobody" its still assigned it to the proper username
     
    #15 Bashy, Mar 2, 2011
    Last edited: Mar 2, 2011
  16. Bashy

    Bashy Well-Known Member

    Joined:
    Feb 20, 2011
    Messages:
    55
    Likes Received:
    1
    Trophy Points:
    8
    Been on this for a few days now on and off and i just cannot get it figured :(
     
  17. cwalke32477

    cwalke32477 Well-Known Member

    Joined:
    Mar 2, 2010
    Messages:
    94
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Atlanta, Georgia
    cPanel Access Level:
    Root Administrator
    I'm havuing issues with this as well.
    I've did it beofre on an earlier version of cpanel, but this one is kicking my but.
    I did all the steps above, and installed the cert and I get this.
    Success!
    And it still shows an invalid self signed cert.
    Furthermore, even after manually deleting ssl entries, there is still 1 old crt stuck in ssl hosts that I cannot clear.
     
  18. Mysticeti

    Mysticeti Well-Known Member

    Joined:
    Sep 16, 2002
    Messages:
    45
    Likes Received:
    2
    Trophy Points:
    8
    Location:
    Southern NH
    (Yeah, I'm replying to an old message.)

    If you made the same mistake as I did then you installed the cert OK but forgot to apply it to the services:

    Main >> Service Configuration >> Manage Service SSL Certificates
     
Loading...

Share This Page