Problem with SSL cert installation

InteractM

Well-Known Member
Apr 2, 2013
135
1
18
cPanel Access Level
Root Administrator
I have received from one cPanel user a SSL cert which I have tried to install and came with an error:

Certificate verification failed! The system did not find the Certificate Authority Bundle that matches this certificate. Contact “Corporation Service Company” to obtain the Certificate Authority Bundle for “Trusted Secure Certificate Authority 5”.​

Then the user provided CA cert but installing with it I'm getting that error message:

Verification Result [ stdin: C = US, ST = DE, L = Wilmington, O = Corporation Service Company, CN = Trusted Secure Certificate Authority 5 error 20 at 0 depth lookup:unable to get local issuer certificate ]​

Any clue what is going on? I never had any issues so far with SSL cert issues by RapidSSL, GeoTrust, VeriSign or Commodo.

Thanks
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
Hello :)

Please post the output from the following command:

Code:
grep '' /etc/redhat-release /usr/local/cpanel/version /var/cpanel/envtype
Also, please let us know if you are installing the certificate via cPanel or Web Host Manager, the URL where you are obtaining the CABundle from, and if you are entering the CABundle manually or allowing it to automatically populate in the interface.

Thank you.
 

InteractM

Well-Known Member
Apr 2, 2013
135
1
18
cPanel Access Level
Root Administrator
/etc/redhat-release:CentOS release 6.7 (Final)
/usr/local/cpanel/version:11.54.0.21
/var/cpanel/envtype:standard

SSL cert was uploaded via cPanel but cPanel user wasn't able to activate it so I have tried to install it (activate) via WHM but I have got the same errors.

CA is not autopopulating after CRT selection (first error message) then when I will copy&paste TrustedSecureCertificateAuthority5.crt it throws second error message. All done again via WHM

Based on cPanel user SSL cert was obtained from Comodo.

Thanks
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
Could anyone experiencing this issue open a support ticket using the link in my signature so we can take a closer look? Please reference internal case CPANEL-1454, so we can verify if the issue is associated with that case. Also, post the ticket number here so we can update this thread with the outcome.

Thank you.
 

sylvainf

Registered
Aug 14, 2016
1
0
1
Paris
cPanel Access Level
Root Administrator
hello,
i'm facing the same issue.

the domain, IP and KEY all automatically filled in, but not the CA Bundle.

i copy and paste the CA Bundle , then i have this issue

system informations:

/etc/redhat-release:CentOS release 6.8 (Final)
/usr/local/cpanel/version:11.58.0.19
/var/cpanel/envtype:virtuozzo

here is error log

Code:
tail -fn0 /usr/local/cpanel/logs/error_log
-----------------------------------------------------
==> cpsrvd 11.58.0.19 started
==> cpsrvd: loading security policy....Done
==> cpsrvd: Setting up SSL support ... Done
==> cpsrvd: transferred port bindings
==> cpsrvd: bound to ports
[2016-08-14 09:07:02 +0200] warn [ssl] Certificate bundle verification failed!

Verification Result [ stdin: DC = ng, DC = com, DC = AAA, CN = AAA-BBBBBB-CA
error 20 at 0 depth lookup:unable to get local issuer certificate
]
at bin/admin/Cpanel/ssl.pl line 177.
        bin::ssladmin::perform_add(__CPANEL_HIDDEN__, __CPANEL_HIDDEN__) called at /usr/local/cpanel/Cpanel/AdminBin/Script/Legacy.pm line 124
        Cpanel::AdminBin::Script::Legacy::script("Cpanel::AdminBin::Script::Legacy", HASH(0x11c2ee0), 506) called at /usr/local/cpanel/Cpanel/AdminBin/Script/Legacy.pm line 26
        eval {...} called at /usr/local/cpanel/Cpanel/AdminBin/Script/Legacy.pm line 26
        Cpanel::AdminBin::Script::Legacy::run_adminbin("bin::ssladmin", HASH(0x11c2ee0)) called at bin/admin/Cpanel/ssl.pl line 73
[2016-08-14 09:07:02 +0200] warn [uapi] Cpanel::Wrap::send_cpwrapd_request The adminbin “ssl” in the “Cpanel” namespace call to function “ADD” ended prematurely: The subprocess reported error number 5 when it ended.: namespace=[Cpanel] module=[ssl] function=[ADD]: raw_response=[{"mode":"full","data":{"action":"install","status":0,"html":"Certificate bundle verification failed!\n\nVerification Result [ stdin: DC = ng, DC = com, DC = AAA, CN = AAA-BBBBBB-CA\nerror 20 at 0 depth lookup:unable to get local issuer certificate\n]\n","statusmsg":"Certificate bundle verification failed!\n\nVerification Result [ stdin: DC = ng, DC = com, DC = AAA, CN = AAA-BBBBBB-CA\nerror 20 at 0 depth lookup:unable to get local issuer certificate\n]\n","message":"Certificate bundle verification failed!\n\nVerification Result [ stdin: DC = ng, DC = com, DC = AAA, CN = AAA-BBBBBB-CA\nerror 20 at 0 depth lookup:unable to get local issuer certificate\n]\n"},"exit_code":1280,"action":"fetch","error":1,"version":"2.4","statusmsg":"The adminbin “ssl” in the “Cpanel” namespace call to function “ADD” ended prematurely: The subprocess reported error number 5 when it ended.","status":1,"timeout":0}] at /usr/local/cpanel/Cpanel/Wrap.pm line 115, <$socket> line 1.
        Cpanel::Wrap::send_cpwrapd_request("action", "fetch", "no_cperror", 1, "namespace", "Cpanel", "data", HASH(0x18c7590), "module", ...) called at /usr/local/cpanel/Cpanel/Wrap.pm line 55
        Cpanel::Wrap::send_cpwrapd_request_no_cperror("namespace", "Cpanel", "module", "ssl", "function", "ADD", "data", HASH(0x18c7590), "action", ...) called at /usr/local/cpanel/Cpanel/AdminBin.pm line 251
        Cpanel::AdminBin::_adminfetch("module", "ssl", "function", "ADD", "format", "storable", "cache_check_files", "", "cache", ...) called at /usr/local/cpanel/Cpanel/AdminBin.pm line 177
        Cpanel::AdminBin::fetch_adminbin_nocache_with_status("ssl", undef, "ADD", "storable", HASH(0x18c7590)) called at /usr/local/cpanel/Cpanel/API/SSL.pm line 1719
        Cpanel::API::SSL::_install("example.com", "www_example_com_aa97a_e2cf9_1533304026_1eff21b92361589b26ff1a0"..., "aa97a_e2cf9_9d3c4438b647dab7d21f0f42f0dcc106", "-----BEGIN CERTIFICATE-----\x{a}MIIFcTCCBFmgAwIBAgIKean8VwACABwmD"..., Cpanel::Result=HASH(0x41e4d80), 1) called at /usr/local/cpanel/Cpanel/API/SSL.pm line 1319
        Cpanel::API::SSL::install_ssl(Cpanel::Args=HASH(0x49d29d0), Cpanel::Result=HASH(0x41e4d80)) called at /usr/local/cpanel/Cpanel/API.pm line 285
        Cpanel::API::__ANON__() called at /usr/local/cpanel/Cpanel/API.pm line 357
        eval {...} called at /usr/local/cpanel/Cpanel/API.pm line 357
        Cpanel::API::_eval_guard(Cpanel::Result=HASH(0x41e4d80), CODE(0x49d2b98)) called at /usr/local/cpanel/Cpanel/API.pm line 285
        Cpanel::API::_run_module_function(Cpanel::Args=HASH(0x49d29d0), Cpanel::Result=HASH(0x41e4d80), "SSL", "install_ssl") called at /usr/local/cpanel/Cpanel/API.pm line 142
        Cpanel::API::execute("SSL", "install_ssl", HASH(0x421e0c8)) called at /usr/local/cpanel/Cpanel/API.pm line 548
        Cpanel::API::run_api_mode(HASH(0x421e0c8)) called at uapi.pl line 270
        main::script() called at uapi.pl line 83
[2016-08-14 09:07:02 +0200] warn [uapi] Cpanel::Wrap::send_cpwrapd_request error: namespace=[Cpanel] module=[ssl] function=[ADD]: statusmsg=[The adminbin “ssl” in the “Cpanel” namespace call to function “ADD” ended prematurely: The subprocess reported error number 5 when it ended.] at /usr/local/cpanel/Cpanel/Wrap.pm line 124, <$socket> line 1.
        Cpanel::Wrap::send_cpwrapd_request("action", "fetch", "no_cperror", 1, "namespace", "Cpanel", "data", HASH(0x18c7590), "module", ...) called at /usr/local/cpanel/Cpanel/Wrap.pm line 55
        Cpanel::Wrap::send_cpwrapd_request_no_cperror("namespace", "Cpanel", "module", "ssl", "function", "ADD", "data", HASH(0x18c7590), "action", ...) called at /usr/local/cpanel/Cpanel/AdminBin.pm line 251
        Cpanel::AdminBin::_adminfetch("module", "ssl", "function", "ADD", "format", "storable", "cache_check_files", "", "cache", ...) called at /usr/local/cpanel/Cpanel/AdminBin.pm line 177
        Cpanel::AdminBin::fetch_adminbin_nocache_with_status("ssl", undef, "ADD", "storable", HASH(0x18c7590)) called at /usr/local/cpanel/Cpanel/API/SSL.pm line 1719
        Cpanel::API::SSL::_install("example.com", "www_example_com_aa97a_e2cf9_1533304026_1eff21b92361589b26ff1a0"..., "aa97a_e2cf9_9d3c4438b647dab7d21f0f42f0dcc106", "-----BEGIN CERTIFICATE-----\x{a}MIIFcTCCBFmgAwIBAgIKean8VwACABwmD"..., Cpanel::Result=HASH(0x41e4d80), 1) called at /usr/local/cpanel/Cpanel/API/SSL.pm line 1319
        Cpanel::API::SSL::install_ssl(Cpanel::Args=HASH(0x49d29d0), Cpanel::Result=HASH(0x41e4d80)) called at /usr/local/cpanel/Cpanel/API.pm line 285
        Cpanel::API::__ANON__() called at /usr/local/cpanel/Cpanel/API.pm line 357
        eval {...} called at /usr/local/cpanel/Cpanel/API.pm line 357
        Cpanel::API::_eval_guard(Cpanel::Result=HASH(0x41e4d80), CODE(0x49d2b98)) called at /usr/local/cpanel/Cpanel/API.pm line 285
        Cpanel::API::_run_module_function(Cpanel::Args=HASH(0x49d29d0), Cpanel::Result=HASH(0x41e4d80), "SSL", "install_ssl") called at /usr/local/cpanel/Cpanel/API.pm line 142
        Cpanel::API::execute("SSL", "install_ssl", HASH(0x421e0c8)) called at /usr/local/cpanel/Cpanel/API.pm line 548
        Cpanel::API::run_api_mode(HASH(0x421e0c8)) called at uapi.pl line 270
        main::script() called at uapi.pl line 83
-----------------------------------------------------

Could anyone help please?
thanks very much
 
Last edited by a moderator:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
the domain, IP and KEY all automatically filled in, but not the CA Bundle.

i copy and paste the CA Bundle , then i have this issue
Could you open a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome.

Thank you.