The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Renewing SSL Cert

Discussion in 'General Discussion' started by NancyJ, Feb 22, 2012.

  1. NancyJ

    NancyJ Registered

    Joined:
    Feb 22, 2012
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    The old SSL cert expired a couple of days ago, when adding the new cert it appears to go ok and the new cert is listed in cpanel but the website is still serving the old cert.

    I cannot delete the old cert (no error messages, it says its deleted but then its still there in the list)
    When I install the new one, the old one is no longer listed

    The annoying thing is I've had this problem before (different client a couple of weeks ago) and I found a solution but I can't remember what it was.

    I've tried restarting cpanel but that didn't help.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Are you installing the certificate via cPanel or Web Host Manager? If you are only using cPanel to install the certificate, check to see if you notice the same problem when you use Web Host Manager:

    "WHM >> SSL/TLS >> Install a SSL Certificate and Setup the Domain"

    It may be a good idea to open a support ticket for this issue so we can check to see the exact cause of this problem. You can submit a ticket using the following URL:

    Submit A Ticket

    Thank you.
     
  3. NancyJ

    NancyJ Registered

    Joined:
    Feb 22, 2012
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I was using cPanel. I tried using WHM and it said "SSL install aborted due to error: Sorry, you must have a dedicated ip to use this feature for the user: <redacted>! If you are intending to install a shared certificate you must use the username "nobody" for security and bandwidth reporting reasons."

    This domain already has an ssl certificate, its just expired. The domain isn't on a dedicated IP but it is the only domain on the IP that uses SSL.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    A dedicated IP address is required for any account you plan to install a SSL certificate on. If you do not have a dedicated IP address available, you can install one certificate under the "nobody" username on the shared IP address. This should be avoided if at all possible, as it essentially shares the certificate. The following thread contains some information on installing a certificate under the "nobody" username.

    Cannot Install SSL Certificate

    Thank you.
     
  5. NancyJ

    NancyJ Registered

    Joined:
    Feb 22, 2012
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    As I said, the domain already has an SSL certificate installed on it under the username for the account (ie, not installed under the name "nobody"). That was working fine until it expired.
     
  6. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    You could simply replace the existing crt file with the new certificate. In /var/cpanel/userdata/username/domain.com_SSL file (where username is the cPanel username and domain.com is the domain name), you should see the path to the .crt file listed. Go to that path, then copy the existing domain.com.crt file and replace the contents of that file with the new certificate. You should then be able to restart Apache and have the new certificate working if it is by the same company with the same cabundle being used.

    If it isn't the same company or the same cabundle (intermediary root certificate), grab a copy of the cabundle that pulls up when you try to install the new certificate (the bottommost field is the cabundle). After you have that new cabundle, copy the old domain.com.cabundle file and replace it with the new one. Again, it should be in the same folder as the domain.com.crt file happens to be.
     
Loading...

Share This Page