Replace SSL Certificates that do not match local hostname

bejbi

Well-Known Member
PartnerNOC
Jan 20, 2006
163
31
178
Poland
cPanel Access Level
DataCenter Provider
On my servers today all wildcard SSL certificates was changed into cPanel certificates, without any warning before.

I found it is becouse NEW option in TweakSettings:

"Replace SSL certificates that do not match the local hostname"
with explain: "When you enable this option, the checkallsslcerts script will replace any SSL certificates that do not match the hostname of the server with a cPanel-signed certificate. This includes wildcard certificates."

This option in by default set to ON !!!

But there is NO infromation in changelog of RELEASE version 64.0.x (until build 33)

I think it should be not like this ...

W.
 

rpvw

Well-Known Member
Jul 18, 2013
1,100
472
113
UK
cPanel Access Level
Root Administrator

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,880
2,256
463
Hello,

You can disable that option if you prefer to keep your wildcard SSL certificate in the future. However, have you considered allowing it to be replaced by a cPanel-signed SSL certificate instead? With AutoSSL and Domain TLS, secure access to services such as cPanel/WHM on a per-domain basis is now easily available:

What is Domain TLS - cPanel Knowledge Base - cPanel Documentation

Thank you.