Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Replacing 3rd-party service SSL cert with a cPanel-signed cert

Discussion in 'Security' started by mtindor, Nov 7, 2017.

  1. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,344
    Likes Received:
    58
    Trophy Points:
    178
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    Hello,

    I have a server running a Geotrust certificate on the primary hostname / cPanel services. That Geotrust certificate expires in six days. I would have expected the nightly UPCP to have already replaced this certificate with a cPanel-signed certificate but it has not.

    Am I wrong in thinking that it should replace it?

    If I want to replace the Geotrust cert on cPanel services with a cPanel signed certificate prior to expiration, how do I go about doing that? I'm trying to avoid any long period of time whereby it might generate a temporary self-signed certificate. I simply want to have a new cPanel-signed certificate provisioned and applied for the cPanel services tied to the primary hostname.

    I don't have anything in place that would disable this, such as /var/cpanel/ssl/disable*

    When I read the documentation about the cPanel-signed SSL, it seems to suggest that it won't replace a 3rd party certificate until it is actually expired, and that once the 3rd party cert expires it will generate a self-signed certificate to replace the expired certificate until the next time UPCP runs.

    Mike
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,803
    Likes Received:
    1,898
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello Mike,

    We document information about the free cPanel-signed SSL certificate for the server's hostname at:

    Free cPanel-Signed Hostname Certificate - cPanel Knowledge Base - cPanel Documentation

    The cPanel-signed certificate should replace the existing certificate if it's set to expire within a week's time. Try running the following command manually to see if you notice any output during the certificate generation:

    Code:
    /usr/local/cpanel/bin/checkallsslcerts
    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,344
    Likes Received:
    58
    Trophy Points:
    178
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    Michael,

    I read the documentation. The documentation doesn't specifically address my question, or isn't clear regarding the answer to my question. My buddy already told me that it isn't going to replace my third party cert until the current one expires, at which time it will replace with a self-signed cert until the next UPCP is run.

    So tonight I'll just remove the old cert (even though it isn't quite expired) so that I can then run the check script outside of prime hours and make sure it updates quickly. I don't want anyone to latch on, for even a moment, to a self-signed certificate.

    Thanks
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice