Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Replacing Let's Encrypt hostname certificate with the free Comodo cert

Discussion in 'Security' started by MoreK, Aug 28, 2017.

Tags:
  1. MoreK

    MoreK Member

    Joined:
    Feb 15, 2016
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Helsinki, Finland
    cPanel Access Level:
    Root Administrator
    I'm using Let's Encrypt certificate for Services (Dovecot, Exim, SFTP...). It works fine but every 3 months I have to run a clumsy Python script to renew the certificate.

    So, to get everything automated, I have tried to replace the certificate with the free cPanel provided Comodo certificate:

    1. In WHM panel, go to Manage Service SSL Certificates
    2. Click "Reset Certificate" for one of the services
    3. Run /usr/local/cpanel/bin/checkallsslcerts on console to speed up the process to update Self-Signed cert with Comodo.

    However, when I run "checkallsslcerts" on console, it reverts back to Let's Encrypt certificate for the service. In "Browse Certificates" I can see the new certificate, but it's still Self-Signed.

    And I'm stuck here. Is it possible that I have broke something? I tried to install free cert multiple times earlier, then removed them in SSL Storage Manager. Then tried again.

    Oh, and one challenge is to keep services working for all existing users. Preferrably with no down-time for mail and ftp users. So, is there a way to get Comodo hostname certificate in the background, and THEN install when it's available?

    Any advice appreciated! Thanks...
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,165
    Likes Received:
    1,372
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Can you verify if you are using "Let's Encrypt" as the AutoSSL provider in "WHM >> Manage AutoSSL" in the scenario you have described?

    Thank you.
     
  3. MoreK

    MoreK Member

    Joined:
    Feb 15, 2016
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Helsinki, Finland
    cPanel Access Level:
    Root Administrator
    Hi,
    Yes, correct, I'm using Let's Encrypt as the AutoSSL provider. And for all accounts and web domains it works great. I'm just strugling with the hostname certificate (Manage Service SSL Certificates) to get it automated too.
     
  4. MoreK

    MoreK Member

    Joined:
    Feb 15, 2016
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Helsinki, Finland
    cPanel Access Level:
    Root Administrator
    Hi again. I may have a clue what the problems is. The documentation (Free cPanel-Signed Hostname Certificate - cPanel Knowledge Base - cPanel Documentation) says that "checkallsslcerts" command uses "dig +trace host.server.tld" command to resolve P address of the hostname. I assume it tries to get public IP?

    I tried the command on the server console. It returned internal IP address. I guess that is not the purpose? Btw I also tried out "dig +short host.server.tld" which returned the public IP.

    Could this be a problem? If yes, what can I do to fix it?
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,165
    Likes Received:
    1,372
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Could you open a support ticket using the link in my signature so we can take a closer look?

    Thank you.
     
Loading...

Share This Page