Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Reset Service SSL Certificates

Discussion in 'Security' started by Nirjonadda, Apr 25, 2019.

  1. Nirjonadda

    Nirjonadda Well-Known Member

    Joined:
    May 8, 2013
    Messages:
    644
    Likes Received:
    16
    Trophy Points:
    68
    cPanel Access Level:
    Root Administrator
    Hello,

    Reset Service SSL Certificates are not install www.hostname.domain.com, only installed hostname.domain.com. Please let me know this fix.

    ScreenShot01043.png
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,248
    Likes Received:
    478
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hello @Nirjonadda

    This is dependent on what is covered in the SAN for the certificate. If www.hostname.tld is not covered it will not be included in the certificate properties.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. Nirjonadda

    Nirjonadda Well-Known Member

    Joined:
    May 8, 2013
    Messages:
    644
    Likes Received:
    16
    Trophy Points:
    68
    cPanel Access Level:
    Root Administrator
    www are not included in the certificate properties after Reset Service SSL Certificates but before this will be here.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,248
    Likes Received:
    478
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider

    Again, this is based on what the certificate covers, you need to look at the certificate details, if it doesn't cover www. then it won't be included in the certificate properties.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. Nirjonadda

    Nirjonadda Well-Known Member

    Joined:
    May 8, 2013
    Messages:
    644
    Likes Received:
    16
    Trophy Points:
    68
    cPanel Access Level:
    Root Administrator
    Does happen any issue without www ? Also we have one issue after Reseting Service SSL Certificates. https://hostname.domain.com:2087/ no more working, Did Not Connect: Potential Security Issue. Please let me know that how can fixing this issue?

    ScreenShot01045.png
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,248
    Likes Received:
    478
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    This warning looks like there isn't a certificate installed on the hostname or it's a self-signed certificate.


    In a standard environment you wouldn't be connecting to the hostname with www.host.name.tld so there really shouldn't be issues if it's not covered.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. Nirjonadda

    Nirjonadda Well-Known Member

    Joined:
    May 8, 2013
    Messages:
    644
    Likes Received:
    16
    Trophy Points:
    68
    cPanel Access Level:
    Root Administrator
    So how can fixing this issue? Service SSL Certificates are not self-signed certificate?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,248
    Likes Received:
    478
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    If your SSL certificate is issue from a known CA, installed properly and not expired this shouldn't be occurring. Based on the screenshot you shared the certificate expired yesterday.

    What do you get when you run the following:

    Code:
    /usr/local/cpanel/bin/checkallsslcerts
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. Nirjonadda

    Nirjonadda Well-Known Member

    Joined:
    May 8, 2013
    Messages:
    644
    Likes Received:
    16
    Trophy Points:
    68
    cPanel Access Level:
    Root Administrator
    No, Yesterday I get email about The SSL certificate for “ftp” on “domain.com” will expire in less than 30 days. So I do reset.

    Code:
    [root@na ~]# /usr/local/cpanel/bin/checkallsslcerts
    The system will check for the certificate for the “cpanel” service.
    The system will attempt to replace the self-signed certificate for the “cpanel” service with a signed certificate from the cPanel Store.
    The system will attempt to install a certificate for the “cpanel” service from the system ssl storage.
    None of the certificates in the system ssl storage were acceptable to use for the “cpanel” service.
    The system will attempt to install a certificate for the “cpanel” service from the cPanel store.
    The system will check for the certificate for the “dovecot” service.
    The system will attempt to replace the self-signed certificate for the “dovecot” service with a signed certificate from the cPanel Store.
    The system will attempt to install a certificate for the “dovecot” service from the system ssl storage.
    None of the certificates in the system ssl storage were acceptable to use for the “dovecot” service.
    The system will check for the certificate for the “exim” service.
    The system will attempt to replace the self-signed certificate for the “exim” service with a signed certificate from the cPanel Store.
    The system will attempt to install a certificate for the “exim” service from the system ssl storage.
    None of the certificates in the system ssl storage were acceptable to use for the “exim” service.
    The system will check for the certificate for the “ftp” service.
    The system will attempt to replace the self-signed certificate for the “ftp” service with a signed certificate from the cPanel Store.
    The system will attempt to install a certificate for the “ftp” service from the system ssl storage.
    None of the certificates in the system ssl storage were acceptable to use for the “ftp” service.
    The cPanel Store is processing the hostname certificate request.
    The system will check the cPanel Store again the next time that “/usr/local/cpanel/bin/checkallsslcerts” runs.
    [root@na ~]#
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,248
    Likes Received:
    478
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Code:
    The cPanel Store is processing the hostname certificate request.
    
    This shows that the system is provisioning the hostname certificate. This process should have happened automatically but I assume it's because you reset the certificate.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  11. Nirjonadda

    Nirjonadda Well-Known Member

    Joined:
    May 8, 2013
    Messages:
    644
    Likes Received:
    16
    Trophy Points:
    68
    cPanel Access Level:
    Root Administrator
    How many time this will take provisioning the hostname certificate? Anyway can be provisioning the hostname certificate immediately?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  12. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,248
    Likes Received:
    478
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Typically the process is fairly quick but in this instance, it seems there may be an issue holding it up. Feel free to PM the hostname of the server and I'll look at the internal system for you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  13. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,248
    Likes Received:
    478
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    The issue here is occurring because the hostname did not resolve to an IP, the addition of an A record for the hostname will resolve this issue and the certificate is currently processing (approved and should be delivered shortly)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  14. Nirjonadda

    Nirjonadda Well-Known Member

    Joined:
    May 8, 2013
    Messages:
    644
    Likes Received:
    16
    Trophy Points:
    68
    cPanel Access Level:
    Root Administrator
    Please can you let me know that where can check hostname certificate are installed or not?

    WHM Home »SSL/TLS ?
    WHM Home »Service Configuration »Manage Service SSL Certificates?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  15. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,248
    Likes Received:
    478
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    You'll be able to see the new certificate when it's installed here:

    WHM Home »Service Configuration »Manage Service SSL Certificates
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    Nirjonadda likes this.
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice