same ssh cert on 2 different cpanel servers

zombo

Active Member
Jan 28, 2004
38
0
156
Austria
I am owning an using ssl certs on my main cpanel server. I have the userfiles mirrored to a second cpanel server in a different IP location.
AS far as I know, since operating system, cpanel, apache etc are same on both virtual servers my SSL cert(s) should work on both servers.
Some time ago the cert files used to reside in /usr/share/ssl/certs and /usr/share/ssl/private, however there are no such files anymore.

:confused: Could anyone please drop me a hint where the relevant files are now that I can copy them to the correct location on my secondary cpanel server?
 

zombo

Active Member
Jan 28, 2004
38
0
156
Austria
Thanks quietFinn. - Unfortunately simple coyping the .key and .crt files do not do the Job. the copied certs show the wrong IP numbers. I guess I have to ask the cert issueing company for a reissue of the certs with a new csr, which makes me somhow nervous.
 

quietFinn

Well-Known Member
Feb 4, 2006
2,020
541
493
Finland
cPanel Access Level
Root Administrator
You say that "I have the userfiles mirrored to a second cpanel server".
Do you mean that you have copied the files, but not actually transferred the accounts?
Because if you copy the account(s) in WHM-> Transfers-> Copy an Account From Another Server the SSL certificate is copied also.
 

zombo

Active Member
Jan 28, 2004
38
0
156
Austria
I do a daily rsync of the whole /home directory from my primary to the secondary server. A DNS failover directs visitors to the secondary in case of outages. That works quite fine (I do not care about mail services at this time, I only want the web content to stay accessable during server outages).

This way the complete cpanel accounts are copied (rsync'd). I checked the /home/[useracct]/ssl/certs and /home/[useracct]/ssl/private files and they are identical as they should be.

Your hint did help a little. However, as I call the respective website per browser, primary and secondary work fine despite of the ssl funktion. The primary does as is should (SSL exiry in 2014) while the copied secondary displays an expired cert (SSL expiry in 2010) which I understand since the cert was renewed in 2010 and in 2012 - but why do the copied files not produce the same result than the source?? - Are cert and private key files stored in another place that I did not copy? Can it be a cache problem? Why does the browser use the old and expired cert although the ssl cert and private userfiles are identical?