Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Self-signed SSL certificates replaced by maintenance script

Discussion in 'General Discussion' started by Jason Tyde, Nov 19, 2015.

  1. Jason Tyde

    Jason Tyde Member

    Joined:
    Sep 18, 2015
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Greater Seattle Area
    cPanel Access Level:
    Root Administrator
    Hello Community,

    I'm currently using self-signed certificates to encrypt both mail and ftp communications. They were created within cPanel and applied to the FTP, SMTP, and Dovecot mail server within the 'Manage Service SSL Certificates' function. These certificates were created matching the FQDNs I have assigned to these services, ftp.domain.com and mail.domain.com (for SMTP, IMAP, and POP).

    Unfortunately the nightly maintenance script is replacing these self-signed certificates with new certificates that match the hostname of my server, <hostname>.domain.com, and reporting the following in the maintenance log:

    Code:
    [2015-11-19 01:46:30 -0800]  [21848] Self Signed SSL Certificate for ftp does not match current hostname! ([ftp.domain.com] != <hostname>.domain.com).
    [2015-11-19 01:46:30 -0800]  [21848] Creating new Certificate and Key for ftp....Done
    [2015-11-19 01:46:30 -0800]  [21848] Self Signed SSL Certificate for exim does not match current hostname! ([mail.domain.com] != <hostname>.domain.com).
    [2015-11-19 01:46:31 -0800]  [21848] Creating new Certificate and Key for exim....Done
    [2015-11-19 01:46:31 -0800]  [21848] Self Signed SSL Certificate for dovecot does not match current hostname! ([mail.domain.com] != <hostname>.domain.com).
    [2015-11-19 01:46:31 -0800]  [21848] Creating new Certificate and Key for dovecot....Done
    
    I can return to the stored certificates I want to use by using the 'Manage Service SSL Certificates' function, however I'd really like to stop the maintenance script from making these changes. (As a side note, I just learned that changing the hostname of the server also makes these certificate substitutions.)

    What is the best practice for modifying the nightly maintenance script so that these self-signed certificates for (ftp|mail).domain.com are preserved?

    Thanks for any and all advice.

    Cheers, Jason
     
    #1 Jason Tyde, Nov 19, 2015
    Last edited by a moderator: Nov 19, 2015
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,409
    Likes Received:
    1,955
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. Jason Tyde

    Jason Tyde Member

    Joined:
    Sep 18, 2015
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Greater Seattle Area
    cPanel Access Level:
    Root Administrator
    I added my vote and added some feedback.

    I could use a little advice on the best mechanism to work around this issue for now. I note from Mary's feature request that a postupcp script can be used to restore the self-signed certificates to my services. Since I'm new to cPanel can someone point me in the right direction for learning more about modifying the upcp process?
     
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,409
    Likes Received:
    1,955
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. Jason Tyde

    Jason Tyde Member

    Joined:
    Sep 18, 2015
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Greater Seattle Area
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice