Service SSL Certificates Certificate Authority Bundle

aerospex

Member
Nov 20, 2006
9
0
151
Similar to the Sectigo issue, but different. Inbound emails to the server/host itself are failing due to the expired intermediate certificate from "Issuer: cPanel, Inc. Certification Authority ".

Can you please paste the updated CA here so we can apply it in the "Manage Service SSL Certificates" section?

While waiting for the updated CA, if you're unable to send your host inbound emails via SSL, you can fix the issue by removing the Certificate Authority Bundle completely by:

- Log into cPanel Admin
- Select "Manage Service SSL Certificates"
- Click "Apply Certificate to Another Service" (any will do)
- scroll down, check the "Exim (SMTP) Server" box
- scroll even further down, remove the "Certificate Authority Bundle" certificate completely (so it's empty)
- Click "Install"

This will force any validation to go via root certificates, which seemed to work for me and allowed external emails inbound using the "WP Mail SMTP" plugin on Wordpress

PPS - I don't believe you need to reissue the certificate for this fix. Had another domain with the same issue, replaced CA, all checks from sites like SSL Checker passed and things started working again.
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,266
313
Houston
From what I'm reading here it sounds like the exact same issue just for the hostname certificate? If so I'd suggest reading the following:


as well as the primary:


The autorepair script should automatically replace the CA Root Certificate that is expired and does not entail re-running AutoSSL