Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Services SSL not renewing as expected

Discussion in 'Security' started by outofcontrol, May 11, 2019.

  1. outofcontrol

    outofcontrol Member

    Joined:
    May 18, 2009
    Messages:
    24
    Likes Received:
    1
    Trophy Points:
    53
    Location:
    Montreal
    We have been getting daily emails stating "The SSL certificate for “exim” on “our.domain.com” will expire in less than 30 days." We are now at 18 days left and the main cpanel certificate is still not renewing.

    What we have tried:

    - Not using Nginx - one post suggested that could be an issue with renewals.
    - Reboot'd the server.
    - Manually run as root:
    /usr/local/cpanel/scripts/upcp
    /usr/local/cpanel/bin/checkallsslcerts
    - This file does not exist: "/var/cpanel/ssl/disable_auto_hostname_certificate"

    - Clients sites we are using Let's Encrypt with no issues.
    - Cpanel is up-to-date CENTOS 7.6 kvm [-------] v78.0.23
    - Cpanel domain has proper DNS and reverse DNS.
    - CAA records for our main domain and cpanel subdomain for LetEncrypt and Sentigo. All CAA records have removed to ensure they were not blocking in any way.

    We have had this VM for a few years with no issues until now. That is to say, the main SSL certificate always renewed properly on it's own in previous years. We now currently using a self signed certificate for our services, which is creating issues.

    Any suggestions on how to get this installation to upgrade?

    Adding output of /usr/local/cpanel/bin/checkallsslcerts

    Code:
    The system will check for the certificate for the “cpanel” service.
    The system will attempt to replace the self-signed certificate for the “cpanel” service with a signed certificate from the cPanel Store.
    The system will attempt to install a certificate for the “cpanel” service from the system ssl storage.
    None of the certificates in the system ssl storage were acceptable to use for the “cpanel” service.
    The system will attempt to install a certificate for the “cpanel” service from the cPanel store.
    The system will check for the certificate for the “dovecot” service.
    The system will attempt to replace the self-signed certificate for the “dovecot” service with a signed certificate from the cPanel Store.
    The system will attempt to install a certificate for the “dovecot” service from the system ssl storage.
    None of the certificates in the system ssl storage were acceptable to use for the “dovecot” service.
    The system will check for the certificate for the “exim” service.
    The system will attempt to replace the self-signed certificate for the “exim” service with a signed certificate from the cPanel Store.
    The system will attempt to install a certificate for the “exim” service from the system ssl storage.
    None of the certificates in the system ssl storage were acceptable to use for the “exim” service.
    The system will check for the certificate for the “ftp” service.
    The system will attempt to replace the self-signed certificate for the “ftp” service with a signed certificate from the cPanel Store.
    The system will attempt to install a certificate for the “ftp” service from the system ssl storage.
    None of the certificates in the system ssl storage were acceptable to use for the “ftp” service.
    The cPanel Store is processing the hostname certificate request.
    The system will check the cPanel Store again the next time that “/usr/local/cpanel/bin/checkallsslcerts” runs.
    
     
    #1 outofcontrol, May 11, 2019
    Last edited: May 11, 2019
  2. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,161
    Likes Received:
    474
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @outofcontrol


    Based on the last lines:

    Code:
    The cPanel Store is processing the hostname certificate request.
    The system will check the cPanel Store again the next time that “/usr/local/cpanel/bin/checkallsslcerts” runs.
    It looks like the certificate is being processed - if you'd like, you can PM me the hostname and I can check the internal system and see what may be happening/what the status is of it currently.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice