SSL and dedicated IP for VPS hostname

[vespera]

I've been trying for some time to figure out all this DNS, nameserver and IP stuff, and I think I did, for the most part, but now I've come to install an SSL certificate and I'm just stuck. I have a VPS with 2 IPs, the 1.1.1.1 is set to NS1 and 2.2.2.2 is set to be NS2 (I also use some secondary NS, but I don't think this is relevant here)
I've started with the hostname "host.domain.com". The Basic Config is set to use the IP 1.1.1.1 as main, and this is also the main VPS IP that I use to log in to WHM. Then I added a second IP, and I've set up NS1 to be 1.1.1.1 and NS2 is using the IP 2.2.2.2
At the moment I have just 2 DNS zones - host.domain.com (with A record host.domain.com pointing to 1.1.1.1) and domain.com (A record points to 1.1.1.1, and the zone also contains an A record for "host" set to 1.1.1.1), so, they both use the same settings (nameservers NS1 and NS2, and their main IP is 1.1.1.1)
I plan to use the second IP 2.2.2.2 for the other sites that I want to create.
Since I'm sick of getting the "Untrusted connection" message in my browser and Thunderbird/Outlook, I purchased a cheap, Positive SSL certificate for host.domain.com, generated CSR and installed it.
Now, in the Manage SSL Hosts i see the installed SSL host "host.domain.com" with the IP 1.1.1.1 and owner nobody. As per some tips that I've found, I made this certificate be shared.
And that's as far as I've come...
If I try to open either https://domain.com:2083, https://1.1.1.1:2083 or https://host.domain.com:2087 I still get "Untrusted connection", and Thunderbird is also giving me Unknown Identity for the Certificate Status...
Can somebody, please, walk me through setting this up?
- Should I move the domain.com to the other IP 2.2.2.2, so that host.domain.com remains the only one using the IP 1.1.1.1?
- Should I change the IP in Basic Config to 2.2.2.2, and make this the main shared IP for setting up new accounts, but leave the DNS zone A record for host.domain com point to 1.1.1.1?
- Would it be easier to set up if I make the domain.com a reseller and assign it to use the 2.2.2.2 as the reseller shared IP. Should I then also change the site IP for domain.com to be 2.2.2.2 or not?
- I assume I don't need a third IP to make this all work?
Thank's in advance for any help

 

[cPanelMichael]

Hello

You have to install the certificate for your services via:

"WHM Home » Service Configuration » Manage Service SSL Certificates"

Also, note that you should not keep a duplicate DNS zone for your hostname if you already have the "A" record for it added to another zone. Once you install the certificate for each service, you must access the service over the SSL certificate name to avoid mismatch warnings.

Thank you.

 

[vespera]

Thank you very much for your answer - somehow I completely skipped this "Manage Service SSL Certificates"... and I'll sort this A record issue.
If I understand it right, I can just delete the certificate that I've installed under SSL/TLS and install it using Manage Service SSL Certificates instead.
Is there anything else that I should be aware of when installing the certificate for cPanel/WHM/Webmail Service, Dovecot Mail Server, Exim (SMTP) Server and FTP Server? I assume nothing much will change in the way of using any of those services. I've enabled the "Always redirect to SSL" inside Tweak Settings", if that counts.
And, if I may ask another question, it's not much, but it's bothering me a bit - when I open "Show IP Address Usage", under HTTP Usage, I just can't get it to show my actual hostname like host.domain.com, instead, it's showing the original hostname that I got when I first purchased the VPS. I've checked my etc/hosts and etc/hostname files, but they seem OK. Where else should I look?
Thank you once again.

 

[cPanelMichael]

1. You can delete the certificate under "Manage SSL Hosts" if you prefer, but it's not required.

2. Try looking for and removing entries for the old hostname /var/cpanel/users/* or in /var/cpanel/userdata/nobody/* and then rebuild the Apache configuration file via:

/scripts/rebuildhttpdconf

Thank you.

 

[vespera]

Well, the part with the SSL worked as it should, as for the IP usage, maybe I've found the reason - the only file that I could find which still contains the original hostname is var/cpanel/userdata/nobody/main
The content of this file is

addon_domains: {}
main_domain: 1234.server.com
parked_domains: []
sub_domains:
- host.domain.com

Should I change the main domain here (this 1234.server.com was the original hostname)? And I'm not sure I understand why my hostname host.domain.com is listed as a subdomain and the original hostname as the main domain.
Thank's again

 

[cPanelMichael]

Yes, you can change the main domain name in this file and remove the subdomain. After you save the file, rebuild the Apache configuration file via:

/scripts/rebuildhttpdconf

Thanks.

 

[vespera]

Thank's a lot!