The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SSL Cert Installation for domain

Discussion in 'General Discussion' started by Bruce123, May 30, 2014.

  1. Bruce123

    Bruce123 Active Member

    Joined:
    Jul 19, 2005
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    I have generated a CSR and receive an authority-issued SSL cert for www.domain.com. When I attempted to install it on www.domain.com it did not install and I received this message:

    "The IP address “nn.nn.nn.nn” is dedicated to the user “[User]”. If you really want to install this certificate on this IP address, you must add the domain “WWW.DOMAIN.COM” to the “[User]” account before you continue."

    - isn't www. there (in the user account) by default?

    I backed out, attempted again, the certificate did install on this attempt, but this time I received a different message along these lines: the certificate you installed supports both domain.com and www.domain.com, but is only going to work for domain.com (sorry, I neglected to copy the exact message).

    The cert is from DigiCert, whose certificate is indeed intended to secure www.domain.com (primarily) and domain.com (added bonus!). But I don't get why www. is not being secured. How can I fix this?

    Thanks in advance for your help.
     
  2. vanessa

    vanessa Well-Known Member
    PartnerNOC

    Joined:
    Sep 26, 2006
    Messages:
    817
    Likes Received:
    22
    Trophy Points:
    18
    Location:
    Virginia Beach, VA
    cPanel Access Level:
    DataCenter Provider
    Ignore the second message and install the cert anyways to actually confirm whether www will work. cPanel checks the certificate's CN to determine what hostnames it is valid for, and it's not always correct.
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    It's interesting that you received two separate messages when attempting to complete the same action. Please let us know the outcome/behavior after installing the certificate.

    Thank you.
     
  4. Bruce123

    Bruce123 Active Member

    Joined:
    Jul 19, 2005
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    Thank you for your replies. To clarify the above - The cert did install on the second attempt, after which I received the message that both forms of the domain name would not be supported.

    As of now, the DNS does not point to this server - we're finishing installations and software testing. The DNS changes will be made early next week. I will test it and report then.

    Thanks again for your help.
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  6. Bruce123

    Bruce123 Active Member

    Joined:
    Jul 19, 2005
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    The propagation is now complete, and the cert does work and report properly for the domain with and without the www.

    Many thanks to vanessa and CP Michael for your helpful replies.
     
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  8. Bruce123

    Bruce123 Active Member

    Joined:
    Jul 19, 2005
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    Well, perhaps I spoke too quickly...

    I received an email from the CA advising me that the CA bundle had not been installed, that some browsers might complain. I tested on PC and Mac after installation, but I did some more extensive testing after receiving the email. Sure enough, some browsers are perfectly happy and can show the cert and the related information. Other browsers give the invalid certificate / untrusted website warning. Back to the WHM Cert management area, where I found some interesting things, and quite accidentally -

    At SSL/TLS »Install an SSL Certificate on a Domain:
    I typed "w" the into the "Domain" field, whereupon WWW.DOMAIN.COM appeared immediately below the field (as a selection). Notice all capital letters. I clicked that, hit the button for Autofill by Domain, and the fields for the Cert, Private Key and CA bundle all filled, green checks all around, and, under the Cert text area, the report:

    Domains: WWW.DOMAIN.COM
    DOMAIN.COM
    Issuer: DigiCert, Inc
    ...etc.

    Hmmm. So I thought I would poke around a bit more. Came back an hour later and, not paying much attention, typed www.domain.com into the "Domain" field. Notice all lower case. and clicked the Autofill button. This time, under the Cert box area was a warning that this was a self-signed certificate that would cause browser warnings. The contents of the private key area were correct, but the contents of the Cert area were not and the CA Bundle area was empty. So I pasted in the correct Cert and CA bundle and clicked Install. After a few minutes I received the message that I had successfully updated, but there was in fact no change to what appears when checking the all caps version or lowercase version - WWW fills and reports correctly, www reports self-signed.

    WHM "SSL Storage Manager" page lists:
    - Apache Resources: WWW_DOMAIN_COM
    - User Acct Resources: www.domain.com
    There's also a Key and Cert (no CSR) for localhost.localdomain in the user account section.

    WHM "Manage SSL Hosts" page lists:
    -domain.com

    Any ideas?

    Thanks for your help.
     
    #8 Bruce123, Jun 11, 2014
    Last edited: Jun 11, 2014
  9. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Could you open a support ticket so we can review what's configured already? You can post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
  10. Bruce123

    Bruce123 Active Member

    Joined:
    Jul 19, 2005
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    Ticket # 5083131. The tech has asked me to have the cert reissued. Not sure how it happened that we generated a CSR for lowercase and got a cert for uppercase.
     
Loading...

Share This Page