The Community Forums

Interact with an entire community of cPanel & WHM users.
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SSL-Certificate changed for EXIM every day

Discussion in 'E-mail Discussions' started by curana, May 1, 2016.

  1. curana

    curana Member

    Joined:
    May 1, 2016
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Berlin
    cPanel Access Level:
    Root Administrator
    Hi,

    We are running cPanel WHM 56.0 (build 9) and am facing the following issue for a few days now: Our Emailserver has a SSL certificate installed (RapidSSL). This matches the hostname of the email server and works fine.

    However for a few days cPanel replaces this certificate by a self-signed certificate every night. Then the clients receive a "Server name mismatch" error in Outlook.

    When I set the certificate back to the RapidSSL certificate, it works. How can I stop cPanel to replace the certificate every night?

    Thanks for help!
     
  2. 0884094

    0884094 Member

    Joined:
    Nov 14, 2013
    Messages:
    7
    Likes Received:
    2
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    Same problem here (actually worse, it is overwriting all our certs every day).

    I believe this is a new feature in v56, as per The cPanel Market Provider, and free hostname SSLs | cPanel Blog and the fix is to touch "/var/cpanel/ssl/disable_auto_hostname_certificate". I just ssh'ed in as root as ran:

    touch /var/cpanel/ssl/disable_auto_hostname_certificate

    Like you, we already had valid real SSL certificates assigned to our services (but using wildcard certs, not the exact literal hostname assigned to the server) and yet cPanel's nightly task was generating their own certs and replacing ours.
     
  3. curana

    curana Member

    Joined:
    May 1, 2016
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Berlin
    cPanel Access Level:
    Root Administrator
    This fixed it?
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,450
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    The blog mentioned above, explains this:
     

    Attached Files:

  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,723
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    A resolution for wildcard certificates was included in cPanel version 56.0.9:

    Implemented case CPANEL-5841: Wildcard certs that do not match the hostname should not be replaced.

    Thank you.
     
  6. 0884094

    0884094 Member

    Joined:
    Nov 14, 2013
    Messages:
    7
    Likes Received:
    2
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    Hi curana, I expect this change will fix it, but I just researched/fixed the issue, so I have to wait a day or two to fully confirm. That said, it's a new documented feature doing what it's supposed to do, so I have high confidence that this is the fix you & I need.
     
  7. curana

    curana Member

    Joined:
    May 1, 2016
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Berlin
    cPanel Access Level:
    Root Administrator
    I applied it and will see tomorrow. Thanks for your help!
     
  8. curana

    curana Member

    Joined:
    May 1, 2016
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Berlin
    cPanel Access Level:
    Root Administrator
    Did it fix your Problem?
    For me seems it didnt.
     
  9. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,723
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    Would you mind opening a support ticket so we can take a closer look? You post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
  10. 0884094

    0884094 Member

    Joined:
    Nov 14, 2013
    Messages:
    7
    Likes Received:
    2
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    Yes, my problem was fixed -- the SSL certs stopped changing on their own after I touched that file, and after I'd once again manually selected the correct certs at WHM > Manage Service SSL Certificates.

    We're running WHM 56.0 (build 9).
     
  11. curana

    curana Member

    Joined:
    May 1, 2016
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Berlin
    cPanel Access Level:
    Root Administrator
    They will fix it with CPANEL-6058 in the next release.
     
  12. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,723
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    To clarify, that case is addressed with CPANEL-5951 in cPanel 56.0.13:

    Fixed case CPANEL-5951: /var/cpanel/ssl/disable_service_certificate_management disables checkallsslcerts.

    You can now use this touch file to disable the automatic replacement of the certificate.

    Thank you.
     
Loading...

Share This Page