The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SSL certificate renewal problem in WHM

Discussion in 'General Discussion' started by Bdzzld, Sep 16, 2008.

  1. Bdzzld

    Bdzzld Well-Known Member

    Joined:
    Apr 3, 2004
    Messages:
    356
    Likes Received:
    1
    Trophy Points:
    18
    Hi,

    I'm unable to renew a web site's SSL certificate through WHM. This is what I normally do :

    1)SSL/TLS->Install a SSL Certificate and Setup the Domain
    2)Domain Browse->Select domain name to be updated
    3)The .csr, .key and .ca fields are being filled
    3)Paste the new certificate in the .ca field
    5)Press submit
    6)WHM now shows the message :

    "Installing SSL Certificate
    Certificate verification passed

    www.xxxxxxx.xxx is already configured for SSL on xxx.xxx.xxx.xx. Updating Certificate Only!

    Finished Install Process.. "

    Now when I restart from step 1 through 3 the old SSL certificate is still shown and not the one I supposedly succesfully renewed. Any ideas?

    Thanks.
     
  2. acenetgeorge

    acenetgeorge Well-Known Member
    PartnerNOC

    Joined:
    Mar 6, 2008
    Messages:
    64
    Likes Received:
    2
    Trophy Points:
    8
    Location:
    Southfield, MI
    cPanel Access Level:
    DataCenter Provider
    If you have the .crt, .key and .ca files for the new certificate, you may want to delete the old SSL certificate. Then install the new files.
     
  3. Bdzzld

    Bdzzld Well-Known Member

    Joined:
    Apr 3, 2004
    Messages:
    356
    Likes Received:
    1
    Trophy Points:
    18
    First deleting the certificate and then recreating it will - although temporarily - leave the web site without a SSL connection. I'm looking for another option if possible. Thanks though for your suggestion.
     
  4. Bdzzld

    Bdzzld Well-Known Member

    Joined:
    Apr 3, 2004
    Messages:
    356
    Likes Received:
    1
    Trophy Points:
    18
    Can someone from cPanel please verify if this is a(n) (un)known bug in the latest Stable release ?

    Thanks.
     
  5. mambovince

    mambovince Well-Known Member

    Joined:
    Jan 15, 2005
    Messages:
    192
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    London, UK
    I can confirm the same issue as yourself only 1 week ago and also using stable release.

    Even tried deleting current certificate using WHM but the old cert details kept coming up.

    The only way we managed to install the renewal was:

    1. Renamed ssl directory to ssl_BAK under home directory.
    2. Removed SSL from WHM and made sure that httpd.conf do not have any entry for ssl.
    3. Moved key, cabundle, crt files to /usr/share/ssl/userdomain_ssl folder from /usr/share/ssl/private and /usr/share/ssl/certs.
    4. Restarted http and cpanel service.

    - Vince
     
  6. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,458
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    What was the process in cPanel/WHM for obtaining the new certificate?
     
  7. Bdzzld

    Bdzzld Well-Known Member

    Joined:
    Apr 3, 2004
    Messages:
    356
    Likes Received:
    1
    Trophy Points:
    18
    Hi Kenneth,

    It's not a server-generated SSL certificate but a commercial one.
    Added it to Bugzilla : #7669

    Regards.
     
    #7 Bdzzld, Sep 18, 2008
    Last edited: Sep 18, 2008
  8. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,458
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    If the key and csr are generated in cPanel, those are stored in ~/ssl and always have priority when fetching the SSL information.

    If the key and csr are generated in WHM, those are stored in /usr/share/ssl and will be used during the install if /home/user/ssl does not exist, or the files are missing in /home/user/ssl

    The SSL Installer in WHM will fetch the Certificate and Key in the following order:

    1. /home/user/ssl (where user is the account that owns the domain receiving the SSL Certificate)
    2. /usr/share/ssl (only if /home/user/ssl does not exist, or does not contain the files for the domain receiving the SSL Certificate).
    3. No where, in the case of a domain that never had a SSL Certificate

    Hence, the SSL Installer in WHM will always show the files stored on the file system from either /home/user/ssl or /usr/share/ssl.


    When obtaining the updated SSL Certificate, did you generate a new CSR and Key, or are you re-using the CSR and Key from the older Certificate?

    Which parts of the entire process were done in cPanel and which in WHM?


    Please note in your original post you make the following statements:

    There is no .csr field in the SSL Installer in WHM. The fields are CRT, Key and CA Bundle

    The Certificate should be pasted in the top-most field, the CRT field. Only the CA Bundle, containing all the intermediary Certificates, should be pasted in the CA Bundle field.
     
    #8 cPanelKenneth, Sep 18, 2008
    Last edited: Sep 18, 2008
  9. Bdzzld

    Bdzzld Well-Known Member

    Joined:
    Apr 3, 2004
    Messages:
    356
    Likes Received:
    1
    Trophy Points:
    18
    The old CSR was submitted to RapidSSL. The new key was received after payment by e-mail.

    All were done in WHM.
     
  10. ThinIce

    ThinIce Well-Known Member

    Joined:
    Apr 27, 2006
    Messages:
    346
    Likes Received:
    7
    Trophy Points:
    18
    Location:
    Disillusioned in England
    cPanel Access Level:
    Root Administrator
    Having a similar problem on release with SSL renewals.

    - Generate new CSR within WHM
    - Purchase cert at comodo.
    - Install via WHM
    - Old cert is still shown on website.
    - When httpd is restarted cert comes up as self signed in browsers :s
    - Manually replacing /usr/share/ssl/certs/www.domainhere.co.uk.crt and restarting httpd corrects this.
     
  11. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,458
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    The auto-fetching will only retrieve what is on the file system. Since the older data (Key, Cert, CSR) are on the file system that is what will be fetched for display.

    Once you add the new data via the form and submit it, it will over write (after making a backup) what is there.
     
  12. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,458
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Full cPanel version number, please.
     
  13. Bdzzld

    Bdzzld Well-Known Member

    Joined:
    Apr 3, 2004
    Messages:
    356
    Likes Received:
    1
    Trophy Points:
    18
    Nope. It does not overwrite the old one. WHM claims it has updated the certificate, but still shows the old one after checking it regardless.
    Using the latest stable release : WHM 11.23.2 cPanel 11.23.6-S27225.
     
  14. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,458
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Please open a support ticket at https://tickets.cpanel.net/submit/

    We are not able to replicate this in our testing environment.
     
  15. Sash

    Sash Well-Known Member

    Joined:
    Feb 18, 2003
    Messages:
    252
    Likes Received:
    0
    Trophy Points:
    16
    We experienced the same issue under the latest stable version. Updating to release fixed the problem.

    Mike
     
  16. Angel78

    Angel78 Well-Known Member

    Joined:
    May 9, 2002
    Messages:
    413
    Likes Received:
    1
    Trophy Points:
    16
    I also had this problem, WHM says that certificate is just being updated and it displays:

    instalation process finished (no apache restart...etc)


    workaround = I just removed the old .crt file and added new one.

    Using Latest Current. (it worked without issues few weeks ago when I was updating another cert)
     
  17. Bdzzld

    Bdzzld Well-Known Member

    Joined:
    Apr 3, 2004
    Messages:
    356
    Likes Received:
    1
    Trophy Points:
    18
    Well hopefully the problem is corrected then in the *next* stable release, as it's not yet now. Still had to manually look up the files and alter them in the current stable release.
     
  18. rsaylor

    rsaylor Well-Known Member

    Joined:
    Mar 27, 2003
    Messages:
    160
    Likes Received:
    1
    Trophy Points:
    18
    I was getting a blank page on SSL sites that were recently changed to a new IP address. Removing the crt, key, etc did nothing to resolve the issue. Rebooted the server, changed the IP again, still same issue. I finally upgraded to whatever is the latest.

    /scripts/upcp --force

    Restarted apache after that and all fixed. Odd that this did not affect working SSL sites, just those that were modified.
     
  19. ThinIce

    ThinIce Well-Known Member

    Joined:
    Apr 27, 2006
    Messages:
    346
    Likes Received:
    7
    Trophy Points:
    18
    Location:
    Disillusioned in England
    cPanel Access Level:
    Root Administrator
    Currently WHM 11.23.2 cPanel 11.23.6-R27698. Just renewed another cert. In this instance the following was the case.

    • Generate new CSR in WHM for domain with existing SSL cert (renewal).
    • Order cert from Comodo
    • Install new cert using WHM (paste cert into top box, other boxes are auto filled with correct values i.e with www.) correct IP and correct ca bundle - this is accepted and reported installed.
    • The correct value is not however written into the "www.userdomain.com.crt" file, what is written is the value from the "Certificate" section of the result of running the "Generate a SSL Certificate and Signing Request".
    • Looking in /usr/share/ssl/certs two new files for the userdomain.crt / cabundle have been created, but without the www. Visiting the domain leads to browser complaint that the cert is self signed.
    • Pop the correct new cert into www.userdomain.com.crt and all is again fine.

    Which is... rather odd :p I'm happy to open a ticket next time we're due to renew one unless you see something braindead about the above process...
     
  20. shortfork

    shortfork Well-Known Member

    Joined:
    Sep 4, 2006
    Messages:
    63
    Likes Received:
    0
    Trophy Points:
    6
    Similar problems...

    I could not for the life of me get a cert installed/renewed via the CP... what I wound up doing was getting a new cert, going to /etc/ssl/certs/www.domainname.ext.crt and simply overwrote the old cert with the new one..

    Restart httpd... worked.

    Someting is borked with the WHM and user panels though.. I've had this problem before..

    Shortz
     
Loading...

Share This Page