Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

SSL certs are not updating properly.

Discussion in 'General Discussion' started by jols, Jan 26, 2010.

  1. jols

    jols Well-Known Member

    Mar 13, 2004
    Likes Received:
    Trophy Points:
    cPanel 11.25.0-R42404 - WHM 11.25.0 - X 3.9
    REDHAT Enterprise 5.4 i686 standard

    The following is occurring with multiple cPanel servers:

    I've double-confirmed this. Here's what is going on (using the SSL/TLS links in WHM):

    1 -- A new CSR is made via the link - Generate a SSL Certificate and Signing Request

    2 -- The certificate provider releases the new SSL certificate.

    3 -- The newly updated certificate is installed (the customer already has a cert installed which is about to expire). Here the message we get on the WHM page:
    (I've changed the domain name of the account in the message below)
    Installing SSL Certificate
    Waiting for httpd to restart..............finished. httpd (/usr/local/apache/bin/httpd -k start -DSSL) running as root with PID 18072 httpd started ok Certificate verification passed is already configured for SSL on Updating Certificate Only!

    The Certificate for the domain was installed on the IP
    Finished SSL Install Process for (

    4 -- I clear the browser cache, use two different browsers, use a freshly downloaded browser, etc. then I visit a secure page at the effected domain and I get this:

    "Expires Wednesday, February 3, 2010..."

    .. i.e. the certificate is NOT updated.

    5 -- I pico into httpd.conf to get the link to the SSL cert that this specific account is using, i.e. I look at this section:

    SSLCertificateFile /etc/ssl/certs/
    SSLCertificateKeyFile /etc/ssl/private/
    SSLCACertificateFile /etc/ssl/certs/
    ErrorLog /usr/local/apache/domlogs/
    CustomLog /usr/local/apache/domlogs/ combined
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
    <Directory "/home/quality/public_html/cgi-bin">
    SSLOptions +StdEnvVars

    6 -- I pico into this file:

    ... and visually compare the certificate code with the new certificate code. IT'S DIFFERENT!

    7 -- I go back to the httpd.conf file and look further down the list. BINGO, there is a second entry for this domain/account:

    <IfDefine SSL>


    ... and this link is different (it contains the "www" version of the domain/address).

    SSLCertificateFile /etc/ssl/certs/

    I pico this cert file - /etc/ssl/certs/

    And indeed THIS certificate is the new one, i.e. it IS the same as the new certificate code.


    In conclusion: The cPanel system (A), does not update the SSL code for both the "www" and the non "www" versions of the account's URL. AND (B), the cPanel system continues to use the older, non "www" version for both address versions used at the browser, i.e. for both:

    and for

    Both addresses show the cert is soon to expire.


    NOW: Here's what's kind of infuriating about this:

    IF I try to correct this flaw in a logical manner, it will crash the Apache system!

    What I try to do in this case is stuff like this.

    cp /etc/ssl/certs/ /etc/ssl/certs/

    cp /etc/ssl/certs/ /etc/ssl/certs/

    Then I use:
    /etc/rc.d/init.d/httpd configtest

    ... and get:
    Syntax OK

    Then I restart Apache and run a status and get this:
    Looking up localhost
    Making HTTP connection to localhost
    Alert!: Unable to connect to remote host.
    Not until I replace the original out-of-date cert (cp, am I able to bring up Apache again.

    SO, THEN I attempt the illogical solution and it works:

    Namely I go into WHM --> SSL Key/Crt Manager. Then find and copy out the customers Key.
    (Note: I find two different keys in this case.)

    Then I EDIT the httpd.conf file, manually editing out both the domain's :443 entries (even though there is the "AUTOMATICALLY GENERATED..." comment to NOT do this). And the I save the file.

    I restart Apache and everything is fine.

    Then I install the new SSL cert, and this time cPanel acts like I am installing a brand new cert, as opposed to an update.

    Apache survives. And the new expiration date is now properly reflected in a browser test. SOLUTION, the cert is now updated properly.


    Is there anyway you guys could please fix this one? This issue has persisted ever since this last (major) update that came down the pike a month or so ago.

    Thank you.
    #1 jols, Jan 26, 2010
    Last edited: Jan 26, 2010
  2. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst Staff Member

    Nov 5, 2008
    Likes Received:
    Trophy Points:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    DataCenter Provider
    Thank you for the information. I believe the reported issue will be resolved per corrections within internal case ID #37419 -- the fix is scheduled to be back-merged into 11.25.0 following additional Quality Assurance testing. Beyond this I do not have an ETA available, but it is being given appropriate priority.

    Please be aware that the best avenue to report bugs is via our ticket system using the link in the top-right corner of the forums, labeled Bugs; using this method helps to ensure greater efficiency, accuracy in diagnosis, full and in-depth investigation and faster resolution. Thank you for your understanding.
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice