SSL Installation Trouble (Guidance Requested)

Phylum

Active Member
Apr 20, 2010
33
0
56
As the title indicates, I'm not having any luck getting a cert installed. Perhaps I used some wacky method? Here's what I did.

Last month (6/26) I generated the .KEY & .CSR via
Code:
openssl genrsa -des3 -out certificate.key 204
openssl req -new -key certificate.key -out certificate.csr
I finally got around to purchasing the cert today. During the creation process when asked, I copied the contents of the .CSR into the form. I received the zip from godaddy with the domain.CRT and gd_bundle.CRT

Try 1
  • Pasted contents of domain.CRT into first field
  • Page auto-populates with domain, user & IP information
  • Page also populates .KEY field automagically
  • Left the .key field alone.
  • Pasted the contents of gd_bundle.crt into the ca bundle field
Error: SSL install aborted due to error: Modulus mismatch, key file does not match certificate. Please use the correct key file

Try 2
  • Pasted contents of domain.CRT into first field
  • Page auto-populates with domain, user & IP information
  • Page also populates .KEY field automagically
  • Cleared .key field & pasted contents of the .CSR
  • Pasted the contents of gd_bundle.crt into the ca bundle field
Error: SSL install aborted due to error: Failed to extract key modulus. Key is invalid: unable to load Private Key 6970:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:647:Expecting: ANY PRIVATE KEY

Try 3
  • Pasted contents of domain.CRT into first field
  • Page auto-populates with domain, user & IP information
  • Page also populates .KEY field automagically
  • Cleared second field & pasted contents of the .KEY
  • Pasted the contents of gd_bundle.crt into the ca bundle field
Error: SSL install aborted due to error: ok

Can someone help me identify what I did wrong? Is it becuase I did not use the 'Generate an SSL Certificate Signing Request' option in the SSL/TLS menu?
 

Phylum

Active Member
Apr 20, 2010
33
0
56
Thank you for taking the time to read through and reply.

When you say...
... you need to paste in your private key that was created when you generated the CSR on your own.
Can you confirm what field the private key (the .KEY file yes?) should go in: First? Second? Third?

Should it be the entire contents of the key including the
Code:
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-CBC,0204AD0E097AC28B

SpUN8vrvxMK....
-----END RSA PRIVATE KEY-----
Or just the
Code:
-----BEGIN RSA PRIVATE KEY-----
SpUN8vrvxMK....
-----END RSA PRIVATE KEY-----
I tried that in Try 2 above, but it didn't work. I understand that WHM has its own CSR generator, but the manual method should also work, right?
 
Last edited:

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,607
40
248
somewhere over the rainbow
cPanel Access Level
Root Administrator
The key you would need to go into the second box would be like this:

Code:
-----BEGIN RSA PRIVATE KEY-----
SpUN8vrvxMK....
-----END RSA PRIVATE KEY-----
If that isn't working, please open up a ticket and provide the .crt, .key and cabundle files for us to try to install the certificate for you. You can submit a ticket either using the link in my signature or in WHM > Support Center > Contact cPanel location. Please post the ticket number here upon opening one.
 

joako

Well-Known Member
Aug 7, 2003
112
2
168
cPanel Access Level
DataCenter Provider
The key you would need to go into the second box would be like this:

Code:
-----BEGIN RSA PRIVATE KEY-----
SpUN8vrvxMK....
-----END RSA PRIVATE KEY-----
If that isn't working, please open up a ticket and provide the .crt, .key and cabundle files for us to try to install the certificate for you. You can submit a ticket either using the link in my signature or in WHM > Support Center > Contact cPanel location. Please post the ticket number here upon opening one.

Can you just give us the info? I hate this hand holding and I hate to have others login to my servers.

I try to update a expired certificate and it doesn't work due to odd errors:

Error
SSL install aborted due to error: ok

1) where is the SSL config stored?
2) Where are the logs?
3) How do I update the certificate file? Because under mange SSL > Delete .crt it shows it is located at
ERROR: Could not remove nonexistent crt “/etc/ssl/certs/.crt”.

Tell us this and we don't even have to bother you guys about it. I can't stand every ticket I file no help is provided to me, always "we need to access the server" Yes I understand cpanel is made for idiots, the diehard linux people mostly hate it. But there are some competent cpanel users out there!
 

joako

Well-Known Member
Aug 7, 2003
112
2
168
cPanel Access Level
DataCenter Provider
I manage to get the certificate working by editing the sitename.crt manually in /etc/ssl/certs directory.

However now in cpanel it shows .crt still and all these errors.

Please someone tell me where cpanel stores the certificate filename to update this so we can continue to mange the ssl in cpanel. No you can not access my servers.
 

boskee

Registered
Mar 25, 2014
1
0
1
cPanel Access Level
Root Administrator
Code:
openssl genrsa -des3 -out certificate.key 204
openssl req -new -key certificate.key -out certificate.csr
I finally got around to purchasing the cert today. During the creation process when asked, I copied the contents of the .CSR into the form. I received the zip from godaddy with the domain.CRT and gd_bundle.CRT
I just had the same problem with the certificate. You have to unencrypt your private key before pasting it into cPanel/WHM:

openssl rsa -in my_key.key -out my_unencrypted_key.pem

You then have to paste the contents of my_unecrypted_key.pem, not the encrypted one.

I realize it is an old thread, but it is the first result in Google when searching for this issue, so I thought it may be helpful to others.