Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SSL problems...

Discussion in 'Security' started by 4u123, Aug 16, 2017.

  1. 4u123

    4u123 Well-Known Member
    PartnerNOC

    Joined:
    Jan 2, 2006
    Messages:
    788
    Likes Received:
    6
    Trophy Points:
    168
    So I look on any server and click the Manage SSL Hosts option. I see tons of "self signed" certificates that the customers did not install. What are they doing there? Plus I see lots of expired AutoSSL certs. What's up with that?

    This is a total mess. I'm not sure what you guys have been doing in these recent releases but you're causing us a lot of work to clean up this mess.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,080
    Likes Received:
    1,364
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello @4u123,

    Self-signed certificates are automatically installed if a signed certificate (either manually installed or through AutoSSL) is not available as of cPanel version 62. Here's the relevant section from the cPanel 62 Release Notes:

    cPanel version 66 includes an option to disable self-signed certificates. You can read about this on the following post:

    Problem with automatically generated self-signed SSL certificates

    Can you browse to the "Logs" tab in "WHM >> Manage AutoSSL" and let us know what you see in the log files for the accounts with expired AutoSSL certificates?

    Thank you.
     
  3. 4u123

    4u123 Well-Known Member
    PartnerNOC

    Joined:
    Jan 2, 2006
    Messages:
    788
    Likes Received:
    6
    Trophy Points:
    168
    A typically stupid idea.

    What happens if you enable AutoSSL on a user that has already had self-signed certs automatically installed? Will the AutoSSL cert override the self-signed cert? Or will that need deleting manually first?
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,080
    Likes Received:
    1,364
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    AutoSSL will automatically attempt to replace self-signed certificates when it's enabled on an account. EX:

    Code:
    4:32:02 AM Checking websites for “cpusername” …
    4:32:02 AM The website “domain.tld”, owned by “cpusername”, has a faulty SSL certificate (OPENSSL_VERIFY:0:18:DEPTH_ZERO_SELF_SIGNED_CERT NOT_ALL_DOMAINS). AutoSSL will attempt to replace this certificate. 
    Thank you.
     
Loading...

Share This Page