The certificate could not be installed on the domain

[Attila Szeremi]

After having uploaded a renewed certificate to cPanel, I'm trying to install it, but I'm getting:

The certificate could not be installed on the domain "example.com".
error "example.com" already has a website on the IP address "67.225.100.100", but you requested to add an SSL website for that domain onto the IP address "67.225.101.101". A single domain may not have websites on more than one IP address.

(I have redacted the domain and IPs for privacy reasons.)

I tried going to WHM's Show IP Address Usage, and I couldn't find 67.225.101.101 used anywhere.
I also tried running `grep ip: /var/cpanel/userdata/**/*` as root on the server, and I'm finding mostly 67.225.100.100 (good IP), but no 67.225.101.101 at all.

I've tried contacting GoDaddy support who the SSL certificate is coming from, but they said this is a cPanel issue, or an issue with the server.

cPanel and WHM versions are 56.0.52.

Any ideas on what's causing this and how it could be fixed?

 

[GOT]

Is the 101 ip actually bound to your server? (ifconfig will show this)

Does the domain actually resolve to the 101 ip?

When installing the certificate, did you use thw WHM interface and put the certificate in the box and use the autofill button?

 

[Attila Szeremi]

GOT: I've checked, and the 101 IP does not appear in ifconfig. The 100 IP, however, does.

When installing the certificate, I used the cPanel interface, I clicked Browse Certificates, and have chosen the new certificate that expires on 2020. That autofilled all the three certificate related textarea fields; I did not have to press the autofill button myself for that.

 

[GOT]

Just for grins, I would suggest trying the WHM interface. The WHM interface should pull the IP and you could then manually change it to 100 as I recall.

 

[Attila Szeremi]

GOT: thanks, I was able to install the certificates successfully using WHM instead of cPanel!

Interestingly, I didn't see the 101 IP listed anywhere there either. Also, I couldn't see 100 among the list of IP Addresses in the dropdown in "Install an SSL Certificate on a Domain"; but leaving it empty for Auto-discover worked.
A little note that after browsing for the certificate, it auto-filled the Domain field with *.example.com (the certificate is for a wildcard), but the warning said:

We recommend that users manage individual subdomains (e.g., “sample1.example.com”, “sample2.example.com”) instead of a single wildcard subdomain (e.g., “*.example.com”).

That scared me a little, so I opted for installing the certificate for the main and subdomains one by one. But maybe I could have just left it at *.example.com with no problem.

In any case, the problem is solved, thanks

 

[GOT]

I would do it like you are doing it. Each subdomain gets its own vhost entry and needs the certificate applied to it. The only way you can avoid this would be to set the account up on its own IP with no other sites and make sure all the domains use that IP instead, but really the way you are doing it is the way I advise people to do so.

 

[Attila Szeremi]

Cool. There were a couple of subdomains pointing to a different IP address than 100 by the way. (Not 101 though, mind you.)

 

[GOT]

Something is funky with that, it should not be doing that. Though I do not know how to advise you to start looking, if this were a client, I would just have to jump in and start digging around.

 

[cPanelMichael]

cPanel and WHM versions are 56.0.52.

Hello @Attila Szeremi,

cPanel & WHM version 56 reached End Of Life status in October of 2017. When a release of cPanel & WHM no longer exists in any release tier and reaches End of Life (EOL), we no longer guarantee support for that release of software. Also, we no longer release security updates and bug fixes for that release. I recommend upgrading to a supported version of cPanel & WHM at your earliest convenience.

If you start a cPanel update that includes multiple major version upgrades of cPanel & WHM (e.g. version 56 to version 80), the cPanel & WHM update process (upcp) will automatically upgrade your server to each intermediate version. The update process performs compatibility checks for each intermediate version prior to the upgrade to that version. You can look over our Upgrade Requirements document to check for potential compatibility issues prior to starting the update.

When you're ready to start the update, browse to WHM >> Update Preferences to specify your server's new update settings and release tier. Then, browse to WHM >> Upgrade to Latest Version and click on the "Click To Upgrade" button.

Let me know if you have any questions.

Thank you.