As mentioned in the title, we have faced an issue with installing cPanel-issued SSL certificate for services (exim, cPanel, FTP etc.). As a result, certificate that is being installed is self-signed and produces security warnings in client browsers. Here is the part of error log:
Let us know if any more info is needed.
Code:
# /usr/local/cpanel/bin/checkallsslcerts --verbose
The system will check for the certificate for the “cpanel” service.
The system will attempt to replace the self-signed certificate for the “cpanel” service with a signed certificate from the cPanel Store.
The system will attempt to install a certificate for the “cpanel” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “cpanel” service.
The system will attempt to install a certificate for the “cpanel” service from the cPanel store.
Received error “X::NoCertificate” from cPanel Store (No free ssl certificate found for this IP); requesting new certificate …
Setting up HTTP DCV (/var/www/html/.well-known/pki-validation/5624D84189B1B926829ADB003F1A6315.txt) …
… complete.
Setting up DNS DCV (CNAME _5624d84189b1b926829adb003f1a6315.hostname.com) …
… complete.
Attempting DNS DCV preflight check …
… success!
Undoing previous HTTP DCV setup (/var/www/html/.well-known/pki-validation/E951377F44A947DDB670A02582365628.txt) …
… done.
Undoing previous DNS DCV setup (CNAME _e951377f44a947ddb670a02582365628.hostname.com) …
… done.
The system will check for the certificate for the “dovecot” service.
The system will attempt to replace the self-signed certificate for the “dovecot” service with a signed certificate from the cPanel Store.
The system will attempt to install a certificate for the “dovecot” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “dovecot” service.
The system will check for the certificate for the “exim” service.
The system will attempt to replace the self-signed certificate for the “exim” service with a signed certificate from the cPanel Store.
The system will attempt to install a certificate for the “exim” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “exim” service.
The system will check for the certificate for the “ftp” service.
The system will attempt to replace the self-signed certificate for the “ftp” service with a signed certificate from the cPanel Store.
The system will attempt to install a certificate for the “ftp” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “ftp” service.
The cPanel Store is processing the hostname certificate request.
The system will check the cPanel Store again the next time that “/usr/local/cpanel/bin/checkallsslcerts” runs.