I discovered tonight that my users cannot install SSL certs from their cPanel even though they should be able to, and I had to install an SSL cert for a customer tonight from WHM instead. I thought it might be good to post this here, possibly to help others, but also to get feedback from other hosts who may have run into this issue also.
Here is my checklist to make sure everything on the server is/was set properly to allow users to install SSL certs directly in their cPanel (if I've left anything out or overlooked anything, I would sure appreciate someone pointed it out):
A). In WHM >> Tweak Settings >> System I have "Allow cPanel users to install SSL Hosts if they have a dedicated ip." checked.
B). I have the customer set up on a package that allows dedicated IP, and I assigned the domain it's own IP address. In fact, right in the user's cPanel in the "General Account Information" column it shows "Dedicated IP Address" right under their hosting package (cPanel X theme).
C). The icons for "SSL Manager" and "SSL Installer" are clearly present in the user's cPanel.
Now, here are the exact steps I followed while logged directly into the user's cPanel, which as supposedly the right steps, but ultimately failed:
1. I logged into the customer's cPanel (directly, as them) and:
A) Clicked "SSL Manager" and generated a private key for their domain
B) generated the CSR.
2. I logged into the customer's GoDaddy account (since they purchased their SSL cert there) and pasted the CSR into the appropriate field and submitted it, the customer recieved the email confirmation and approved/confirmed it, and received the .zip file containing the bundle .crt and domain .crt (and unzipped it to my desktop).
3. I logged back in to the customer's cpanel and:
A) Went to SSL Manager >> Certificates (CRT)
B) Used the "Browse" and "Upload" feature to upload each .crt file individually. This area now showed, correctly, that ther certificate for their domain exists on the server.
4. I want to the SSL Installer section of the customer's cPanel and chose their domain in the dropdown list (with the www's, since that is how they ordered the cert) and the fields for crt / key / bundle all automatically populated (like they should).
5. I clicked the "DO IT" button, but nothing happened. The status on the page still said "Currently Active SSL Host: none", and going to their site in a browser via https:// returned a typical page doesn't exist type of page.
I waited for a while in case it needed time to "process", but nothing happened. Then I decided to re-try the install step, but still no luck, same results.
At this point I was baffled, and thought to myself "hmmm... maybe this feature in cPanel doesn't work properly...", and decided to try it through WHM.
So then I logged into WHM as root and:
1. Went to SSL/TLS >> Install a SSL Certificate and Setup the Domain
2. Entered their dedicated IP in the IP address field, and all of the sections auto-populated (crt / key / bundle / domain / user), and clicked SUBMIT.
That did it! Instantly their domain was now accessable via https://
So all I can say is,
wtf? (f standing for fudge
)
Unless I've overlooked something, it seems the feature for allowing users to install SSL certs from within their cPanel does not work properly.
Can anyone confirm or deny? Does it look like I missed anything or did anything wrong in my steps?
Server config:
RHEL 4
Apache 2.2.6
PHP 5.2.5
mySQL 5.045
WHM 11.15.0 cPanel 11.18.3-R21703
REDHAT Enterprise 4 i686 on standard - WHM X v3.1.0
Any feedback or opinions would be greatly appreciated, thanks much!
Here is my checklist to make sure everything on the server is/was set properly to allow users to install SSL certs directly in their cPanel (if I've left anything out or overlooked anything, I would sure appreciate someone pointed it out):
A). In WHM >> Tweak Settings >> System I have "Allow cPanel users to install SSL Hosts if they have a dedicated ip." checked.
B). I have the customer set up on a package that allows dedicated IP, and I assigned the domain it's own IP address. In fact, right in the user's cPanel in the "General Account Information" column it shows "Dedicated IP Address" right under their hosting package (cPanel X theme).
C). The icons for "SSL Manager" and "SSL Installer" are clearly present in the user's cPanel.
Now, here are the exact steps I followed while logged directly into the user's cPanel, which as supposedly the right steps, but ultimately failed:
1. I logged into the customer's cPanel (directly, as them) and:
A) Clicked "SSL Manager" and generated a private key for their domain
B) generated the CSR.
2. I logged into the customer's GoDaddy account (since they purchased their SSL cert there) and pasted the CSR into the appropriate field and submitted it, the customer recieved the email confirmation and approved/confirmed it, and received the .zip file containing the bundle .crt and domain .crt (and unzipped it to my desktop).
3. I logged back in to the customer's cpanel and:
A) Went to SSL Manager >> Certificates (CRT)
B) Used the "Browse" and "Upload" feature to upload each .crt file individually. This area now showed, correctly, that ther certificate for their domain exists on the server.
4. I want to the SSL Installer section of the customer's cPanel and chose their domain in the dropdown list (with the www's, since that is how they ordered the cert) and the fields for crt / key / bundle all automatically populated (like they should).
5. I clicked the "DO IT" button, but nothing happened. The status on the page still said "Currently Active SSL Host: none", and going to their site in a browser via https:// returned a typical page doesn't exist type of page.
I waited for a while in case it needed time to "process", but nothing happened. Then I decided to re-try the install step, but still no luck, same results.
At this point I was baffled, and thought to myself "hmmm... maybe this feature in cPanel doesn't work properly...", and decided to try it through WHM.
So then I logged into WHM as root and:
1. Went to SSL/TLS >> Install a SSL Certificate and Setup the Domain
2. Entered their dedicated IP in the IP address field, and all of the sections auto-populated (crt / key / bundle / domain / user), and clicked SUBMIT.
That did it! Instantly their domain was now accessable via https://
So all I can say is,
Unless I've overlooked something, it seems the feature for allowing users to install SSL certs from within their cPanel does not work properly.
Can anyone confirm or deny? Does it look like I missed anything or did anything wrong in my steps?
Server config:
RHEL 4
Apache 2.2.6
PHP 5.2.5
mySQL 5.045
WHM 11.15.0 cPanel 11.18.3-R21703
REDHAT Enterprise 4 i686 on standard - WHM X v3.1.0
Any feedback or opinions would be greatly appreciated, thanks much!
Last edited: