Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Valid Root CA Certificate could not be located

Discussion in 'Security' started by vicos, Jan 24, 2019.

  1. vicos

    vicos Well-Known Member

    Joined:
    Apr 18, 2003
    Messages:
    73
    Likes Received:
    1
    Trophy Points:
    158
    All of the SSL certificates on one server are failing validation with:

    A valid Root CA Certificate could not be located, the certificate will likely display browser warnings.

    This includes Comodo certificates I purchased and Cpanel AutoSSL certificates. Everything is AutoSSL these days.

    The only SSL on the server that passes the validation is the 2087 port for whm.

    I had my ISP support look at it and they can't find the problem. He wanted to rebuild Apache, but I said no because there are mission critical apps running that *might* break.

    Some SSL checkers point to missing intermediate certificates.

    Any ideas if we can fix this? It's causing real problems as some firewalls are blocking domains with bad SSL and Facebook refuses to talk to us on SSL.

    TIA!
     
  2. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,141
    Likes Received:
    474
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hello @vicos

    What happens when you run autoSSL for the domains? Is anything output in the logs? You can view the AutoSSL output in the logs at WHM>>SSL/TLS>>Manage AutoSSL -> Logs


    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. vicos

    vicos Well-Known Member

    Joined:
    Apr 18, 2003
    Messages:
    73
    Likes Received:
    1
    Trophy Points:
    158
    No, all is green for all domains. But, as I noted, this same exact thing was happening before AutoSSL with certificates I purchased elsewhere (Also Comodo, I believe). Once they expired, I let AutoSSL install the replacement certificate, hoping it would fix the issue, but no luck.

    It sounds like the server does not have the intermediate chain for Comodo. But, I have no idea how to investigate/fix this.

    I see that I have one domain that still has a cert I purchased. I can give you 2 URLs to run thru a validator, but I don't want to post them here online.
     
    #3 vicos, Jan 28, 2019
    Last edited: Jan 28, 2019
  4. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,141
    Likes Received:
    474
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @vicos

    That's fine, it's not a good idea to post domains and we remove them when they're added. Can you please open a ticket using the link in my signature? Once open please reply with the Ticket ID here so that we can update this thread with the resolution once the ticket is resolved.


    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. vicos

    vicos Well-Known Member

    Joined:
    Apr 18, 2003
    Messages:
    73
    Likes Received:
    1
    Trophy Points:
    158
    Your Support Request ID is: 11313023
     
  6. vicos

    vicos Well-Known Member

    Joined:
    Apr 18, 2003
    Messages:
    73
    Likes Received:
    1
    Trophy Points:
    158
    The issue was diagnosed and the only way to fix is to rebuild apache.
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice