The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WHM Resets Service SSL on it's own

Discussion in 'General Discussion' started by rinkleton, Sep 7, 2016.

Tags:
  1. rinkleton

    rinkleton Active Member

    Joined:
    Jul 16, 2015
    Messages:
    29
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Cleveland
    cPanel Access Level:
    Root Administrator
    I set all the services to use a wildcard SSL instead of the default, self-signed one, but it seems like every night it resets itself to the self-signed one? Is this supposed to be happening? Is there a way to stop it?

    WHM 58 Build 26 - Cloudlinux 6.8
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    Free cPanel-signed certificates for the hostname are generated as of cPanel 56. Here's the relevant quote from the cPanel 56 Release Notes:

    If you create the /var/cpanel/ssl/disable_auto_hostname_certificate touch file, the system will no longer order, download, and install a free cPanel-signed hostname certificate. The system will still automatically replace expired service certificates with self-signed certificates.

    Thank you.
     
  3. rinkleton

    rinkleton Active Member

    Joined:
    Jul 16, 2015
    Messages:
    29
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Cleveland
    cPanel Access Level:
    Root Administrator
    Ah thanks. I'm guessing it's assuming it's 'Invalid'. Is that because the the cert is wildcard and doesn't know how test if that is a valid domain? Or is is it because our server's hostname (while being valid and resolving), is different from the host name on the ssl?
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    It shouldn't replace the certificate based on it being a wildcard SSL, as that issue was addressed in cPanel version 56:

    Implemented case CPANEL-5841: Wildcard certs that do not match the hostname should not be replaced.

    It's possible the replacement is due to the following condition:

    Has a weak signature algorithm.

    You can use the following command to determine the signature algorithm for your installed certificate:

    Code:
    openssl x509 -noout -text -in /var/cpanel/ssl/system/certs/$cert-name.crt|grep Signature
    Replace "$cert-name.crt" with the name of your wildcard certificate in /var/cpanel/ssl/system/certs/.

    Thank you.
     
Loading...

Share This Page