WHM SSL Certificate Issue

[OzyPhil]

Hello

I am trying to secure my WHM and cPanel accounts (not their domains) just the cPanel it's self.

I have cPanel (Sectigo) installed and Let's encrypt within the WHM panel and Globalsign within a user account for a domain.

both the Let's Encrypt and GS certificates work and the browser displays a secured HTTPS details BUT the cPanel provided one which is connected to both my server(.)site(.)com site and the main site(.)com site it's self which are the only 2 that use the cPanel cert shows up as Not Secure in thebrowsers meaning all cPanel accounts also display this same message.

How do I make this HTTPS compliant using cPanel cert or is that not possible and we need to get another one else.

Cheers

 

[cPanelLauren]

Hello @OzyPhil

Are you sure that the hostname is covered with the certificate? When you go to a URL that is insecure and you click the lock in the address bar (chrome) what is the message you get? For example mine is as follows:

 

[OzyPhil]

Hi @cPanelLauren

I uploaded 3 images 1 being the same as yours and the other from the WHMpanel (installed SSL Hosts) screenshot of both the server (hostname) and the main domain for it as well. They both use the same IP address (ignore my .0's combo there) lol.

This IP address is only used for the server and it's main site domain names and both are resolved/qualified domains.

I really would like to fix this and if this cPanel SSL certificate isn't capable (Polity Speaking) then please let me know so I can arrange a proper cert.

Just a question I wasn't/am not sure about though, Are these cPanel certificates self signed or are they actually from a known SSL provider weather they be free or not?

Cheers

 

[cPanelLauren]

Hi @OzyPhil


In that first screenshot "SSL message.jpg", are you going to the hostname or the IP address?

I really would like to fix this and if this cPanel SSL certificate isn't capable (Polity Speaking) then please let me know so I can arrange a proper cert.

I hope that's what we'll be able to help you get resolved here!

Are these cPanel certificates self signed or are they actually from a known SSL provider weather they be free or not?

The certificate is signed by cPanel and backed by sectigo so yes they are from a known certificate authority and are no different from normal certificates.


Thanks!

 

[OzyPhil]

Hello

Sorry for the delayed response as I have been busy solving other WHM issues and forgot about this one being here.

I am going to an IP address, the servers main IP address

 

[cPanelLauren]

I am going to an IP address, the servers main IP address

No certifcate can cover an IP address, certificates are only issued for fully qualified domain names. When you go to the hostname of the server that will be covered but going directly to the IP address will still be encrypted though not secured with a certificate. This holds true through any certificate authority as well, not just cPanel hostname SSL's

 

[OzyPhil]

No certifcate can cover an IP address, certificates are only issued for fully qualified domain names. When you go to the hostname of the server that will be covered but going directly to the IP address will still be encrypted though not secured with a certificate. This holds true through any certificate authority as well, not just cPanel hostname SSL's

OK I see what your saying here so How do I get HTTPS to show correctly when a user enters their cpanel account, Is there a way to change the entry domain from an IP address to a domain name?

This is my first dedicated server but when I was using hosting accounts my cPanel was always showing up with secured HTTPS secured. I can't seem to achieve that with my own system.

Advice on how to achieve this would be greatly appreciated.

Cheers

 

[cPanelLauren]

Hi @OzyPhil

Your users can access cPanel using their domain name or the hostname of the server, any of these methods should be secured by an SSL.

For example:

https://domain.tld/cpanel
cpanel.domain.tld

https://host.name.tld/cpanel

https://host.name.tld:2087

You should also be able to set the following to ensure that redirection to cPanel services is always set to SSL - you can do this by ensure the following are enabled in WHM>>Server Configuration>>Tweak Settings.

-Require SSL for cPanel Services
-Choose the closest matched domain for which that the system has a valid certificate when redirecting from non-SSL to SSL URLs. Formerly known as “Always redirect to SSL/TLS”

 

[OzyPhil]

Hi
This has already been done in Tweak Settings and I can't access cpanel using TLD's/cpanel at all as I get a Site can't be reached message. Accessing using IP is no problem.

 

[cPanelLauren]

Hi @OzyPhil


Do you have proxydomains enabled? You can do this from the CLI by running the following:

/scripts/proxydomains add

Thanks!