Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WHM SSL key keeps getting reset

Discussion in 'General Discussion' started by philpem, May 3, 2006.

  1. philpem

    philpem Member

    Joined:
    Aug 12, 2005
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    151
    Hi,
    In December last year I got a LiteSSL certificate for my hosting server, mainly because the "OMG! This is a selfsigned certificate!" warnings from Firefox were getting annoying.

    The problem is, the certificate just won't install through the "Set cPanel/WHM certificate" function. To get around this, I found a method that involved overwriting the cPanel certificate in /usr/local/cpanel/etc/cpanel.pem with the certificate from LiteSSL. Up until now, this has worked fine.

    Now every day at midnight, the certificate is regenerated and the original certificate gets overwritten with cPanel's self signed certificate. This is incredibly annoying, because I have to reinstall the new certificate every time it gets overwritten.

    The CN on the certificate is 'secure.castlecore.com' - that's the address customers use to access WHM, and that's what I entered in the Set Certificate page's "Domain" box. I also tried "castlecore.com", which didn't work either. There's also an SSL server set up on the same address, which is being using for the secure signup pages and scripts (our creation).

    Is there any way to deal with this? Ideally I'd like to get the cPanel "Set cPanel/WHM" certificate function working (or at least find out why it isn't working), but even a way to stop my certificate getting overwritten every day would be useful.

    Thanks.
     
    #1 philpem, May 3, 2006
  2. Rooter

    Rooter Well-Known Member

    Joined:
    Apr 23, 2003
    Messages:
    146
    Likes Received:
    1
    Trophy Points:
    168
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    Root Administrator
    I have a couple LiteSSL certificates myself as well. Here is what I did to temporarily fix it until cPanel stops overwriting the files.

    What this does is set the immutable bit on the file so that it cannot be modified or removed.
    chattr -V +i /usr/local/cpanel/etc/mycpanel.pem /usr/local/cpanel/etc/mycpanel.cabundle

    To undo the above change:
    chattr -V -i /usr/local/cpanel/etc/mycpanel.pem /usr/local/cpanel/etc/mycpanel.cabundle

    To simply see whether or not these files have the immutable bit currently set:
    lsattr /usr/local/cpanel/etc/mycpanel.*

    In my case, I set it to a few more files to help prevent certain updates from breaking SSL for my FTP and mail services.
    /etc/ssl/private/pure-ftpd.pem (This is only applicable if you use Pure-FTPd.)
    /etc/exim.key /etc/exim.crt (Both of these are of course for Exim.)

    To modify the immutable bit for all of the files at once simply append the extra file paths to the command line separated by spaces.

    Be sure to remember that you have done this or at least make note of it somewhere if you even think you might forget because when it comes time to renew or replace your SSL certificate it could cause you a big headache trying to remember how or what you did.
     
    #2 Rooter, May 5, 2006
  3. philpem

    philpem Member

    Joined:
    Aug 12, 2005
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    151
    It's supposed to be copied in as mycpanel.pem? Wow, that explains a fair bit...

    Copied it in as mycpanel.{pem,cabundle} last night - hopefully cP will leave it alone now. If not, I'll chmod +i it.

    Thanks for the help.
     
    #3 philpem, May 6, 2006
    Last edited: May 6, 2006
(You must log in or sign up to post here.)
Loading...
Similar Threads - keeps getting reset
  1. JarekN

    Site keeps on getting hacked - infected files

    JarekN, Mar 15, 2018, in forum: Security
    Replies:
    6
    Views:
    141
    cPanelMichael
    Mar 15, 2018
  2. Benjamin Boyce

    Shared Server keeps getting black listed.

    Benjamin Boyce, Jan 22, 2017, in forum: E-mail Discussions
    Replies:
    3
    Views:
    572
    cPanelMichael
    Jan 25, 2017
  3. Daniel Yi

    Dovecot keeps shutting down and restarting.

    Daniel Yi, Nov 7, 2017, in forum: E-mail Discussions
    Replies:
    3
    Views:
    395
    cPanelMichael
    Nov 8, 2017
  4. rvdb

    global filter that forwards and keeps local copies?

    rvdb, Sep 21, 2017, in forum: E-mail Discussions
    Replies:
    3
    Views:
    251
    cPanelMichael
    Sep 22, 2017
  5. iso99

    Website keeps redirecting to suspended page

    iso99, Sep 6, 2017, in forum: Bind / DNS / Nameserver Issues
    Replies:
    3
    Views:
    542
    cPanelMichael
    Sep 11, 2017

Share This Page