The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WHM SSL key keeps getting reset

Discussion in 'General Discussion' started by philpem, May 3, 2006.

  1. philpem

    philpem Member

    Joined:
    Aug 12, 2005
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    Hi,
    In December last year I got a LiteSSL certificate for my hosting server, mainly because the "OMG! This is a selfsigned certificate!" warnings from Firefox were getting annoying.

    The problem is, the certificate just won't install through the "Set cPanel/WHM certificate" function. To get around this, I found a method that involved overwriting the cPanel certificate in /usr/local/cpanel/etc/cpanel.pem with the certificate from LiteSSL. Up until now, this has worked fine.

    Now every day at midnight, the certificate is regenerated and the original certificate gets overwritten with cPanel's self signed certificate. This is incredibly annoying, because I have to reinstall the new certificate every time it gets overwritten.

    The CN on the certificate is 'secure.castlecore.com' - that's the address customers use to access WHM, and that's what I entered in the Set Certificate page's "Domain" box. I also tried "castlecore.com", which didn't work either. There's also an SSL server set up on the same address, which is being using for the secure signup pages and scripts (our creation).

    Is there any way to deal with this? Ideally I'd like to get the cPanel "Set cPanel/WHM" certificate function working (or at least find out why it isn't working), but even a way to stop my certificate getting overwritten every day would be useful.

    Thanks.
     
  2. Rooter

    Rooter Well-Known Member

    Joined:
    Apr 23, 2003
    Messages:
    146
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    Root Administrator
    I have a couple LiteSSL certificates myself as well. Here is what I did to temporarily fix it until cPanel stops overwriting the files.

    What this does is set the immutable bit on the file so that it cannot be modified or removed.
    chattr -V +i /usr/local/cpanel/etc/mycpanel.pem /usr/local/cpanel/etc/mycpanel.cabundle

    To undo the above change:
    chattr -V -i /usr/local/cpanel/etc/mycpanel.pem /usr/local/cpanel/etc/mycpanel.cabundle

    To simply see whether or not these files have the immutable bit currently set:
    lsattr /usr/local/cpanel/etc/mycpanel.*

    In my case, I set it to a few more files to help prevent certain updates from breaking SSL for my FTP and mail services.
    /etc/ssl/private/pure-ftpd.pem (This is only applicable if you use Pure-FTPd.)
    /etc/exim.key /etc/exim.crt (Both of these are of course for Exim.)

    To modify the immutable bit for all of the files at once simply append the extra file paths to the command line separated by spaces.

    Be sure to remember that you have done this or at least make note of it somewhere if you even think you might forget because when it comes time to renew or replace your SSL certificate it could cause you a big headache trying to remember how or what you did.
     
  3. philpem

    philpem Member

    Joined:
    Aug 12, 2005
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    It's supposed to be copied in as mycpanel.pem? Wow, that explains a fair bit...

    Copied it in as mycpanel.{pem,cabundle} last night - hopefully cP will leave it alone now. If not, I'll chmod +i it.

    Thanks for the help.
     
    #3 philpem, May 6, 2006
    Last edited: May 6, 2006
Loading...

Share This Page