The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WHM using expired SSL instead of the installed cert

Discussion in 'General Discussion' started by bigonese, Feb 10, 2011.

  1. bigonese

    bigonese Member

    Joined:
    Jul 28, 2009
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Grand Rapids
    I am a bit stuck on this, if anyone can help, it would be much apprecaited.

    My TLS/SSL cert was expiring so I installed a new one a few weeks back. But, now it looks like WHM is using the old expired certificate instead of the new one. Strange thing is, when I go to "Main >> Service Configuration >> Manage Service SSL Certificates" it shows the new cert installed!

    Anyone got any advice or suggestions?? Thanks!


    Details:

    When I go to https://my.server.name:2087/ I get a browser error saying the certificate is now expired.

    Main >> Service Configuration >> Manage Service SSL Certificates
    Under "cPanel/WHM/Webmail Service" it says that the cert is good and valid until next year.

    WHM 11.28.64 / CENTOS 5.5 x86_64 standard
     
  2. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Hello bigonese,

    Could you please run the following and check if the certificate listed is the same one you installed?

    Code:
    cat /var/cpanel/ssl/cpanel/cpanel.pem
    Is should list the private key, certificate and cabundle if applicable all in that same file.

    Thanks.
     
  3. bigonese

    bigonese Member

    Joined:
    Jul 28, 2009
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Grand Rapids
    It appears to be the old certificate.
     
  4. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Could you try moving the file contents:

    Code:
    mv /var/cpanel/ssl/cpanel/cpanel.pem /var/cpanel/ssl/cpanel/cpanel.pem.bak
    Then re-installing the SSL in WHM > Manage Service SSL Certificates area for the cPanel/WHM/Webmail service?

    Thanks.
     
  5. bigonese

    bigonese Member

    Joined:
    Jul 28, 2009
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Grand Rapids
    Thanks for your quick responses!

    Moved the file. Re-installed the certificate. And nothing changed, unfortunately.

    (And the /var/cpanel/ssl/cpanel/cpanel.pem file was not recreated.)
     
  6. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Could you try creating a new file called cpanel.pem and put the RSA key at the top, then the certificate, then the cabundle into that file? If that configuration doesn't work, then I'll have to try to add a false cabundle to see where that's normally placed into the file as my own machine is a self-signed certificate and didn't have a cabundle to see the normal order of the three entries.
     
  7. bigonese

    bigonese Member

    Joined:
    Jul 28, 2009
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Grand Rapids
    Hmm, nothing changed, again.

    I created a new /var/cpanel/ssl/cpanel/cpanel.pem file, with the RSA Private Key and then the Certificate (no CA Bundle).

    Then refreshed the browser (and double checked in another browser).... still using the expired cert.
     
  8. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Hmm strange, could you try to reset the certificate instead in that area, then try to re-install there again?

    If that doesn't work, please open a ticket in WHM > Support Center > Contact cPanel or using the link in my signature so we can check what is going on.
     
  9. bigonese

    bigonese Member

    Joined:
    Jul 28, 2009
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Grand Rapids
    I reset the cPanel/WHM/Webmail Service certificate. Then it showed the new, unsigned cert in the list. But, the browser still showed the old, expired certificate was being used.

    Then I reinstalled the new cert, nothing changed.

    I'll open a ticket. Thanks for your help.
     
  10. Robert_

    Robert_ Well-Known Member

    Joined:
    Apr 26, 2002
    Messages:
    89
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Arizona
    I'm having the exact same issue. How did you get it resolved?
     
  11. bigonese

    bigonese Member

    Joined:
    Jul 28, 2009
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Grand Rapids
    There seemed to be two issues. The first was that it wasn't replacing the old cert when I installed the new one. cPanel tech support logged in to my server and did some magic and fixed that. Not sure what they did (but I got the feeling they were just trying things).

    The second issue was related to a CA bundle. After dozens of certificates installed, why did I now have to use a CA bundle? No idea... Anyway, I googled "CA bundle" and the name of certificate issuer to find it. I made sure the bundle was pasted into the appropriate text field when I installed the cert.

    And then, it worked!
     
  12. Robert_

    Robert_ Well-Known Member

    Joined:
    Apr 26, 2002
    Messages:
    89
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Arizona
    I followed the instructions in this thread as well as a couple of different things myself. I even tried the good old method of turning it off and on again.

    I guess I just need some cPanel support magic. ;)

    Thanks for replying.
     
  13. shortfork

    shortfork Well-Known Member

    Joined:
    Sep 4, 2006
    Messages:
    63
    Likes Received:
    0
    Trophy Points:
    6
    Having same/similar problems.. new cert installed and showing pretty much everywhere, yet browsers are showing that it's a self-signed.. (it's a rapid cert)

    Initiating TT..... *sigh*

    Thanks in advance tech staff!!

    Shortz
     
  14. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Please provide the ticket number here upon opening one for us to check into how it is resolved precisely for future reference.
     
Loading...

Share This Page