"Your connection is not secure" error when logging into WHM/cPanel via Hostname

[philbean]

New server. Can only log into WHM/cPanels unsecurely with the error ""Your connection is not secure"

I've googled and realise that I need to install a certificate in WHM. One cPanel will provide ????

But all the posts I've googled end up pointing to a help page that no longer exists:
Free cPanel-Signed Hostname Certificate - cPanel Knowledge Base - cPanel Documentation


Can someone help ? Point me in the right direction ??
Thanks

 

[cPanelLauren]

We do still offer a free cPanel signed hostname certificate for all servers with a cPanel license that have a valid hostname. If you purchased your cPanel license through a reseller it is possible they disabled the ability to obtain these certificates though.

What is the output when you run the following via SSH:

/scripts/checkallsslcerts --verbose

We did recently move our documentation to cPanel & WHM Documentation | cPanel & WHM Documentation but I'm not seeing that page there either. I've opened an internal query to find out what happened there.

 

[philbean]

I get

bash: /scripts/checkallsslcerts: No such file or directory

So I ran as (from your help pages)

/usr/local/cpanel/bin/checkallsslcerts --verbose

and got

The system will check for the certificate for the “cpanel” service.
The system will attempt to replace the self-signed certificate for the “cpanel” service with a signed certificate from the cPanel Store.
The system will attempt to install a certificate for the “cpanel” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “cpanel” service.
The system will attempt to install a certificate for the “cpanel” service from the cPanel store.
Received error “X::NoCertificate” from cPanel Store (No free ssl certificate found for this IP); requesting new certificate …
Setting up HTTP DCV (/var/www/html/.well-known/pki-validation/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.txt) …
        … complete.
DNS DCV is impossible because this system does not control DNS for “{MYSERVERDOMAIN}”.
Attempting HTTP DCV preflight check …
        FAILED: Cpanel::Exception/(XID qxjq5j) “{MYSERVERDOMAIN}” does not resolve to any IP addresses on the internet.
 at /usr/local/cpanel/Cpanel/SSL/DCV.pm line 694.
        Cpanel::SSL::DCV::_err_because_no_ips("{MYSERVERDOMAIN}") called at /usr/local/cpanel/Cpanel/SSL/DCV.pm line 272
        Cpanel::SSL::DCV::_verify_http("{MYSERVERDOMAIN}/.well-known/pki-validation/7ECD"..., "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"..., "COMODO DCV", 0, 4, ARRAY(0x34a1e58)) called at /usr/local/cpanel/Cpanel/SSL/DCV.pm line 261
        Cpanel::SSL::DCV::verify_http_with_dns_lookups("{MYSERVERDOMAIN}/.well-known/pki-validation/7ECD"..., "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"..., "COMODO DCV", 0, undef) calledat /usr/local/cpanel/Cpanel/Market/Provider/cPStore/Utils.pm line 98
        Cpanel::Market::Provider::cPStore::Utils::imitate_http_dcv_check_locally("{MYSERVERDOMAIN}", ".well-known/pki-validation/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.txt", "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"...) called at /usr/local/cpanel/Cpanel/cPStore/HostnameCert/DCV.pm line 193
        eval {...} called at /usr/local/cpanel/Cpanel/cPStore/HostnameCert/DCV.pm line 189
        Cpanel::cPStore::HostnameCert::DCV::set_up("-----BEGIN CERTIFICATE REQUEST-----\x{a}XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"...) called at /usr/local/cpanel/Cpanel/cPStore/HostnameCert.pm line 172
        Cpanel::cPStore::HostnameCert::_request_new_certificate(Cpanel::cPStore::HostnameCert=HASH(0x2a1c228))called at /usr/local/cpanel/Cpanel/cPStore/HostnameCert.pm line 142
        Cpanel::cPStore::HostnameCert::get_hostname_cert_from_store(Cpanel::cPStore::HostnameCert=HASH(0x2a1c228)) called at bin/checkallsslcerts.pl line 542
        bin::checkallsslcerts::_get_certificate_pem_from_store(bin::checkallsslcerts=HASH(0x263e130)) called at bin/checkallsslcerts.pl line 464
        bin::checkallsslcerts::__ANON__() called at /usr/local/cpanel/3rdparty/perl/530/lib/perl5/cpanel_lib/Try/Tiny.pm line 97
        eval {...} called at /usr/local/cpanel/3rdparty/perl/530/lib/perl5/cpanel_lib/Try/Tiny.pm line 88
        Try::Tiny::try(CODE(0x2a1c060), Try::Tiny::Catch=REF(0x2967a00)) called at bin/checkallsslcerts.pl line 468
        bin::checkallsslcerts::_replace_cert_with_ca_signed_cert_from_cpstore(bin::checkallsslcerts=HASH(0x263e130), "cpanel") called at bin/checkallsslcerts.pl line 320
        bin::checkallsslcerts::_check_notify_and_auto_renew_cert_for_service(bin::checkallsslcerts=HASH(0x263e130), "cpanel") called at bin/checkallsslcerts.pl line 86
        bin::checkallsslcerts::run(bin::checkallsslcerts=HASH(0x263e130)) called at bin/checkallsslcerts.pl line 50
Undoing HTTP DCV setup …
        … complete.
[WARN] The system failed to acquire a signed certificate from the cPanel Store because of the following error:Neither HTTP nor DNS DCV preflight checks succeeded!

The system will check for the certificate for the “dovecot” service.
The system will attempt to replace the self-signed certificate for the “dovecot” service with a signed certificate from the cPanel Store.
The system will attempt to install a certificate for the “dovecot” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “dovecot” service.
The system will check for the certificate for the “exim” service.
The system will attempt to replace the self-signed certificate for the “exim” service with a signed certificate from the cPanel Store.
The system will attempt to install a certificate for the “exim” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “exim” service.
The system will check for the certificate for the “ftp” service.
The system will attempt to replace the self-signed certificate for the “ftp” service with a signed certificatefrom the cPanel Store.
The system will attempt to install a certificate for the “ftp” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “ftp” service.

I redacted some bits that looked sensitive.

 

[cPanelLauren]

Hi @philbean

As a result of my internal inquiry It was explained that when we moved documentation sites the documentation page for this was moved to here: Manage Service SSL Certificates | cPanel & WHM Documentation

We're also going to add a reference to this in some other locations to make it easier to find.


For the issue with your hostname certificate:

We attempt to perform two types of Domain Control Validation, DNS and HTTP.

• The first error that stands out indicates that this server does not manage DNS for the domain:
  

  DNS DCV is impossible because this system does not control DNS for “{MYSERVERDOMAIN}”.

• The second indicates that the DCV check does not return an IP address for the hostname:

  FAILED: Cpanel::Exception/(XID qxjq5j) “{MYSERVERDOMAIN}” does not resolve to any IP addresses on the internet.

The hostname SSL certificate checks do require the hostname to be a valid FQDN and it must resolve to an IP that resides on the server.