Cpanel - SSL's hostnames are required to have DNS entries

Cpanel – SSL’s hostnames are required to have DNS entries

Post author:g33kadmin
Post published:June 17, 2016
Post category:cPanel / General Info / Troubleshooting
Post comments:0 Comments

tl;dr

When cPanel starts up, if it doesn’t have a valid SSL (now valid properly signed SSL) it reissues it’s own SSL, or panics if it cannot.
cPanel is now requiring a valid hostname check (similar to Let’s Encrypt) as a part of that check.
Therefore, a server’s hostname now has to point at the server or cPanel not start.
You will receive an email every day if the hostname doesn’t line up.
You’ve have to touch a file to disable this, and then run the script and then it should be set.

Due to cPanel’s recent change to their self-signed SSL’s, hostnames are required to have DNS entries. If this is not in place, they will not get a valid SSL and therefore cPanel will start and cpsrvd will immediately fail. To correct this we basically need to fix the DNS entry for the server’s hostname and then run /usr/local/cpanel/bin/checkallsslcerts

Error from the /usr/local/cpanel/logs/error_log:
cpsrvd: Setting up native SSL support ... Could not load ssl libraries or certificate from /var/cpanel/ssl/cpanel/ at cpsrvd.pl line 554. [root@host] cpanel:/usr/local/cpanel/bin/checkallsslcerts The system failed to acquire a signed certificate from the cPanel Store because of an error: (XID y4txyq) “host.domain.com” does not resolve to any IPv4 addresses on the internet.

Updating DNS for the hostname and then running the check again will resolve the issue. If you do not have access to the customer’s DNS, this will require them to modify the DNS entries at the registrar and cPanel/WHM will remain down until that change is made.

Additionally, this may be a concern when DNS can not change (or should not be changed for some reason). When this is the case, you can skip the cPanel signed SSL. If you touch this file,
/var/cpanel/ssl/disable_auto_hostname_certificate
the system will no longer order, download, and install a free cPanel-signed hostname certificate.
https://documentation.cpanel.net/display/ALD/Manage+>Service+SSL+Certificates has more information on this. After touching this file, you can run a
/usr/local/cpanel/bin/checkallsslcerts
for a selfsigned ssl on the services.

p.s. You must restart Cpanel after updating the SSL Certs.

g33kadmin

I am a g33k, Linux blogger, developer, student and Tech Writer for Liquidweb.com/kb. My passion for all things tech drives my hunt for all the coolz. I often need a vacation after I get back from vacation....

M	T	W	T	F	S	S
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30

Please Share This Share this content

g33kadmin

You Might Also Like

Gnu Screen Tip: Password Protect Session

Codem Ipsum

bat Linux command – A cat clone with written in Rust – nixCraft

Leave a Reply Cancel reply

Share this content