Certificate Error WIth Subdomains & Ports

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: taranisco.com

I ran this command: I used CPW

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: A2 Hosting

I can login to a root shell on my machine (yes or no, or I don't know): YES

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): CWP

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): Not using certbot

When I type taranisco.com, then everything is fine.

When I type cpanel.taranisco.com then it indicates in the address bar that the connection is not secure.

When I type taranisco.com:2083, then it shows the following:

taranisco.com:2083 uses an invalid security certificate.
The certificate is not trusted because it is self-signed.

How does one fix it?

How do you tell cPanel what certificate to use?

There probably is a setting to obtain a certificate for its interface, somewhere. (Don't hit buttons at random, check the documentation).

1 Like

Welcome to the community @arnold.pietersen

I can help explain what you see but do not know how to fix CWP

http://cpanel.taranisco.com does not redirect to https
but, using this connects:
https://cpanel.taranisco.com

https://taranisco.com:2083 sends a default cert for Zagreb/CentOS Web Panel
The response comes from CWP, not Apache
You need to configure CWP to send the right certs

Your cert chain sent from Apache should be corrected. You are sending the "leaf" twice.

2 Likes

Are we talking about the same thing?

1 Like

Arnold stated both CWP and CPW in the first post (in different answers). I saw cwpsrv in the http server header and CentOS Web Panel in the cert.

In any event, the symptoms are now different than when I replied:

  1. http and https requests to cpanel subdomain fail with 503.
  2. The taranisco.com:2083 now refuses connections

The apex and www subdomain connect with https but still send the extra leaf in the chain. The cpanel subdomain also sends the extra leaf via Apache.

Not sure if they did this before but the apex and www subdomain each redirect from http to their own https domain rather than normalizing to one. That doesn't bother me as much as it does some others.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.