- ensure cPanel is NOT using that cert.
It can use the "trillionpictures.com" cert instead --remove
the cert:
{whatever may be needed here}acme.sh --remove www.trillionpictures.com
OK, done. But didn't resolve the issue.
in cPanel when installing 'trillionpictures.com' it throws this note....
The SSL website is also accessible via these domains, but the certificate does not support them. Web browsers will show a warning when accessing these domains via HTTPS: starsandstrife.com
That flies in the face of:
trillionpictures.com "" www.trillionpictures.com,totallypostal.net,www.totallypostal.net,starsandstrife.com,www.starsandstrife.com,feathercollectionproject.com,www.feathercollectionproject.com,www.born2.run,born2.run,fixitamerica.org,www.fixitamerica.org,keeperofthedream.net,www.keeperofthedream.net,opq-design.com,www.opq-design.com,radical4.media,www.radical4.media,radical4media.com,www.radical4media.com,samself.com,www.samself.com,savingbarbarasizemore.com,www.savingbarbarasizemore.com Sun Aug 30 08:18:16 UTC 2020 Thu Oct 29 08:18:16 UTC 2020
Which includes:
starsandstrife.com,www.starsandstrife.com
Check you cPanel config for that domain - it might need to be using this same cert (not sure).
That flies in the face of: [etc]
My feeling exactly.
Check you cPanel config for that domain - it might need to be using this same cert (not sure).
That's exactly the intention, but it seems not to be the case, and I'm not aware of how I can have control over that.
cPanel not happy with the change:
please use --issue
to issue a new cert again.
There is no recommended way to append a domain to an existing cert.
please use
--issue
to issue a new cert again.
Done that multiple times. No luck.
Could it be that because the cert was issued on a different server, the one that went down this morning, that it's somehow stuck in limbo now that there is no longer access to that machine?
trillionpictures.com
seems to be OK.
But it is using a completely different cert than any listed by acme.sh:
[includes additional domain names and expires Nov 28 - none of your certs expire that day]
There is some other system involved that is also issuing certs.
OR
You are NOT on the same system... Internet IP 74.124.198.78
OR
cPanel doesn't use the certs directly from the acme.sh folder
[did you miss a step between get cert and use cert with cPanel?]
Yeah, Iām not seeing it listed in in the grab you posted, nor on my end.
cPanel allows me to select the starsandstrife domain directly and install that, and all seems to go well BUT it checking it in a browser fails.
āWhere is cPanel selecting from?ā is the key question here.
And then, naturally, āHow do you get your new certs into that location?ā
Iām assuming itās looking in the .acme.sh directory. Beyond that I donāt know cPanelās inner thoughts.
I have to assume otherwise.
- acme.sh is not included as a standard install with cPanel.
- a cert in use (shown above) did not come from the
acme.sh --list
Thereās been no cert installation available through this cPanel.
But Iāve been installing certs on this server for many years first using certbot on a local machine to generate and then upload the certs, more recently in an automated way using acme.sh and a cron. Itās been working well and reliably with acme.sh, until this morningās big server meltdown.
I found an ancient post that says they may be located here:
/usr/share/ssl/private/
/usr/share/ssl/certs/
Try listing those folders.
Can you show the cron job?
ls -al /usr/share/ssl
Results: cannot access /usr/share/ssl: No such file or directory
After you show the cron job.
Try:
find / -name certs
Cron job: "~/.acme.sh"/acme.sh --cron --home "~/.acme.sh" > /dev/null
Well that's just for renewals (normally)...
I came across this:
/root/.acme.sh/deploy/cpanel_uapi.sh
But I'm not sure how to use it nor if your system is using it.