How to add SSL to website with port 2096


#1

How can I add the SSL to the website with port 2096? I’m using Bluehost VPS.

I contact the SUpport team and this is what they suggest

Does anyone have an idea to help?

Thank you


#2

I assume you just want a certificate to be correct in your cpanel webmail ? It depends really if you have root access to the server (full WHM access) or you just have an account on someone elses server.

If you have full access, then you can run the standard client to produce the certificates for your domain ( including cpanel.domain and webmail.domain if you want to) and then then install them via WHM. Once installed the first time, add a symlink to the correct locations and you can simply update via the LE client.

If you only have cpanel aaccess on someone else’s server, then you need to do it semi manually. I’d suggest using https://gethttpsforfree.com/ . In your cpanel, go to the SSL section, and you can generate the private key, which is used to obtain a certificate. Upload the certificate into your cpanel, and it should all work.


#3

Thanks for your support serverco, I do have the full WHM access but not yet get your idea clearly. Do you have any instruction that I can follow with?


#4

I use a bash script ( https://github.com/srvrco/getssl ) rather than the full LE script, or the website version I linked above.

First generate the certificate. I’m not sure how much instruction you need on that. If using the script above, copy the script to your server.

getssl -c your_domain_name.com

will then create a default set of config files for you.

cd ~/.getssl/your_domain_name.com

then edit the config file getssl.cfg (I’m not sure if you prefer nano or vi or something else as an editor )
You will need to specify the correct ACL locations. If it’s for the server itself then it would be /usr/local/apache/htdocs/.well-known/acme-challenge if it’s for a domain hosted on there then it would be /home/username/public_html/.well-known/acme-challenge or you could use a DNS challenge …

then run;

getssl your_domain_name.com

and it should create the certificates for you in the ~/.getssl/your_domain_name.com folder.

Log into your WHM > Manage Service SSL Certificates ( for server level) or into cpanel for hosted domain level. and copy / paste the three certificates ( private key, domain certificate and Certificate Authority Bundle ) into the three boxes. Select the service you want it to apply to;
( Calendar, cPanel, WebDisk, Webmail, and WHM Services ,
Courier (IMAP) Mail Server
Courier (POP3) Mail Server
Exim (SMTP) Server
FTP Server )

Check in /etc/httpd/conf/httpd.conf for where it links to the correct certificates ( by default for server level I think it’s ;
SSLCertificateFile /var/cpanel/ssl/cpanel/mycpanel.pem
SSLCertificateKeyFile /var/cpanel/ssl/cpanel/mycpanel.pem
SSLCertificateChainFile /var/cpanel/ssl/cpanel/mycpanel.pem

You can then place these three certificate locations in the config file for the bash script if using that - and it can then auto renew, without you needing to perform the manual step )

Alternatively, search for “cpanel” on this forum, and I’m pretty sure there are some links to scripts specifically written for cpanel. I haven’t used them though, as I use the above bash script, so can’t verify how well they work.


#5

Certificates are port-independent, they just verify the FQDN, but to get a cert issued via ACME you need to do the standard verification steps on port 80 or 443. So you just follow the same steps everyone else does for a normal server on port 80/443, but use the cert on your 2096 port after it’s issued, I guess? There shouldn’t be any difference IIRC.