SSL only when logging in to cPanels


#1

Hey guys.

So I have a dedicated server and it’s running a WHM on CENT OS.

I have many domains hosted on it, each with it’s own cPanel.

I don’t want SSL when you access the website, but when I access the domain cpanel it says that the connection is not secure and that I must proceed through an unsecure one if I want to continue.

Can I fix this by installing a single SSL ? The nameservers are all on our main domain, will installing SSL to it fix it for all other domains ?

Or can I install an SSL to the server itself ?

Can you please explain, and guide me into what I have to do to get a free SSL with Let’s Encrypt ? I’m kind of confused :slight_smile:


#2

There are a number of ways of achieving https for WHM / cpanel.

Personally I just use a single certificate for the server name, you can install this in whm (in the section “Manage Service SSL Certificates”

https://servername.com:2087/ for whm

https://servername.com:2083/ for cpanel

If you want to have it so that it works for every domain, you will need to add all the domainnames as SAN’s on the same certificate ( which is OK if you aren’t going to add / remove domains very often, but easier just to use the server name if these are likely to change )


#3

Well, connecting directly to the WHM or cPanel through servername.com:2087 and 2083 does go to a secured HTTPS.

The problem is when we log to onedomain.com/cpanel or anotherdomain.com/cpanel , that’s when the message

This server could not prove that it is domain.com; its security certificate is from fex2.servername.com. This may be caused by a misconfiguration or an attacker intercepting your connection.

We have some client websites that only know theirdomain.com/cpanel for the cpanel.

This is the problem I’m trying to solve :slight_smile:

I see that I must install certbot ? I ended up on this page https://certbot.eff.org/#centosrhel6-apache but these strings $ sudo yum install epel-release I have no idea where to execute it ! :frowning:


#4

The users could login using the server name, and their username / password, however I agree id they don’t know the servername, and only their domain name then you ideally need to use a certificate for their domain ( personally I give them instructions to use the servername to access their cpanel - but understand you are not doing it that way )

You could do a redirect on anotherdomain/cpanel to go to https ://fex2.servername.com:2083 which is probably the next easiest solution ( and would redirect them to the secure server login for their domain )

You can obtain a certificate with up to 100 SANs (alternate names) on it, and use that - if 100 domains is sufficient for your server ( so 50 domains with and without www. ) If the domains you host change over time though, this can become tricky to manage (which is why I don’t use that method)

You can add an SSL cert on for every domain on the server ( but the /cpanel will still I think get redirected to the sever name / cert )

You either need to install certbot ( the official client) or one of the alternate clients in order to obtain a certificate, yes.

the "sudo yum … " commands are shell commands, so you need to SSH into your server to get to the prompt for these commands.

One other option, cpanel are currently working on integrating LetsEncrypt into cpanel, which I understand is due for the next main release … so if waiting a couple of months isn’t too long there may be an easy option for you once they have officially integrated it.


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.