WHM Certificates Are not Working


#1

Hi,

I use cPanel and WHM, I have root access so I can do things on my server, cent 6.4.

I managed to successfully install several certificates on different domains I have (WHM auto puts them in home/USERNAME/public_html/DOMAINNAME)

BUT, I cannot find the directory to install a certificate for my WHM and cpanel install, which is on mainserver.mydomain.com. I have a mydomain.com cert (but chrome says the cert is different from the URL.

Meanwhile, anywhere I try and get a mainserver.mydomain.com installed i get: Error: The client lacks sufficient authorization.

I’ve tried every folder I can think of.

I’ve been using: ./letsencrypt-auto --text certonly --renew-by-default --webroot --webroot-path /home/username/public_html-d mainserver.mydomain.com.

Again, it worked for other domains. In WHM when I go to install, there are two accounts: username, and root. Obviously i need to install this in root but for the life of me I can’t find what folder that is.

Thanks.


#2

missing a space between the webroot path and first -d

./letsencrypt-auto --text certonly --renew-by-default --webroot --webroot-path /home/username/public_html -d mainserver.mydomain.com

are you following guide at https://forums.cpanel.net/threads/how-to-installing-ssl-from-lets-encrypt.513621/ ?


#3

Hi,

The missing space with -d was just from a rouge copy/paste (in ssh i am doing correctly, i just double checked).

I have been following that guide – i kinda gave up when I got to the auto install script so I’ve just been creating the certs and then manually installing them in cpanel or whm via ctrl c/v.

Thanks


#4

i see your problem you need 2 separate certs for

or 1 cert with 2 webroot paths

  • mainserver.mydomain.com where web root path for cpanel main host name is usually off /usr/local/apache/htdocs unless you created that as a new site account in whm then it would also be /home/anotherusername/public_html
  • mydomain.com where web root path for cpanel is /home/username/public_html

so based on webroot manual documentation at https://letsencrypt.readthedocs.org/en/latest/using.html#webroot you would need a command similar to one outlined at https://forums.cpanel.net/threads/how-to-installing-ssl-from-lets-encrypt.513621/ using non-letsencrypt-auto command instead

cd /root/.local/share/letsencrypt/bin/
./letsencrypt --text certonly --renew-by-default --webroot --w /home/username/public_html -d mydomain.com \ 
-w /usr/local/apache/htdocs -d mainserver.mydomain.com

where mainserver.mydomain.com webroot is either /home/anotherusername/public_html or /usr/local/apache/htdocs


#5

Hey there, thanks for the help. You are certainly right that for mainserver.mydomain.com I need to create a cert for the web root path for cpanel main host name.

When I try to create a cert for /usr/local/apache/htdocs I get the following error:

Failed authorization procedure. mainserver.mydomain.com (http-01): urn:acme:error:connection :: The server could not connect to the client for DV :: DNS query timed out

And there is no /home/anotherusername/public_html

And if I try on /root/public_html (which does exist), I get a client lacks sufficent authorization error. I’m about ready to give up on letsencrypt. Just go back to my wildcat certs which were working better :frowning:


#6

Do try https://gethttpsforfree.com before giving up :wink:


#7

could of rang into this issue with some dns nameservers DNS query timed out ?


#8

This was a smart idea! That’s a cool site. Everything was going so well! But I get to the (last) step, with the file accessable exactly at the URL they tell me to put it, I do the “check the page” test and boom, it’s there. Awesome, wonderful.

I go to complete, I get this error:

Error: Domain challenge failed. Please start back at Step 1. {“type”:“http-01”,“status”:“invalid”,“error”:{“type”:“urn:acme:error:connection”,“detail”:“DNS query timed out”},

I made sure to stop apache too and everything running on port 80. The GOOD news is I did confirm that where I need to install letsencrypt cert is on /usr/local/apache/htdocs because I can go add a file to /usr/local/apache/htdocs/whatever, and then go to mainserver.mydomain.com/whatever and the directory/file exists. So that’s the right place. Still, when I try to install lets encrypt to that folder i get the same error connection. Further, I’ve tried even more combinations of stopping apache, running ./letsencrypt-auto and manual, and apache, and --webroot, etc… all the possible combinations. Best I get is the dns query timed out (at least it’s not “no access”.


#9

That’s an interest article about the DNS nameservers… My servers are hosted in Georga, USA so there shouldn’t be anything to do with china.

If it is a letsencrypt bug I guess I’ll just wait. IDK. Again it seems dumb because I was able to SUCCESSFULLY create a bunch of certs from my /home/usrname/public_http folder with lets encrypt so I don’t understand what the difference is.

Thanks


#10

You would not fricken believe everything I had to do… But it WORKS.

First, I uninstalled everything. Reinstalled all of letsencrypt. Finally, ran it on usr/local/apache… Had some small hickups, but finally GENERATED a certificate.

Then went to WHM, put in the cert info manually. It then gave me weird problems like _get_vhost_data_structs could not fetch vhost hash.

Googled it. Fixed it (by just renaming the host name the same thing). Then, miracles of miracles, it says it installed. I’m still getting red x’s in chrome though because of :

Your connection to mainserver.myaccount.com:2083 is encrypted using an obsolete cipher suite.

So working through that. What a wild ride this has been. Moving on up though… slowly…


#11

[quote=“Gu3miles, post:10, topic:6382”]
mainserver.myaccount.com:2083 is encrypted using an obsolete cipher suite.
[/quote]You need to set up this cert to handle that domain too, that’s the CPanel/WHM.


#12

Yeah I found it, ran the whatever scanner that told me what to do. I just set it on apache defaults in WHM and that seemed to fix the problem.