cPanel and WHM (WebHost Manager) is a popular web hosting control panels that allow server administrators to manage web hosting services efficiently. Among their many features, cPanel offers a handy tool called AutoSSL, which provides free SSL certificates for added security. In this guide, I will show you how to use AutoSSL to secure your server’s hostname.
Step 1: The checkallsslcerts Script
The checkallsslcerts Script is used by cPanel to issue SSL certificates for server hostname. It’s important to note that checkallsslcerts
runs as part of the nightly update checks performed on your system. These updates include cPanel’s own update script, upcp (cPanel update script).
Step 2: When to Manually Run AutoSSL
In most cases, checkallsslcerts will take care of securing your server’s hostname during the nightly updates. However, there may be instances when you want to update the SSL certificate manually. This is especially useful if you’ve recently changed your server’s hostname and want to ensure the SSL certificate is updated immediately.
Step 3: Understanding the checkallsslcerts Script
The `/usr/local/cpanel/bin/checkallsslcerts` script is responsible for checking and installing SSL certificates for your server’s hostname. Here’s what the script does:
– It creates a Domain Control Validation (DCV) file.
– It performs a DNS lookup for your hostname’s IP address.
– It checks the DCV file using HTTP validation (for cPanel & WHM servers).
– If needed, it sends a request to Sectigo to issue a new SSL certificate.
– It logs the Sectigo requests for validation.
You can learn more about the checkallsslcerts script and it’s usage in this article from cPanel:
Step 4: How to Manually Execute the Script
To manually run the script, use the following command:
/usr/local/cpanel/bin/checkallsslcerts [options]
You can use options like `–allow-retry` and `–verbose` as needed.
Step 5: Troubleshooting and Tips
If you encounter issues with the SSL certificate installation, the script will provide helpful output to troubleshoot the problem. Ensure that your server’s firewall allows access from Sectigo’s IP addresses mentioned in the guide.
Common Issue: Unable to obtain a free hostname certificate due to 404 when DCV check runs in /usr/local/cpanel/bin/checkallsslcerts
After running the /usr/local/cpanel/bin/checkallsslcerts script via SSH, you may see errors similar to the following:
FAILED: Cpanel::Exception/(XID bj6m2k) The system queried for a temporary file at “http://hostname.domain.tld/.well-known/pki-validation/B65E7F11E8FBB1F598817B68746BCDDC.txt”, but the web server responded with the following error: 404 (Not Found). A DNS (Domain Name System) or web server misconfiguration may exist. [WARN] The system failed to acquire a signed certificate from the cPanel Store because of the following error: Neither HTTP nor DNS DCV preflight checks succeeded!
Description:
Encountering errors like “404 Not Found” during the DCV check when running /usr/local/cpanel/bin/checkallsslcerts via SSH? This issue typically arises when the shared IP address doesn’t match the main IP. To resolve it, ensure both IPs match and that the A record for the server’s hostname points to the main/shared IP. Here’s a workaround:
Workaround:
1. Confirm that the main IP and shared IP are identical.
2. Make sure the A record for the server’s hostname points to the main/shared IP.
3. To change the shared IP:
Log in to WHM as the ‘root’ user.
/scripts/rebuildhttpdconf /scripts/restartsrv_httpd --hard
This will help resolve issues with obtaining a free hostname certificate in cPanel/WHM.
Conclusion
Securing your cPanel/WHM server’s hostname with a free SSL certificate from AutoSSL is essential for a secure web hosting environment. By following these steps, you can ensure that your server’s hostname is protected with a valid SSL certificate.
Remember to regularly check your SSL certificates to ensure they remain up-to-date and secure.