Issue: cPanel Hostname SSL certificate Expired
Error Scenario 1 : NET:: ERR_CERT_DATE_INVALID while taking WHM link
Error Scenario 2: Server Hostname Cannot be verified (if used in the Mail configurations in email clients)
cPanel Service SSL certificates are Expired. You can check the browser for more details of the error or you can go to WHM and check the details of the cert in the below WHM section.
Possible Fixes :
- Get a Paid SSL from any SSL providers for your hostname. this is a Paid option and nowadays this is obsolete as there are many options to get free SSL. This will be an option if you are still running old Cpanel/Plesk versions with older Os versions like Centos 5
- If you are having Plesk, you can install a free SSL using the lets-encrypt free extension.
- Login to Plesk
- Go to Tools and Settings >> Extensions
- Search for Letsencrypt and confirm it is installed. If not get it installed
- Then Go to Tools and Settings >> SSL/TLS Certificates (under Security).
- Click Let’s Encrypt
- Enter Server Hostname and your email address
- Click Install
- If all ok, you are set to go and SSL cert for server hostname is set to plesk login interface and can login to plesk using https://server.hostname.com:8443 without any error.
- Once this is completed, you need to click on Change option near to “Certificate for Securing Mail”
- Select the free ssl which we generated a few minutes ago which will be named mostly “Lets Encrypt Certificate”
- Test Mail client settings using SSL port and server hostname and it should work without any issues.
- If you are having cPanel, then you can get this set up by simply doing the below steps
- Make sure your Server Hostname is resolving without any proxy to correct IP address.
- Make sure IP is showing the Cpanel default page while browsing.
- Once the above pre-flight checks are done, Go to WHM >> Service Configuration >> Manage Service SSL Certificates and check the status of the SSL and details. If that is having a paid SSL, then reset the certificate and then try UPCP and it will fix it.
- If it is having self-signed cert and yet it is not working, then you need to try running the below script to see what is the exact error while trying to run it.
This script will check all cert’s including Cpanel hostname certs for all services as well and will replace all certs with Cpanel signed SSL certs. If you want to read more about the features of this script, you can read from this link
- If all is fine it will have proper ssl cert soon, if there is any error, then you need to fix it and you can use the below command by placing a sample .txt file to see if there is any error and fix it as per the error with the help of a server administrator
# curl -kvv server.hostname.com/.well-known/pki-validation/testssl.txt
- Once completed, confirm by accessing the cPanel/WHM interface or by checking the cert status from WHM >> Service Configuration >> Manage Service SSL Certificates and confirm it is having a Cpanel signed SSL cert