WHM: Install SSL certificate for Hostname

CentOS, Hosting, Linux / December 27, 2021 / ashishpsk / 0

Initially, to install the Let’s Encrypt provider, we run the following command:

/scripts/install_lets_encrypt_autossl_provider

Once we install the Let’s Encrypt provider, we change the auto SSL provider to Let’s Encrypt from Comodo.

To do so, we log in to WHMand go to Manage AutoSSL.

• Install Self-Signed Certificate to Hostname.

1) Here, we log in to WHM as a root user.

2) Then we go to “Service Configuration”.

3) Now, we select the following services and click on “Browse Certificate”.

• Calendar, cPanel, WebDisk, Webmail, and WHM Services
• Dovecot Mail Server
• Exim (SMTP) Server
• FTP Server

4) We can select hostname and click on “Use Certificates”.

5) Finally, we go ahead and click on “Install”.

Replace Self Signed Certificates with Valid Let’s Encrypt Certificates.

Once we install the self-signed certificate, to check SSL certificates, we run:

/usr/local/cpanel/bin/checkallsslcerts

When we run the above command, it will replace the Self-signed SSL certificates with a valid Let’s Encrypt certificate.

Once done, we can access WHM with the hostname:

https://hostname:2087

Command to check all SSL Certificates:

/usr/local/cpanel/bin/checkallsslcerts --verbose

Manually renew AutoSSL certificates for all users

/usr/local/cpanel/bin/autossl_check --all

If you are unable to access the server via SSH, start a new AutoSSL check in WHM at SSL/TLS > Manage AutoSSL and select Run AutoSSL For All Users.

Once the certificates have passed their validation checks, trigger their installation with this command:

/usr/local/cpanel/bin/autossl_check_cpstore_queue --force

Manually renew AutoSSL certificates for a single cPanel user

There are 3 ways to renew the AutoSSL certificates for a single user:

1. Navigate to WHM > SSL/TLS »Manage AutoSSL and select Manage Users, then select Check 'username' next to the user.
2. Log in to cPanel as the user, navigate to cPanel > Security > SSL/TLS Status and select Run AutoSSL.
3. Log in to the server as root via SSH or use the WHM Terminal and run the following command, substituting username with the cPanel account’s username:

/usr/local/cpanel/bin/autossl_check --user=username

Manually renew a certificate before it is revoked

To renew a certificate prior to its revocation, delete the existing SSL certificate via one of these methods:

• In WHM: Go to WHM>>SSL/TLS>>Manage SSL Hosts -> Delete the affected certificate.
• In cPanel: Go to cPanel>>Security>>SSL/TLS -> Manage SSL Sites -> Delete the affected certificate.
• On the command-line: whmapi1 delete_ssl_vhost host=example.com (Replace example.com with the affected domain.) 

Then force an AutoSSL run via one of these methods:

• /usr/local/cpanel/bin/autossl_check --user (Replace user with the affected user.)
• In WHM: Go to WHM > SSL/TLS > Manage AutoSSL>Manage Users and select Check “user” (Replace “user” with the affected user.).
• In cPanel: Go to cPanel>>Security>>SSL/TLS Status -> Run AutoSSL.