Background
This article is about WHM server certificates, not cPanel certificates.
WHM uses a 3rd party SSL service called Sectigo. At times the built-in SSL certificates do not renew and then one is inundated with SSL renewal emails.
Of course, one would expect to not receive these emails, but nevertheless, I got them and logged a ticket.
This article describes the symptoms and the cure of this problem.
The subject of the SSL renewals emails will be:
[whm-host.example.com] The SSL (Secure Sockets Layer) certificate for “exim” on “whm-host.example.com” will expire in less than 30 days.
There will be lots of variants where exim could be dovecot etc.
The body of the emails will be:
The certificate has the following properties: Domains: whm-host.example.com Issuer: cPanel, Inc. Key Size: 2048 Expires: Thursday, October 6, 2022 at 11:59:59 PM UTC You need to install a new certificate as soon as possible. You can do this with WHM’s “Manage Service SSL Certificates” interface at https://whm-host.example.com:2087/scripts2/manageservicecrts.
The troubleshooting process is below. The syntax of the openssl command is of what’s important.
Unfortunately the output is over the top but one can focus on the first bits of information to see the status.
# hostname whm-host.example.com # openssl s_client -connect whm-host.example.com:2087 -servername whm-host.example.com -showcerts | openssl x509 -noout -text verify return:1 Issuer: C=US, ST=TX, L=Houston, O=cPanel, Inc., CN=cPanel, Inc. Certification Authority Validity Not Before: Jul 7 00:00:00 2022 GMT Not After : Oct 5 23:59:59 2022 GMT <-- expires soon Subject: CN=whm-host.example.com
The fix is:
/usr/local/cpanel/bin/checkallsslcerts
The information in this article was provided by WHM technical support.