How to deal with WHM (server) certificate renewal issues

Background

This article is about WHM server certificates, not cPanel certificates.

WHM uses a 3rd party SSL service called Sectigo. At times the built-in SSL certificates do not renew and then one is inundated with SSL renewal emails.

Of course, one would expect to not receive these emails, but nevertheless, I got them and logged a ticket.

This article describes the symptoms and the cure of this problem.

The subject of the SSL renewals emails will be:

[whm-host.example.com] The SSL (Secure Sockets Layer) certificate for “exim” on “whm-host.example.com” will expire in less than 30 days.

There will be lots of variants where exim could be dovecot etc.

The body of the emails will be:

The certificate has the following properties:

Domains: whm-host.example.com
Issuer: cPanel, Inc.
Key Size: 2048
Expires: Thursday, October 6, 2022 at 11:59:59 PM UTC

You need to install a new certificate as soon as possible. You can do this with WHM’s “Manage Service SSL Certificates” interface at https://whm-host.example.com:2087/scripts2/manageservicecrts.

The troubleshooting process is below. The syntax of the openssl command is of what’s important.
Unfortunately the output is over the top but one can focus on the first bits of information to see the status.

# hostname
whm-host.example.com
# openssl s_client -connect whm-host.example.com:2087 -servername whm-host.example.com -showcerts | openssl x509 -noout -text
verify return:1
Issuer: C=US, ST=TX, L=Houston, O=cPanel, Inc., CN=cPanel, Inc. Certification Authority
Validity
Not Before: Jul 7 00:00:00 2022 GMT
Not After : Oct 5 23:59:59 2022 GMT <-- expires soon
Subject: CN=whm-host.example.com

The fix is:

/usr/local/cpanel/bin/checkallsslcerts

The information in this article was provided by WHM technical support.

Reference

https://support.cpanel.net/hc/en-us/articles/360056507634-How-close-to-expiry-will-AutoSSL-try-to-renew-an-SSL-

Share this article

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to Top