Closed nikolaipulkkinen closed 7 years ago
srvrco
commented
7 years ago From the information you have there, it looks as if you haven't reloaded the config ( and new SSL cert) into your webserver.
What command / setting do you have for RELOAD_CMD ?
nikolaipulkkinen
commented
7 years ago I am using a2hosting shared account. How can i find what command should i use?
srvrco
commented
7 years ago Looking at https://www.a2hosting.com/kb/security/ssl/installing-a-third-party-ssl-certificate it seems to have cpanel as the control panel. if so, do you have the uapi command available - if so use the cpanel upload script https://raw.githubusercontent.com/srvrco/getssl/master/other_scripts/cpanel_cert_upload
nikolaipulkkinen
commented
7 years ago Yes, uapi command available. Can you explain how to use this script?
srvrco
commented
7 years ago Simply upload that script to your sever ( the same a the getssl script).
curl https://raw.githubusercontent.com/srvrco/getssl/master/other_scripts/cpanel_cert_upload > cpanel_cert_upload; chmod 700 cpanel_cert_uploadThen set
RELOAD_CMD="${HOME}/cpanel_cert_upload eurohost.ee"
then it should all just upload automatically.
To test, you don't need to run getssl again ... just run the command
./cpanel_cert_upload eurohost.ee
nikolaipulkkinen
commented
7 years ago Thank you for your help.
When running
./cpanel_cert_upload www.eurohost.ee
get message
Can't determine the Home of LiteSpeed Web Server, exit!
Also, below i show steps that i did.
./getssl -c www.eurohost.ee
settings at account level ./getssl/getssl.cfg
# Uncomment and modify any variables you need
# see https://github.com/srvrco/getssl/wiki/Config-variables for details
#
# The staging server is best for testing (hence set as default)
CA="https://acme-staging.api.letsencrypt.org"
# This server issues full certificates, however has rate limits
#CA="https://acme-v01.api.letsencrypt.org"
AGREEMENT="https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf"
# Set an email address associated with your account - generally set at account level rather than domain.
ACCOUNT_EMAIL="nxxxxn@gmail.com"
ACCOUNT_KEY_LENGTH=4096
ACCOUNT_KEY="/home/eurohost/.getssl/account.key"
PRIVATE_KEY_ALG="rsa"
REUSE_PRIVATE_KEY="true"
# The command needed to reload apache / nginx or whatever you use
RELOAD_CMD="${HOME}/cpanel_cert_upload www.eurohost.ee"
# The time period within which you want to allow renewal of a certificate
# this prevents hitting some of the rate limits.
RENEW_ALLOW="30"
# Define the server type. This can be https, ftp, ftpi, imap, imaps, pop3, pop3s, smtp,
# smtps_deprecated, smtps, smtp_submission, xmpp, xmpps, ldaps or a port number which
# will be checked for certificate expiry and also will be checked after
# an update to confirm correct certificate is running (if CHECK_REMOTE) is set to true
SERVER_TYPE="https"
CHECK_REMOTE="true"
# Use the following 3 variables if you want to validate via DNS
#VALIDATE_VIA_DNS="true"
#DNS_ADD_COMMAND=
#DNS_DEL_COMMAND=I want to ask, is line RELOAD_CMD="${HOME}/cpanel_cert_upload www.eurohost.ee" right? Or i need to set RELOAD_CMD="/home/eurohost/cpanel_cert_upload www.eurohost.ee" ?
settings at domain level ./getssl/www.eurohost.ee/getssl.cfg
# Uncomment and modify any variables you need
# see https://github.com/srvrco/getssl/wiki/Config-variables for details
# see https://github.com/srvrco/getssl/wiki/Example-config-files for example configs
#
# The staging server is best for testing
#CA="https://acme-staging.api.letsencrypt.org"
# This server issues full certificates, however has rate limits
#CA="https://acme-v01.api.letsencrypt.org"
#PRIVATE_KEY_ALG="rsa"
# Additional domains - this could be multiple domains / subdomains in a comma separated list
# Note: this is Additional domains - so should not include the primary domain.
# SANS="aroive.com,www.aroive.com"
# Acme Challenge Location. The first line for the domain, the following ones for each additional domain.
# If these start with ssh: then the next variable is assumed to be the hostname and the rest the location.
# An ssh key will be needed to provide you with access to the remote server.
# Optionally, you can specify a different userid for ssh/scp to use on the remote server before the @ sign.
# If left blank, the username on the local server will be used to authenticate against the remote server.
# If these start with ftp: then the next variables are ftpuserid:ftppassword:servername:ACL_location
# These should be of the form "/path/to/your/website/folder/.well-known/acme-challenge"
# where "/path/to/your/website/folder/" is the path, on your web server, to the web root for your domain.
ACL=('/home/eurohost/public_html/.well-known/acme-challenge')
#Set USE_SINGLE_ACL="true" to use a single ACL for all checks
USE_SINGLE_ACL="true"
# Location for all your certs, these can either be on the server (full path name)
# or using ssh /sftp as for the ACL
DOMAIN_CERT_LOCATION="/home/eurohost/etc/ssl/www.eurohost.ee.crt"
DOMAIN_KEY_LOCATION="/home/eurohost/etc/ssl/www.eurohost.ee.key"
CA_CERT_LOCATION="/home/eurohost/etc/ssl/chain.crt"
#DOMAIN_CHAIN_LOCATION="" # this is the domain cert and CA cert
#DOMAIN_PEM_LOCATION="" # this is the domain_key, domain cert and CA cert
# The command needed to reload apache / nginx or whatever you use
#RELOAD_CMD=""
# Define the server type. This can be https, ftp, ftpi, imap, imaps, pop3, pop3s, smtp,
# smtps_deprecated, smtps, smtp_submission, xmpp, xmpps, ldaps or a port number which
# will be checked for certificate expiry and also will be checked after
# an update to confirm correct certificate is running (if CHECK_REMOTE) is set to true
#SERVER_TYPE="https"
#CHECK_REMOTE="true"After i run command
eurohost@nlsrc2 [~]# ./getssl www.eurohost.ee
and get results
www.eurohost.ee: Certificate on remote domain does not match, ignoring remote certificate
creating account key /home/eurohost/.getssl/account.key
creating key - /home/eurohost/.getssl/account.key
Generating RSA private key, 4096 bit long modulus
..............................................................................++
......................................++
e is 65537 (0x10001)
./getssl: line 649: -4: substring expression < 0
creating key - /home/eurohost/.getssl/www.eurohost.ee/www.eurohost.ee.key
Generating RSA private key, 4096 bit long modulus
..++
...........................................................................................................++
e is 65537 (0x10001)
./getssl: line 649: -4: substring expression < 0
creating domain csr - /home/eurohost/.getssl/www.eurohost.ee/www.eurohost.ee.csr
Registering account
Registered
Verify each domain
Verifying www.eurohost.ee
copying challenge token to /home/eurohost/public_html/.well-known/acme-challenge/oheHn8EEs-Ey1HKzjhI_bS6TkrfO957RT_amlDM04AY
Pending
Verified www.eurohost.ee
Verification completed, obtaining certificate.
Certificate saved in /home/eurohost/.getssl/www.eurohost.ee/www.eurohost.ee.crt
The intermediate CA cert is in /home/eurohost/.getssl/www.eurohost.ee/chain.crt
copying domain certificate to /home/eurohost/etc/ssl/www.eurohost.ee.crt
copying private key to /home/eurohost/etc/ssl/www.eurohost.ee.key
copying CA certificate to /home/eurohost/etc/ssl/chain.crt
reloading SSL services
cat: /home/eurohost/.getssl/eurohost.ee/eurohost.ee.crt: No such file or directory
cat: /home/eurohost/.getssl/eurohost.ee/eurohost.ee.key: No such file or directory
cat: /home/eurohost/.getssl/eurohost.ee/chain.crt: No such file or directory
Can't determine the Home of LiteSpeed Web Server, exit!
---
apiversion: 3
func: install_ssl
module: SSL
result:
data: ~
errors:
- No 'cert' argument specified.
messages: ~
metadata: {}
status: 0
getssl: www.eurohost.ee - certificate obtained but certificate on server is different from the new certificateand after
eurohost@nlsrc2 [~]# ./cpanel_cert_upload www.eurohost.ee
Can't determine the Home of LiteSpeed Web Server, exit!Can you advise anything?
srvrco
commented
7 years ago The command should be
./cpanel_cert_upload eurohost.ee
not
./cpanel_cert_upload www.eurohost.ee
nikolaipulkkinen
commented
7 years ago Hi.
I tried command
./cpanel_cert_upload eurohost.ee
and get message
Can't determine the Home of LiteSpeed Web Server, exit!
[2017-02-10 07:54:30 +0100] warn [cpanel] Cpanel::Wrap::send_cpwrapd_request The adminbin “ssl” in the “Cpanel” namespace call to function “ADD” ended prematurely: The subprocess reported error number 5 when it ended.: namespace=[Cpanel] module=[ssl] function=[ADD]: raw_response=[{__CPANEL_HIDDEN__:0,__CPANEL_HIDDEN__:__CPANEL_HIDDEN__,__CPANEL_HIDDEN__:1,__CPANEL_HIDDEN__:1,__CPANEL_HIDDEN__:{__CPANEL_HIDDEN__:__CPANEL_HIDDEN__,__CPANEL_HIDDEN__:__CPANEL_HIDDEN__,__CPANEL_HIDDEN__:__CPANEL_HIDDEN__,__CPANEL_HIDDEN__:0,__CPANEL_HIDDEN__:__CPANEL_HIDDEN__},__CPANEL_HIDDEN__:__CPANEL_HIDDEN__,__CPANEL_HIDDEN__:__CPANEL_HIDDEN__,__CPANEL_HIDDEN__:__CPANEL_HIDDEN__,__CPANEL_HIDDEN__:1280}] at /usr/local/cpanel/Cpanel/Wrap.pm line 124, <$socket> line 1.
Cpanel::Wrap::send_cpwrapd_request("no_cperror", 1, "module", "ssl", "data", HASH(0x2b5e6e8), "namespace", "Cpanel", "env", ...) called at /usr/local/cpanel/Cpanel/Wrap.pm line 64
Cpanel::Wrap::send_cpwrapd_request_no_cperror("namespace", "Cpanel", "module", "ssl", "function", "ADD", "data", HASH(0x2b5e6e8), "action", ...) called at /usr/local/cpanel/Cpanel/AdminBin.pm line 251
Cpanel::AdminBin::_adminfetch("module", "ssl", "function", "ADD", "format", "storable", "cache_check_files", "", "cache", ...) called at /usr/local/cpanel/Cpanel/AdminBin.pm line 177
Cpanel::AdminBin::fetch_adminbin_nocache_with_status("ssl", undef, "ADD", "storable", HASH(0x2b5e6e8)) called at /usr/local/cpanel/Cpanel/API/SSL.pm line 1699
Cpanel::API::SSL::_install("eurohost.ee", "eurohost_ee_cf2c3_8708f_1494481560_7665e068cf5af0a113711bc8f9"..., "cf2c3_8708f_0f875e07f17bd4758359204d5984e362", "-----BEGIN CERTIFICATE-----\x{a}MIIEqzCCApOgAwIBAgIRAIvhKg5ZRO08V"..., Cpanel::Result=HASH(0x4da1da0)) called at /usr/local/cpanel/Cpanel/API/SSL.pm line 1321
Cpanel::API::SSL::install_ssl(Cpanel::Args=HASH(0x4b5d368), Cpanel::Result=HASH(0x4da1da0)) called at /usr/local/cpanel/Cpanel/API.pm line 287
Cpanel::API::__ANON__() called at /usr/local/cpanel/Cpanel/API.pm line 359
eval {...} called at /usr/local/cpanel/Cpanel/API.pm line 359
Cpanel::API::_eval_guard(Cpanel::Result=HASH(0x4da1da0), CODE(0x4c72ec8)) called at /usr/local/cpanel/Cpanel/API.pm line 287
Cpanel::API::_run_module_function(Cpanel::Args=HASH(0x4b5d368), Cpanel::Result=HASH(0x4da1da0), "SSL", "install_ssl") called at /usr/local/cpanel/Cpanel/API.pm line 142
Cpanel::API::execute("SSL", "install_ssl", HASH(0x5255fe0)) called at cpanel.pl line 1480
cpanel::cpanel::docpanelaction(HASH(0x49585c8)) called at cpanel.pl line 4996
cpanel::cpanel::run_fast_json_mode() called at cpanel.pl line 840
cpanel::cpanel::script("cpanel::cpanel", "--json-fast-connect", "--stdin") called at cpanel.pl line 306
[2017-02-10 07:54:30 +0100] warn [cpanel] Cpanel::Wrap::send_cpwrapd_request error: namespace=[Cpanel] module=[ssl] function=[ADD]: statusmsg=[The adminbin “ssl” in the “Cpanel” namespace call to function “ADD” ended prematurely: The subprocess reported error number 5 when it ended.] at /usr/local/cpanel/Cpanel/Wrap.pm line 133, <$socket> line 1.
Cpanel::Wrap::send_cpwrapd_request("no_cperror", 1, "module", "ssl", "data", HASH(0x2b5e6e8), "namespace", "Cpanel", "env", ...) called at /usr/local/cpanel/Cpanel/Wrap.pm line 64
Cpanel::Wrap::send_cpwrapd_request_no_cperror("namespace", "Cpanel", "module", "ssl", "function", "ADD", "data", HASH(0x2b5e6e8), "action", ...) called at /usr/local/cpanel/Cpanel/AdminBin.pm line 251
Cpanel::AdminBin::_adminfetch("module", "ssl", "function", "ADD", "format", "storable", "cache_check_files", "", "cache", ...) called at /usr/local/cpanel/Cpanel/AdminBin.pm line 177
Cpanel::AdminBin::fetch_adminbin_nocache_with_status("ssl", undef, "ADD", "storable", HASH(0x2b5e6e8)) called at /usr/local/cpanel/Cpanel/API/SSL.pm line 1699
Cpanel::API::SSL::_install("eurohost.ee", "eurohost_ee_cf2c3_8708f_1494481560_7665e068cf5af0a113711bc8f9"..., "cf2c3_8708f_0f875e07f17bd4758359204d5984e362", "-----BEGIN CERTIFICATE-----\x{a}MIIEqzCCApOgAwIBAgIRAIvhKg5ZRO08V"..., Cpanel::Result=HASH(0x4da1da0)) called at /usr/local/cpanel/Cpanel/API/SSL.pm line 1321
Cpanel::API::SSL::install_ssl(Cpanel::Args=HASH(0x4b5d368), Cpanel::Result=HASH(0x4da1da0)) called at /usr/local/cpanel/Cpanel/API.pm line 287
Cpanel::API::__ANON__() called at /usr/local/cpanel/Cpanel/API.pm line 359
eval {...} called at /usr/local/cpanel/Cpanel/API.pm line 359
Cpanel::API::_eval_guard(Cpanel::Result=HASH(0x4da1da0), CODE(0x4c72ec8)) called at /usr/local/cpanel/Cpanel/API.pm line 287
Cpanel::API::_run_module_function(Cpanel::Args=HASH(0x4b5d368), Cpanel::Result=HASH(0x4da1da0), "SSL", "install_ssl") called at /usr/local/cpanel/Cpanel/API.pm line 142
Cpanel::API::execute("SSL", "install_ssl", HASH(0x5255fe0)) called at cpanel.pl line 1480
cpanel::cpanel::docpanelaction(HASH(0x49585c8)) called at cpanel.pl line 4996
cpanel::cpanel::run_fast_json_mode() called at cpanel.pl line 840
cpanel::cpanel::script("cpanel::cpanel", "--json-fast-connect", "--stdin") called at cpanel.pl line 306
---apiversion: 3
func: install_ssl
module: SSL
result:
data:
cert_id: eurohost_ee_cf2c3_8708f_1494481560_7665e068cf5af0a113711bc8f98d7bae
key_id: cf2c3_8708f_0f875e07f17bd4758359204d5984e362
errors:
- The certificate could not be installed on the domain “eurohost.ee”.
- Certificate verification failed!The system did not find the root certificate that corresponds to the supplied Certificate Authority Bundle’s intermediate certificate. Please supply a full Certificate Authority Bundle with the root certificate included.
messages: ~
metadata: {}
status: 0Do you have advise, how to fix this?
At account level i changed
RELOAD_CMD="${HOME}/cpanel_cert_upload eurohost.ee"
to
RELOAD_CMD="/home/eurohost/cpanel_cert_upload eurohost.ee"
But did not helped.
nikolaipulkkinen
commented
7 years ago I can ask hosting support for help. But could you advise what to ask, so they understood me
srvrco
commented
7 years ago I'd ask the host if the uapi function is enabled to upload certificates to the account.
Please don't kee running GetSSL and obtaining new certs though - you will hit the limits. I'm only ever suggesting here that you run the cpanel_cert_upload command.
That is looking like it's very close from the messages - just missing one cert (possibly).
Can you check in your cpanel - in the SSL options, if the cert has been uploaded ?
can you also run
ls -l .getssl/eurohost.ee/
nikolaipulkkinen
commented
7 years ago Can you check in your cpanel - in the SSL options, if the cert has been uploaded ?
can you also run
ls -l .getssl/eurohost.ee/
Do i need to ask that or answers above gave you the answer?
I'd ask the host if the uapi function is enabled to upload certificates to the account.
srvrco
commented
7 years ago OK, so the certificate has been uploaded into cpanel - and it's working.
The only issue now is about domain names - what are the domain names which you have all hosted in the same place here ? aroive.com, www.aroive.com www.eurohost.ee and eurohost.ee ?
nikolaipulkkinen
commented
7 years ago what are the domain names which you have all hosted in the same place here ?
i deleted folders for aroive.com long time ago after i found problem.
srvrco
commented
7 years ago in your getssl.cfg you have
# SANS="aroive.com,www.aroive.com"which although commented out - you have no SANS defined for www.eurohost.ee - so your certificate is only valid for eurohost.ee and not www.eurohost.ee
In addition - as you comment - you are currently providing the certificate for www.aroive.com
tidy up the configuration to get rid of aroive.com and www.aroive.com and get a certificate for just the domains you want ( eurohost.ee and www.eurohost.ee) then upload that certificate to cpanel.
nikolaipulkkinen
commented
7 years ago As i understand, i should do the following steps. Am i right? I am not sure about 2-nd step.
/.getssl/eurohost.ee/getssl.cfg
change
# SANS="aroive.com,www.aroive.com"
to
SANS="www.eurohost.ee"
/.getssl/www.eurohost.ee/getssl.cfg
change
# SANS="aroive.com,www.aroive.com"
to
SANS=""
Run getssl eurohost.ee
srvrco
commented
7 years ago You want one certificate for eurohost.ee and www.eurohost.ee so
correct - in .getssl/eurohost.ee/getssl.cfg
change
# SANS="aroive.com,www.aroive.com"
to
SANS="www.eurohost.ee"
delete the ./.getssl/www.eurohost.ee folder completely
then run getssl eurohost.ee -f to force a new certificate for both eurohost.ee and www.eurohost.ee
nikolaipulkkinen
commented
7 years ago Did everything as you wrote above. I highlighted below two messages from whole output that i got after running getssl eurohost.ee -f.
Also really sorry for wasting your time on this issue. Thank you a lot =\
Can't determine the Home of LiteSpeed Web Server, exit!
_errors:
eurohost@nlsrc2 [~]# ./getssl eurohost.ee -f
existing csr at /home/eurohost/.getssl/eurohost.ee/eurohost.ee.csr does not contain www.eurohost.ee - re-create-csr ....
existing csr at /home/eurohost/.getssl/eurohost.ee/eurohost.ee.csr does not have the same domains as the config - re-create-csr
creating domain csr - /home/eurohost/.getssl/eurohost.ee/eurohost.ee.csr
Registering account
Verify each domain
Verifying eurohost.ee
eurohost.ee is already validated
Verifying www.eurohost.ee
www.eurohost.ee is already validated
Verification completed, obtaining certificate.
Certificate saved in /home/eurohost/.getssl/eurohost.ee/eurohost.ee.crt
The intermediate CA cert is in /home/eurohost/.getssl/eurohost.ee/chain.crt
copying domain certificate to /home/eurohost/etc/ssl/eurohost.ee.crt
copying private key to /home/eurohost/etc/ssl/eurohost.ee.key
copying CA certificate to /home/eurohost/etc/ssl/chain.crt
reloading SSL services
Can't determine the Home of LiteSpeed Web Server, exit!
[2017-02-10 11:17:11 +0100] warn [cpanel] Cpanel::Wrap::send_cpwrapd_request The adminbin “ssl” in the “Cpanel” namespace call to function “ADD” ended prematurely: The subprocess reported error number 5 when it ended.: namespace=[Cpanel] module=[ssl] function= [ADD]: raw_response=[{__CPANEL_HIDDEN__:__CPANEL_HIDDEN__,__CPANEL_HIDDEN__:__CPANEL_HIDDEN__,__CPANEL_HIDDEN__:1280,__CPANEL_HIDD EN__:__CPANEL_HIDDEN__,__CPANEL_HIDDEN__:0,__CPANEL_HIDDEN__:1,__CPANEL_HIDDEN__:{__CPANEL_HIDDEN__:__CPANEL_HIDDEN__,__CPANEL_HID DEN__:0,__CPANEL_HIDDEN__:__CPANEL_HIDDEN__,__CPANEL_HIDDEN__:__CPANEL_HIDDEN__,__CPANEL_HIDDEN__:__CPANEL_HIDDEN__},__CPANEL_HIDD EN__:1,__CPANEL_HIDDEN__:__CPANEL_HIDDEN__}] at /usr/local/cpanel/Cpanel/Wrap.pm line 124, <$socket> line 1.
Cpanel::Wrap::send_cpwrapd_request("no_cperror", 1, "namespace", "Cpanel", "env", HASH(0x498da28), "action", "fetch", "fun ction", ...) called at /usr/local/cpanel/Cpanel/Wrap.pm line 64
Cpanel::Wrap::send_cpwrapd_request_no_cperror("namespace", "Cpanel", "module", "ssl", "function", "ADD", "data", HASH(0x2b 5e6e8), "action", ...) called at /usr/local/cpanel/Cpanel/AdminBin.pm line 251
Cpanel::AdminBin::_adminfetch("module", "ssl", "function", "ADD", "format", "storable", "cache_check_files", "", "cache", ...) called at /usr/local/cpanel/Cpanel/AdminBin.pm line 177
Cpanel::AdminBin::fetch_adminbin_nocache_with_status("ssl", undef, "ADD", "storable", HASH(0x2b5e6e8)) called at /usr/loca l/cpanel/Cpanel/API/SSL.pm line 1699
Cpanel::API::SSL::_install("eurohost.ee", "eurohost_ee_cf2c3_8708f_1494494220_8d38a0fd25d9e4771c8e3a99a6"..., "cf2c3_8708f _0f875e07f17bd4758359204d5984e362", "-----BEGIN CERTIFICATE-----\x{a}MIIEqzCCApOgAwIBAgIRAIvhKg5ZRO08V"..., Cpanel::Result=HASH(0x 3d73300)) called at /usr/local/cpanel/Cpanel/API/SSL.pm line 1321
Cpanel::API::SSL::install_ssl(Cpanel::Args=HASH(0x350db50), Cpanel::Result=HASH(0x3d73300)) called at /usr/local/cpanel/Cp anel/API.pm line 287
Cpanel::API::__ANON__() called at /usr/local/cpanel/Cpanel/API.pm line 359
eval {...} called at /usr/local/cpanel/Cpanel/API.pm line 359
Cpanel::API::_eval_guard(Cpanel::Result=HASH(0x3d73300), CODE(0x3500c78)) called at /usr/local/cpanel/Cpanel/API.pm line 2 87
Cpanel::API::_run_module_function(Cpanel::Args=HASH(0x350db50), Cpanel::Result=HASH(0x3d73300), "SSL", "install_ssl") call ed at /usr/local/cpanel/Cpanel/API.pm line 142
Cpanel::API::execute("SSL", "install_ssl", HASH(0x42bbde8)) called at cpanel.pl line 1480
cpanel::cpanel::docpanelaction(HASH(0x35e78f8)) called at cpanel.pl line 4996
cpanel::cpanel::run_fast_json_mode() called at cpanel.pl line 840
cpanel::cpanel::script("cpanel::cpanel", "--json-fast-connect", "--stdin") called at cpanel.pl line 306
[2017-02-10 11:17:11 +0100] warn [cpanel] Cpanel::Wrap::send_cpwrapd_request error: namespace=[Cpanel] module=[ssl] function=[ADD] : statusmsg=[The adminbin “ssl” in the “Cpanel” namespace call to function “ADD” ended prematurely: The subprocess reported error number 5 when it ended.] at /usr/local/cpanel/Cpanel/Wrap.pm line 133, <$socket> line 1.
Cpanel::Wrap::send_cpwrapd_request("no_cperror", 1, "namespace", "Cpanel", "env", HASH(0x498da28), "action", "fetch", "fun ction", ...) called at /usr/local/cpanel/Cpanel/Wrap.pm line 64
Cpanel::Wrap::send_cpwrapd_request_no_cperror("namespace", "Cpanel", "module", "ssl", "function", "ADD", "data", HASH(0x2b 5e6e8), "action", ...) called at /usr/local/cpanel/Cpanel/AdminBin.pm line 251
Cpanel::AdminBin::_adminfetch("module", "ssl", "function", "ADD", "format", "storable", "cache_check_files", "", "cache", ...) called at /usr/local/cpanel/Cpanel/AdminBin.pm line 177
Cpanel::AdminBin::fetch_adminbin_nocache_with_status("ssl", undef, "ADD", "storable", HASH(0x2b5e6e8)) called at /usr/loca l/cpanel/Cpanel/API/SSL.pm line 1699
Cpanel::API::SSL::_install("eurohost.ee", "eurohost_ee_cf2c3_8708f_1494494220_8d38a0fd25d9e4771c8e3a99a6"..., "cf2c3_8708f _0f875e07f17bd4758359204d5984e362", "-----BEGIN CERTIFICATE-----\x{a}MIIEqzCCApOgAwIBAgIRAIvhKg5ZRO08V"..., Cpanel::Result=HASH(0x 3d73300)) called at /usr/local/cpanel/Cpanel/API/SSL.pm line 1321
Cpanel::API::SSL::install_ssl(Cpanel::Args=HASH(0x350db50), Cpanel::Result=HASH(0x3d73300)) called at /usr/local/cpanel/Cp anel/API.pm line 287
Cpanel::API::__ANON__() called at /usr/local/cpanel/Cpanel/API.pm line 359
eval {...} called at /usr/local/cpanel/Cpanel/API.pm line 359
Cpanel::API::_eval_guard(Cpanel::Result=HASH(0x3d73300), CODE(0x3500c78)) called at /usr/local/cpanel/Cpanel/API.pm line 2 87
Cpanel::API::_run_module_function(Cpanel::Args=HASH(0x350db50), Cpanel::Result=HASH(0x3d73300), "SSL", "install_ssl") call ed at /usr/local/cpanel/Cpanel/API.pm line 142
Cpanel::API::execute("SSL", "install_ssl", HASH(0x42bbde8)) called at cpanel.pl line 1480
cpanel::cpanel::docpanelaction(HASH(0x35e78f8)) called at cpanel.pl line 4996
cpanel::cpanel::run_fast_json_mode() called at cpanel.pl line 840
cpanel::cpanel::script("cpanel::cpanel", "--json-fast-connect", "--stdin") called at cpanel.pl line 306
---
apiversion: 3
func: install_ssl
module: SSL
result:
data:
cert_id: eurohost_ee_cf2c3_8708f_1494494220_8d38a0fd25d9e4771c8e3a99a6e33717
key_id: cf2c3_8708f_0f875e07f17bd4758359204d5984e362
errors:Certificate verification failed!The system did not find the root certificate that corresponds to the supplied Certificate Authority Bundle’s intermediate certificate. Please supply a full Certificate Authority Bundle with the root certificate included. messages: ~ metadata: {}
status: 0 getssl: eurohost.ee - certificate obtained but certificate on server is different from the new certificate
in cPanel
Private Keys
Certificate Signing Requests on Server
Certificates (CRT)
New, right image
As i see no Certificate Signing Requests on Server right now, maybe this a problem?
srvrco
commented
7 years ago Not having a CSR on there isn't an issue (I wouldn't expect there to be one).
I'd check with your host that the uapi function is enabled to upload certificates to the account, and can load the cert into apache - because there are some certs there.
If not, just ask the host to set it to use the cert, shown in your cpanel, which is havlid for both eurohost.ee and www.eurohost.ee
nikolaipulkkinen
commented
7 years ago I'd check with your host that the uapi function is enabled to upload certificates to the account, and can load the cert into apache - because there are some certs there.
I checked, in previous comment i uploaded wrong image for Certificates (CRT) . Reuploaded.
srvrco
commented
7 years ago OK - so the certificate is on the server, in cPanel - the question for the host is how to ensure that certificate is used ?
They may reload apache once a day (so it will be OK tomorrow) or it may need them to do something. You need to ask them now (since the cert if there ).
srvrco
commented
7 years ago I'm closing this as an issue, as the issue is with your host and them using the cert, rather than obtaining the cert.
Hi. I issued certificates for DNS names aroive.com and www.aroive.com. How can i fix this? I understood that i ran script without changing SANS and by default there was aroive.com and www.aroive.com.
I ran ./getssl -a command again with right SANS, but get message at the end getssl: eurohost.ee - certificate obtained but certificate on server is different from the new certificate