1. When connecting to all CPanel/WHM SSL-enabled services (cpanel, WHM, webmail, SMTP, POP, IMAP, etc), you will get a warning of invalid certificate, and have to manually bypass or add exception in order to proceed.
2. Cron mails from the server include warnings as follows: "The SSL (Secure Sockets Layer) certificate ..... will expire in less than 30 days."
All managed servers currently use free SSL certificates provided by letsencrypt.org , which require renewal every 3-4 months. To generate and/or renew:-
1. SSH to server
2. vim /etc/crontab , and copy paste the letsencrypt command as follows:-
/root/.local/share/letsencrypt/bin/letsencrypt --text certonly --renew-by-default --webroot --webroot-path /usr/local/apache/htdocs/ -d server-hostname-fqdn
(server-hostname-fqdn is full hostname including domain, e.g. sv1.shoppingnsales.com (or just shoppingnsales.com, depending on how admin/customer normally access cpanel, WHM, webmail, SMTP, POP, IMAP, etc)).
3. The results should be of this sort:-
4. Ensure certificate files updated:-
(Most importantly, each files' last modified date must be today's date)
5. Go to server WHM --> Manage Service SSL Certificates
Tick each of this option:-
- Copy paste the following file contents (from "BEGIN" to "END" lines) into the corresponding fields:-
cert.pem --> Certificate
privkey.pem --> Private Key
chain.pem ---> Certificate Authority Bundle
- Click "Install".
6. After installation completes, when offered to "Restart cpsrvd", click "Proceed".
7. Relogin to WHM: https://server-hostname-fqdn:2087
- Verify no more warnings.
- Padlock in URL should be green. Click on it and view certificate details. Verify that the certificate expires 3-4 months from now.