Please keep in mind I'm a bigtime n00bie when it comes to Linux..

Do I need to delete the domain I am trying to put the dedicated IP and SSL on before doing this? I've seen that mentioned in some places, but not in other places.

I've already moved the site to its own IP address. (as a side note, http:// is back up but http://www. is not after I moved the site about 8 hours ago, hope that will not be a problem)

I'm doing this on a WHM/cPanel server for a domain that currently exists and has a fairly heavily-modded forum with it that I don't want to mess with if I don't have to.

I've seen several tidbits of info on how to install this, but no clearcut WHM-specific complete directions on how this is done.

I have root access as well.

Can anyone show me a link that explains this better than what I've found in the cpanel newsgroups and googling so far?

Should I just forego the WHM method and do it directly in Linux?

Hi Shelley,

Well, I am not sure if this would help, in WHM under IP Functions, do the 'Rebuild IP Pool' and see if it works. If you move the site to a new IP address usually things would get properly redirected.

Hope that helps.

(sKelley1) ;)

it redirected the http:// just fine. the www isn't working (yet). I did the rebuild thing, but installing this requires many steps that aren't very clear and I'm kinda looking for some clearcut instructions pertaining to WHM of how to do this from beginning to end so I can do this myself. I usually don't get into the technical sides of things, but this is a personal project.

the ns0 and ns1 nameservers point to .35 and .36, respectively and all the sites on the server use .35

I added a .30 that I moved the site over to. So I guess I need to find out if that is acceptable or I have to delete and recreate the site using .30 as the dedicated IP first or not, and then exactly how I go through the WHM process of generating the keys, .crt's etc. It's not very user-friendly if you've never done it before.

I have installed an SSL cert with reseller access before with no problems.

You need to get the domain to an IP based account then its a simple as "Generate an SSL Certifcate and Signing Request".

Edit the dns zone for the domain and check that www is pointing to the correct ip, it should be a CNAME entry.

Does that help?

sKelley,

haa haa. well, I am jumping from screen to screen and running about doing some other things and mistakes can be made. ;)

I understand your pain. I am actually in a transition mode from moving my sites from my Cobalt RaQ to a Cpanel/WHM and things here are handled so differently. Not that it is bad but it is not as easy as the RaQ. How I miss my RaQ. :rolleyes:

From what I understand, the site which has SSL would require a dedicated IP address (or at least modify the httpd.conf under /etc/httpd/conf/httpd.conf by moving the site configuration to the first spot ahead of the other sites sharing that same IP).

I trust that when you mentioned moving the site to the new IP, you are using the 'Change Site's IP Address' function. This should make all the changes for you.

If that does not work, 'Edit DNS Zone' under DNS Function and see if all the reference for that site points to the correct IP address, ie the www and the non www link.

In any case, once you purchase a SSL, it would be explicitly for that URL. So if you register it for www.yourdomain.com , it would not work for https://yourdomain.com but just for https://www.yourdomain.com . Well, it will work but there would be a warning to say that the name on the cert and the site do not match.

Once you got all the pointing done, just go to 'Generate an SSL Certificate and Signing Request' and fill in the necessary options and click create. Copy and Paste the two cert thingy, the private key and the Request Certifcate and save it somewhere. You will need the Request Certificate when applying for the SSL.

Once you get your cert from FreeSSL, there would be two cert, the intermediary Cert and your SSL, I am not sure what the intermediary cert is for but you need your SSL Cert.

Then go to 'Install an SSL Certificate' and paste the entire cert into the first section which reads '.... paste your crt file'. Everything between the '----' including the '----' top and bottom. Enter a 'user' name under the 'user' section, this would be the login name for one of your site. Can be any but best to use the one you setting up the SSL for. At this time, the other columns, domain, ip address and the bottom 'key' and 'ca bundle' should somehow be filled by WHM. Now click 'Do It' and you be done.

All request for cert or key or request cert, must include the '---' and everything between them.

Hope that helps.

Have fun.

Edwin

You could always make another account in WHM secure.domain.com and make that IP based account. Then just install the cert to that domain and edit the dns to remove the www.secure.domain.com This would avoide the domain.com errors for the ssl once installed, if its installed for www.domain.com. so your ssl is https://secure.domain.com

Pretty much what he said except you're going to want to look in /usr/local/apache/conf for the httpd.conf file :)

I've installed a couple of the freessl certs now on our boxes, both required some tweaking to get them working without an error message.

If you have problems with warnings after you've completed the cpanel install, drop me a PM or an email and I'll give you some examples. :)

I checked the DNS entries, www is ok with cname. guess its just taking a while to go thru for www.

Thanks for the info so far guys, It'll take me a while to decipher everything you've said since I've never seen any of it for reference .:blush:

Originally posted by lightnin
Pretty much what he said except you're going to want to look in /usr/local/apache/conf for the httpd.conf file :)



Well, I just did a check, it seems that both the httpd.conf from
/usr/local/apache/conf and /etc/httpd/conf are identical. I remember only modifying one of them for some other things. I guess the system 'mirrored' it for me. In fact, all the files in that folder are identical.

ok, now i'm just getting frustrated. I have a couple of different attempts that show up on the ssl manager so i figure i need to somehow remove them from the server. When i try to install the ssl on the site (after moving it to dedicated .30) I get:

Attempting to verify your certificate.....
Modulus mismatch, key file does not match certificate. Please use the correct key file
Key Modulus
Crt Modulus

I don't know if it's because of the previous attempts, a problem with the software, or something I'm doing incorrectly.

Maybe I should just start over and remove this site from the dedicated .30 and put secure.domain.com on .30 instead?
Should I remove the previous attempts (and how do I do this?)?
Any other ideas?

You might not need to remove the certs since it should replace the older ones. There are probably just too many encode keys and certs which might confuse the hell out of anyone.

If you got the one from FreeSSL, ignore the Intermediary cert, I think they would port it in for you under Bundle CA or something.

The CRT would be the one which begins and ends with

-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----

The Key is the one which reads

-----BEGIN RSA PRIVATE KEY-----

-----END RSA PRIVATE KEY-----

The key should be the one generated by system. You should have this from an email sent to you by your server.

After you enter the CRT, click on any of the textbox below, it should fill up the details. Verify if the domain name and so on are correct before proceeding.

Hope that helps. if not, I sure hope the experts do come in to lend a helping hand.

When i paste the crt info and click in one of the fields, they do populate, but with the original .35 the site used to be on. I change that to .30 and then hit 'Do It' which is when I get the error.

Maybe you should just go delete all the old certs and try again.

i would love to try that, but dont see that as an option. there is 'Delete an SSL host' but that has nothing in it. it tells me 'There are no ssl hosts setup! '

You are right. I keep thinking that WHM was similiar to the Cobalt RaQ interface. Probably the only way to do it is to SSH and delete it. But keep that for the last resort.

I saw the Install SSL option, there is some checkbox call
"Check here if this ssl cert is already setup
and this is just a replacement/update certificate."

You might want to check that and retry ?

i just tried to change the certificate and now i get:

Attempting to verify your certificate.....
cp: cannot stat `/usr/local/cpanel/share/ssl/private/***.com.key': No such file or directory
Cerificate appears to be intact
/usr/local/cpanel/share/ssl/certs/***.com.crt.test: /C=US/O=***.com/OU=See www.freessl.com/cps (c)02/OU=Domain Control Validated - Organization Not Validated/CN=***.com
error 20 at 0 depth lookup:unable to get local issuer certificate

Restarting SSL Support
Certificate has been installed!




now what the heck does this mean?

Havn't seen that before :stickout:

Try going to the domain with https:// and see if its setup?

page cannot be displayed at https:// and https://www.

This sure seems very strange. Can the site still be accessed via http:// ??

finally!

secure.domain.com worked beautifully the first try. i was doing everything correctly. must have something messed up on the main site in cpanel or something.

special thanks to spiritau for contacting me to help.

yea it was kinda strange eddy2099. seems to work all now. thanks for keeping up with me while i worked this out ;)

i had to move the main site off .30 to put secure. on it for a dedicated ip, so the main site is not accessible at all for a few hours while dns updates.

Hmmm, strange. For the life of me, I cannot understand most of what I am doing on my server but as long as it is still alive, it's good enough for me.