This document outlines some common SSL-related issues and how you can troubleshoot and resolve them. For more information about SSL, read our Guide to SSL documentation.
The following sections describe some common certificate installation issues and how to fix them:
If you receive the
modulus mismatch or
key file does not match the certificate error messages, the private key that you entered did not generate the certificate that you wished to install. The correct private key may exist in a different file.
WHM may automatically complete the Private Key text box when you attempt to install a certificate. To properly install the certificate, paste the private key in the Private Key text box in WHM's Install an SSL Certificate on a Domain interface (WHM >> Home >> SSL/TLS >> Install an SSL Certificate on a Domain).
Dedicated IP addresses
Without Server Name Indication (SNI) enabled, SSL only allows one certificate per IP address. Because each cPanel account uses a single IP address, you can only assign one certificate per account. If you experience problems with a subdomain, assign a dedicated IP address to it, or enable SNI on the server.
The following sections describe some common post-installation warnings and how to fix them:
Certificate mismatch warnings
Your web host likely uses a self-signed certificate, or a signed certificate that does not match your domain name. This warning exists to notify you that the name on the certificate does not match the name of the domain that you wish to visit.
Ensure that the SSL certificate matches a domain that belongs to your web host before you proceed, and contact your hosting provider with any additional security concerns.
Domain mismatch warnings
If your visitors see a warning about a domain mismatch, your SSL certificate likely does not match your domain name.
Domain mismatches are unlikely to be a security issue when you log in to your cPanel account. You can contact your hosting provider for any additional security concerns.
Most browsers do not trust self-signed certificates because the certificate only encrypts data and does not verify identity. Because of this, most browsers will display a warning about the self-signed certificate to your visitors.
If you do not want visitors to encounter this warning, purchase an SSL certificate from an SSL provider. However, when you purchase an SSL certificate, do not remove the installed self-signed certificate. Instead, purchase and install the additional certificate in WHM's Install an SSL Certificate on a Domain interface (WHM >> Home >> SSL/TLS >> Install an SSL Certificate on a Domain).
The following sections describe other common SSL-related issues and how to fix them:
Visitors cannot access other sites on a shared certificate
If multiple sites share an IP address but only one has an installed SSL certificate, visitors to other domains on the server may experience problems. Apache cannot serve unsecured websites through a secure protocol.
If you enter
https:// before a domain name, the browser uses the secure
HTTPS protocol. If you enter
http:// before a domain name, the browser uses the not secure
For example, your server could use the following setup:
|IP address||Domain||SSL status|
If this configuration resembles your shared IP address’ domain structure, expect the following behavior:
|Protocol||IP address or domain||Apache will serve:|
|The default page redirect or |
An error message.
Because Apache cannot serve an unsecured website with a secure protocol and no secure sites exist on the shared I P address, Apache serves an error message.
Because Apache cannot serve an unsecured site with a secure protocol, Apache defaults to the secure website on the shared IP address.
To allow visitors to visit an unsecured domain regardless of which type of protocol they enter, perform the following steps:
- Navigate to WHM's Install an SSL Certificate on a Domain interface (WHM >> Home >> SSL/TLS >> Install an SSL Certificate on a Domain).
- Click Browse Certificates.
- In the Browse Account menu, select
- In the Certificate list, select the option for the server's hostname certificate.
- Click Use Certificate.
- In the IP Address (non-user domains only) menu, select the server's shared IP address.
- Click Install.
- Navigate to WHM's Manage SSL Hosts interface (WHM >> Home >> SSL/TLS >> Manage SSL Hosts).
- In the Installed SSL Hosts table, click Make Primary in the appropriate row for the server's hostname.
- Navigate to WHM's Include Editor interface (WHM >> Home >> Service Configuration >> Apache Configuration >> Include Editor):
Select the Pre Virtual Host Include option.
Select the Apache version from the menu. We recommend that you select All Versions.
Enter the following text in the available text box:
- Click Update.
This example uses the following values:
IPADDRESSrepresents your server's IP address.
HOSTNAMErepresents your server's hostname.
SSLCERTIFICATEFILErepresents the full file path to your SSL certificate.
SSLCERTIFICATEKEYFILErepresents the full file path to your SSL certificate's key.
If you have suffered a serious drive failure and you do not use Trustwave authentication, you may lose some or all of your SSL data.
If you are able to access the old drive, the system stores your authentication data in the