Make automatic reset of Service SSL Certificates Configurable

cPanelMary shared this idea ago

Completed

When you run upcp any service certificate that doesn't have a common name of the server's hostname is replaced by a self-signed cert for the hostname.

There are occasions when the server administrator wants to have different names in use for different services. This means that one or more certificates are need to have a common name that differs from the hostname. The most common form of this being for mail (exim/dovecot/courier). Currently this is being worked around with postupcp scripts that reinstall the proper certificate and/or setting the certificate files immutable.

As a server administrator, I would like this behavior to be configurable. I prefer it to be on the Manage Service SSL Certificates page, but having an option in Tweak Settings is also acceptable.

I like this idea 0

Best Answer

benny@cpanel.net ●

This was resolved as part of cPanel & WHM version 56. You can now run the below command to prevent your certificates from being overwritten:

touch /var/cpanel/ssl/disable_service_certificate_management

Replies (2)

Jason Tyde ●

I was made aware of this feature request after posting about this issue to the Forums here:

https://forums.cpanel.net/threads/self-signed-ssl-certificates-replaced-by-maintenance-script.510931/

I too would like to see it possible to turn off this behavior in order to retain my self-signed certificates rather than working around it with a postupcp script. I like the suggestion to put this option in the 'Manage Service SSL Certificates' function.

Cheers, Jason

URL

benny@cpanel.net ● ●

This was resolved as part of cPanel & WHM version 56. You can now run the below command to prevent your certificates from being overwritten:

touch /var/cpanel/ssl/disable_service_certificate_management

URL