SOLVED Your free cPanel-signed hostname SSL certificate (DNSONLY)

[Wallu]

Hi all!

A bit confused here, but if this is somehow true, I'm glad

Just received two emails (with certs), one for each NS saying:

---
(topic) Your free cPanel-signed hostname SSL certificate for ns3.xxxxxxx.xx is available

Your system upgrade to cPanel & WHM includes a free SSL certificate for your server's hostname. This email confirms that the system will soon automatically download and install your free SSL certificate.
---

Now, both of these servers are DNSONLY, which means there is no Apache, no /var/www/html/ or /usr/local/apache/htdocs/ ...and I have port 80 closed.

My question is: should I open port 80 (even though everything gets denied there because no webserver), or how does this work?

Thanks,

- Wallu

 

[cPanelLauren]

Hello,

We install the certificate for cPanel/WHM services specifically(cpsrvd in this instance primarily). While it can be installed for apache you wouldn't need to install this for DNSOnly because there's no webserver and you wouldn't need to open those ports.

 

[Wallu]

Hi Lauren, thanks for replying.

Actually, after your reply, I checked one of my NS, and I can see that there is a cert from cPanel. Even though it's "just" a DNSONLY server, it's good to have real cert for port 2087. Better than self-signed. Awesome.

The reason I was not seeing this before, is that my browser (Chrome) is still saying that it's not secure, although the cert is valid. Not sure why.

EDIT: while writing this: I logged out, closed the tab and refreshed the page on a new tab, all is good now. No more "Not secure".

Sorry about the confusion, all is good now.

Thanks!

- Wallu

 

[cPanelLauren]

Really glad to hear that it's all working as expected for you! Thank you for following up