When it comes to making HTTPS available for everyone, the Let’s Encrypt project is great; however, if you’re running a shared host and you have an add-on domain, then there may be a problem with trying to install certificates for each of the sites.

Fortunately, many cPanel installations have an option for installing certificates by Let’s Encrypt.

A Problem Installing the Certificate With Let's Encrypt

But what happens when you try to install a certificate, and you see the following error message?

There was a problem installing the certificate. Please contact support for more information.

Depending on your set up, you may never see this message. But if you’re working within a shared hosting environment or you’re trying to configure a certificate for a set up with an add-on domain, then there’s a specific way to resolve this.

A Problem Installing the Certificate

If you’re used to basic server administration, then installing a certificate from Let’s Encrypt via the command-line isn’t terribly difficult.

If on the other hand, you’re inheriting a site, set up, or configuration where you have to work with cPanel and a shared host, then it may be faster (and easier) to use an option within cPanel itself.

The Problem

Whatever the case, seeing a generic error message can be frustrating. In my experience, I’ve only seen this happen once, and it was under a very specific set of circumstances.

  1. Migrate a Site. This is usually the easiest part especially if the site doesn’t even need migrating (perhaps it’s already installed). This would also include pointing the DNS records to the new host and waiting for propagation to complete.
  2. Issue a Certificate. Use the cPanel option for installing and issuing the new certificate. This usually takes less than a minute and receive a success message.
  3. Create an Add-On Domain. At this point, you’re ready to migrate a new site as an add-on of the existing account. You create the add-on domain, migrate the file, update the DNS records, and wait for propagation to complete.
  4. Issue a Certificate. Once the previous step is done, you attempt to issue the certificate just like in the second step but it doesn’t work, and you’re presented with an error message.

So what gives?

The Fix

In my case, it had to do with a conflict of the .htaccess file that exists within the primary domain (or the .htaccess file in the root of the account) that was causing a conflict.

The fix is just as easy as installing the certificate itself:

  1. Temporarily rename .htaccess in the root of the primary domain.
  2. Issue the certificate for the add-on domain via cPanel.
  3. Restore the original .htaccess file in the root of the primary domain.

And that should take care of the problem. If you attempt to do this before DNS propagation has completed, then you may be presented with a different.

Assuming that you find yourself in the above position with an add-on domain and the inability to install the certificate, then following the steps above should resolve the problem.

Category:
Articles
Tags:

Join the conversation! 3 Comments

  1. That’s a short term fix, the issue will continue to present itself every renewal. Here’s a better long term htaccess fix.

    https://twitter.com/scottkclark/status/725716020585885697

  2. Can also get this error “Too many invalid authorizations recently.”

    Pretty self explanatory, but why? Probably something like using Cloudflare and you’ve enabled cloudflare SSL (the orange icon) BEFORE getting the SSL – so when lets encrypt tries to connect it gets confused.

    Best to do it before. I assume it will timeout by the morning :-)

    This I think is what it is : “We recently (April 2017) introduced a Failed Validation limit of 5 failures per account, per hostname, per hour. This limit will be higher on staging so you can use staging to debug connectivity problems.”

    Where did I find this gem of information? in my /.letsencrypt/logs folder in the root of my website.

    I think the cause was not waiting long enough for DNS propagation – so on the lets encrypt end they were getting old and new DNS (I changed nameservers)

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.