When running cPanel Update (upcp) on a web host with cPanel control panel, either by schedule or manually, the following four (or any of them) emails that specifies SSL certs will expire soon may be sent by cPanel WHM (WebHosting Manager).

Certificate for cpanel on hostname.domain.com will expire in less then 30 days. You should install a new certifcate as soon as possible. You can install a new certificate in WHM under “Manager Service SSL Certificates”, or by clicking this link: https://hostname.domain.com:2087/scripts2/manageservicecrts

Certificate for courier-imapd on hostname.domain.com will expire in less then 30 days. You should install a new certifcate as soon as possible. You can install a new certificate in WHM under “Manager Service SSL Certificates”, or by clicking this link: https://hostname.domain.com:2087/scripts2/manageservicecrts

Certificate for exim on hostname.domain.com will expire in less then 30 days. You should install a new certifcate as soon as possible. You can install a new certificate in WHM under “Manager Service SSL Certificates”, or by clicking this link: https://hostname.domain.com:2087/scripts2/manageservicecrts

Certificate for courier-pop3d on hostname.domain.com will expire in less then 30 days. You should install a new certifcate as soon as possible. You can install a new certificate in WHM under “Manager Service SSL Certificates”, or by clicking this link: https://hostname.domain.com:2087/scripts2/manageservicecrts

When webmaster or administrator clicks on the link to go to Manage Service SSL Certificates interface in WHM, some of the services (Exim (SMTP) Server, Courier (POP3) Mail Server, cPanel/WHM/Webmail Service, Courier (IMAP) Mail Server, and Ftp Server) current certificates “Not After” date value is highlighted in red.

SSL Digital Certificate Expires in cPanel

The following information is available, together with “Install New Certificate” or “Reset Certificate”

Issuer: C=US, ST=Unknown, L=Unknown, O=Unknown, OU=Unknown, CN=host.mydigitallife.info/emailAddress=ssl@host.mydigitallife.info
Not Before: Aug 4 18:29:02 2007 GMT
Not After: Aug 3 18:29:02 2008 GMT
Subject: C=US, ST=Unknown, L=Unknown, O=Unknown, OU=Unknown, CN=host.mydigitallife.info/emailAddress=ssl@host.mydigitallife.info
Self Signed: YES

The email reminder is a new feature in cPanel to remind web server administrator when the SSL digital certificates are about to expire, starting from 30 days before expiry date. So, the email is just an alert, and does not implies that there is error or problem on the web host.

Upon expiration, cPanel/WHM will replace the SSL certificate with a self-signed certificate automatically. For system that are currently using a self-signed certificate, the automatic renewal process with self-signed certificate does not cause any difference upon the expiration of the existing self-signed certificate.

Thus, webmasters who can live with the daily email notices about the expiring certificates can ignore the notification message altogether. However, if you want to stop and e-mail messages from been sending again, and fix the SSL certificate expiring notification, then manually renew and replace the certificate with a new self-signed cert.

Generate New Self-Signed SSL Certificate

To create a new self-signed certificate in cPanel, log into WHM as the root user and go to Manage Service SSL Certificates link under Service Configuration section. Click on the Reset Certificate link for each service that is about to expire. Then click on Generate a New Certificate and WHM will regenerate the SSL cert for that cPanel service with new expiry date, which is typically one year away.