Known Issues

ISSUE: Some custom domains deny access for Let's Encrypt AutoSSL

cPanel has ended support for Sectigo as an AutoSSL Provider and now uses Let's Encrypt. For most customers, this change is seamless. For customers who have custom domains and have configured a Certificate Authority Authorization [CAA] record in DNS that does not include Let's Encrypt, autoSSL will now fail.

Solution: Some custom domains deny access for Let's Encrypt AutoSSL

If you have a CAA record configured in DNS, add letsencrypt.org to the allowed providers. Alternatively, you could remove the record to allow any SSL provider. See the Certifcate Authority Authorization (CAA) on letsencrypt.org for more information.

ISSUE: WordPress Login through shibboleth fails with "opensaml::SecurityPolicyException"

Conditions

• Website is WordPress
• Shibboleth plugin is installed and in use for Authentication
• Website uses a custom domain (does not contain web.illinois.edu)
• Shibboleth plug in is configured to use the web.illinois.edu version of the domain name instead of the custom domain

SOLUTION: WordPress Login through shibboleth fails with "opensaml::SecurityPolicyException"

Log in to your WordPress dashboard using a method other than Shibboleth. You can use a WordPress local account directly, or you can use the pass-through login mechanism provided by Softaculous.

Visit Settings->Shibboleth

Update the Shibboleth Login URL and Shibboleth Logout URL to use your custom domain name:

• https://custom.domain.name/Shibboleth.sso/Login
• https://custom.domain.name/Shibboleth.sso/Logout

ISSUE: After logging in, clicking an account name causes a hang (doesn't load cPanel dashboard)

We have seen 2 cases of this issue so far. In both cases it was caused by filenames with special characters in the web document root. It is possible filenames with special characters elsewhere in the home directory could also cause this problem.

SOLUTION: After logging in, clicking an account name causes a hang (doesn't load cPanel dashboard)

Please open a ticket with our team at https://go.illinois.edu/cpanelhelp with the subject "Known Issue: cPanel Login Hangs." Include your account name in the ticket. If you know how to access your file system through SSH, you can clean up your file names yourself before opening your ticket. If you do so, please tell us that in the ticket so that we know we can skip that step. We will still need to take the step on our end to help cPanel access the account successfully.

ISSUE: SSH: @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @

SSH clients keep track of the identifying information for servers you connect to so that they can alert you if someone tries to intercept and/or redirect your connection. The behavior you experience may differ, depending on what SSH software or client you are using. The following example demonstrates the command line open SSH warnings and resolution. If you are using a different SSH client, read any warning carefully for instructions on handling the warning. If you need help with a specific client, please reach out to us at https://go.illinois.edu/cpanelhelp and we can add instructions for your client to this page.

#ssh <accountname>@web.illinois.edu

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ED25519 key sent by the remote host is
SHA256:q5O9zlSSwTkkBB1I8UaXTs9t2SNcRRwm9/vYgjgx3FY.
Please contact your system administrator.
Add correct host key in /home/<username>/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/<username>/.ssh/known_hosts:10
  remove with:
  ssh-keygen -f "/home/<username>/.ssh/known_hosts" -R "web.illinois.edu"
Host key for web.illinois.edu has changed and you have requested strict checking.
Host key verification failed.

Note that the error message includes the key fingerprint to help you verify authenticity. Depending on your own settings and software, you may see a different fingerprint than what is listed in the message above. The following are all valid fingerprints for web.illinois.edu:

256 SHA256:gfqhPCp5HNawgbe0FJQbJInukinDoUcipOPmGnl3Vpo no comment (ECDSA)
256 SHA256:q5O9zlSSwTkkBB1I8UaXTs9t2SNcRRwm9/vYgjgx3FY no comment (ED25519)
2048 SHA256:uX94qXnOErvuQBU+cSlPmxCzoz6JAtFIFKewz67UQLg no comment (RSA)

Solution: SSH: @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @

This easiest way to resolve this is to simply remove the offending key. The instructions should be given in the warning message. In the case of command line openSSH:

ssh-keygen -f "/home/<accountname>/.ssh/known_hosts" -R "web.illinois.edu"

Once you have done that, your next SSH attempt will provide the following prompt:

The authenticity of host 'web.illinois.edu (18.220.149.166)' can't be established.
ED25519 key fingerprint is SHA256:q5O9zlSSwTkkBB1I8UaXTs9t2SNcRRwm9/vYgjgx3FY.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])?

You can type "yes" to continue connecting. This will connect you to web.illinois.edu and add the key to your known_hosts file.

Testing Suggestions

1. Log in to cPanel and verify that your accounts are available
2. Visit your website and verify that it displays correctly
3. Log in to your website backend (if applicable) and verify that you can access any dashboard or admin features
4. Test creating new pages
5. Test editing existing pages

General Troubleshooting Steps for Websites

1. Reset the PHP Version
2. Check your log in <documentroot>/error_log, or other directories that contain web applications such as public_html/wp-admin for WordPress users.
3. Clear your browser cache
4. Log out and log back in