The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

3rd party certificate and AutoSSL issue

Discussion in 'Security' started by ebizindia, Sep 20, 2016.

  1. ebizindia

    ebizindia Well-Known Member

    Joined:
    Oct 13, 2005
    Messages:
    72
    Likes Received:
    2
    Trophy Points:
    8
    Location:
    Kolkata, India
    cPanel Access Level:
    Root Administrator
    The AutoSSL system seems to be broken when there is a certificate from 3rd party and Cpanel needs to replace these.

    Here is what happened:

    I had a 3rd party certificate on a domain example.com. I verified with the logs that CPANEL could notice that the certificate is expiring within 3 days. It also verified that the special file it needs to validate the domain is there. However, it did not get and install a new certificate. After the certificate expired, it tried to fetch the verification file again with a HTTP URL which got redirected to HTTPS and since SSL certificate had expired, it failed the verification and sat idle.

    I believe that the certificate should have been fetched and replaced much earlier.

    Here is the log entry that shows this:
    Code:
     10:02:15 PM Checking websites for “fusion” …
    10:02:15 PM The website “example.com”, owned by “fusion”, has a faulty SSL certificate (ALMOST_EXPIRED).
    10:02:15 PM The system will attempt to renew SSL certificates for the following websites:
    10:02:15 PM example.com (example.com www.example.com)
    10:02:15 PM The system has completed the AutoSSL check for “fusion”.
    After the license was expired:
    Code:
    10:04:35 PM The website “example.com”, owned by “fusion”, has a faulty SSL certificate (OPENSSL_VERIFY:0:10:CERT_HAS_EXPIRED ALMOST_EXPIRED).
    10:04:35 PM WARN The domain “example.com” has failed domain control validation (The system failed to fetch the <abbr title="Domain Control Validation">DCV</abbr> file at “<a href="http://example.com/2159.BIN_AUTOSSL_CHECK_PL__.SPRZsLRKS0Sv8DcY.tmp">http://example.com/2159.BIN_AUTOSSL_CHECK_PL__.SPRZsLRKS0Sv8DcY.tmp</a>” because of an error: The system failed to send an <abbr title="Hypertext Transfer Protocol">HTTP</abbr> “GET” request to “http://example.com/2159.BIN_AUTOSSL_CHECK_PL__.SPRZsLRKS0Sv8DcY.tmp” because of an error: SSL connection failed for www.example.com: SSL connect attempt failed error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed .). at bin/autossl_check.pl line 449.
    10:04:35 PM WARN The domain “www.example.com” has failed domain control validation (The system failed to fetch the <abbr title="Domain Control Validation">DCV</abbr> file at “<a href="http://www.example.com/2159.BIN_AUTOSSL_CHECK_PL__.UfYFu8m5yQw3MmAG.tmp">http://www.example.com/2159.BIN_AUTOSSL_CHECK_PL__.UfYFu8m5yQw3MmAG.tmp</a>” because of an error: The system failed to send an <abbr title="Hypertext Transfer Protocol">HTTP</abbr> “GET” request to “http://www.example.com/2159.BIN_AUTOSSL_CHECK_PL__.UfYFu8m5yQw3MmAG.tmp” because of an error: SSL connection failed for www.example.com: SSL connect attempt failed error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed .). at bin/autossl_check.pl line 449.
     
    #1 ebizindia, Sep 20, 2016
    Last edited by a moderator: Sep 20, 2016
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    Could you open a support ticket using the link in my signature so we can review your system to determine exactly what happened? You can post the ticket number here and we will update this thread with the outcome.

    Thank you.
     
Loading...
Similar Threads - 3rd party certificate
  1. glenn0
    Replies:
    4
    Views:
    336

Share This Page