Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Auto SSL does not renew for root, Manage AutoSSL blank

Discussion in 'Security' started by Brent Glaser, Apr 16, 2018.

Tags:
  1. Brent Glaser

    Brent Glaser Member

    Joined:
    Feb 20, 2018
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Canada
    cPanel Access Level:
    Reseller Owner
    Normally the domains have been auto renewing SSL, domain.com and www.domain.com renewed successfully but the server.mydomain.com for root access did not renew. When I log into Cpanel WHM Manage AutoSSL there is just a blank page. Version 70.0.26.
     
  2. cPanelLauren

    cPanelLauren Forums Analyst
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    1,855
    Likes Received:
    135
    Trophy Points:
    118
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hello,


    server.mydomain.com sounds like it's the hostname of the server. When you go to WHM>>Service Configuration>>Manage Service SSL certificates do you see a valid certificate installed? If you do not, via CLI can you run the following and provide any errors you receive?

    Code:
    /usr/local/cpanel/bin/checkallsslcerts --verbose

    Thank you,
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. Brent Glaser

    Brent Glaser Member

    Joined:
    Feb 20, 2018
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Canada
    cPanel Access Level:
    Reseller Owner

    The certificate shows as expired a week ago. CLI gives me a error:
    unknown command "/usr/local/cpanel/bin/checkallsslcerts"
     
  4. cPanelLauren

    cPanelLauren Forums Analyst
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    1,855
    Likes Received:
    135
    Trophy Points:
    118
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    When running /usr/local/cpanel/bin/checkallsslcerts Are you doing so as the root user or another user? This needs to be run as root.


    Thank you,
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. Brent Glaser

    Brent Glaser Member

    Joined:
    Feb 20, 2018
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Canada
    cPanel Access Level:
    Reseller Owner
    Sorry was issue on the CLI.

    Here is results
    login as: root
    root@server.###.net's password:
    Last login: Tue Mar 6 06:56:45 2018 from IPREMOVED
    root@server [~]# /usr/local/cpanel/bin/checkallsslcerts --verbose
    The system will check for the certificate for the “cpanel” service.
    The system will attempt to replace the self-signed certificate for the “cpanel” service with a signed certificate from the cPanel Store.
    The system will attempt to install a certificate for the “cpanel” service from t he system ssl storage.
    None of the certificates in the system ssl storage were acceptable to use for th e “cpanel” service.
    The system will attempt to install a certificate for the “cpanel” service from t he cPanel store.
    [WARN] The system failed to acquire a signed certificate from the cPanel Store b ecause of the following error: (XID nh5rhv) The system queried for a temporary f ile at “http://server.###.net/.well-known/pki-validation/0FEBD4B03994908C60 4CDF2452810441.txt”, but the web server responded with the following error: 404 (Not Found). A DNS (Domain Name System) or web server misconfiguration may exist .
    The system will check for the certificate for the “dovecot” service.
    The system will attempt to replace the self-signed certificate for the “dovecot” service with a signed certificate from the cPanel Store.
    The system will attempt to install a certificate for the “dovecot” service from the system ssl storage.
    None of the certificates in the system ssl storage were acceptable to use for th e “dovecot” service.
    The system will check for the certificate for the “exim” service.
    The system will attempt to replace the self-signed certificate for the “exim” se rvice with a signed certificate from the cPanel Store.
    The system will attempt to install a certificate for the “exim” service from the system ssl storage.
    None of the certificates in the system ssl storage were acceptable to use for th e “exim” service.
    The system will check for the certificate for the “ftp” service.
    The system will attempt to replace the self-signed certificate for the “ftp” ser vice with a signed certificate from the cPanel Store.
    The system will attempt to install a certificate for the “ftp” service from the system ssl storage.
    None of the certificates in the system ssl storage were acceptable to use for th e “ftp” service.
     
  6. cPanelLauren

    cPanelLauren Forums Analyst
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    1,855
    Likes Received:
    135
    Trophy Points:
    118
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    The error message here:

    Is the important part. This indicates that there is an issue with the hostname which is preventing the process from being able to retrieve the hash file from the listed URL.

    Does the domain point to the server? You can ensure this by running a command like dig on the CLI:

    Code:
    dig a server.domain.com
    Furthermore, if the domain does point to the server successfully do you have any apache includes which have customizations?


    Thank you,
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. Brent Glaser

    Brent Glaser Member

    Joined:
    Feb 20, 2018
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Canada
    cPanel Access Level:
    Reseller Owner

    root@server [~]# dig a server.example.com

    ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.5 <<>> a server.example.com
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43846
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

    ;; QUESTION SECTION:
    ;server.removed.net. IN A

    ;; ANSWER SECTION:
    server.examlel.com. 4325 IN A IPREMOVED

    ;; Query time: 38 msec
    ;; SERVER: 8.8.8.8#53(8.8.8.8)
    ;; WHEN: Mon Apr 16 12:27:59 2018
    ;; MSG SIZE rcvd: 53

    Only started to see any issues when the server CPANEL was updated to latest version, and was also having issues with backups but was able to resolve. If I run the /usr/local/cpanel/bin/autossl_check --all command it checks all my domains as good, including www.example.com but does not check server.example.com
     
    #7 Brent Glaser, Apr 16, 2018
    Last edited by a moderator: Apr 16, 2018
  8. cPanelLauren

    cPanelLauren Forums Analyst
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    1,855
    Likes Received:
    135
    Trophy Points:
    118
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    ***Please note that I removed the actual IP and hostname for the server from the thread.

    The AutoSSL process and the Hostname SSL process are different.

    Was the IP that was returned the correct IP address for the hostname? If it is correct is that IP by chance assigned to a domain as a dedicated IP address (i.e. not the primary IP of the server)


    Thank you,
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. Brent Glaser

    Brent Glaser Member

    Joined:
    Feb 20, 2018
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Canada
    cPanel Access Level:
    Reseller Owner
    Thank you it looks like you are on to something. The main ip was pointing to a domain on the server but other than the server's main ip. I have changed this and will update you shortly.
     
  10. cPanelLauren

    cPanelLauren Forums Analyst
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    1,855
    Likes Received:
    135
    Trophy Points:
    118
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hello,

    Thank you for the update please do let us know the outcome.


    Thank you,
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  11. Brent Glaser

    Brent Glaser Member

    Joined:
    Feb 20, 2018
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Canada
    cPanel Access Level:
    Reseller Owner
    I changed the IP address to point correctly, dns seems to resolve now. Rebooted Server. Still same error
    'file not found' when I run the command you specified. AutoSSL update does perform on all users except Root.
     
  12. cPanelLauren

    cPanelLauren Forums Analyst
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    1,855
    Likes Received:
    135
    Trophy Points:
    118
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Please feel free to open a ticket using the link in my signature so that we can take a closer look. Once open please reply with the ticket ID so we can update this thread with the outcome.


    Thank you,
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  13. Brent Glaser

    Brent Glaser Member

    Joined:
    Feb 20, 2018
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Canada
    cPanel Access Level:
    Reseller Owner
    So I ran update again as you requested, and a different response. It must have taken a few minutes but it looks like it has resolved properly and updated the certificate.
    Thank you so much for your help!!
     
  14. cPanelLauren

    cPanelLauren Forums Analyst
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    1,855
    Likes Received:
    135
    Trophy Points:
    118
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hello,


    That's great news, I'm happy to hear that you were able to resolve the issue. Thank you for providing the outcome as well!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice