The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

AutoSSL and litespeed

Discussion in 'Security' started by 4u123, May 12, 2017.

  1. 4u123

    4u123 Well-Known Member
    PartnerNOC

    Joined:
    Jan 2, 2006
    Messages:
    788
    Likes Received:
    6
    Trophy Points:
    168
    Today a client complained that his AutoSSL certificate wasn't renewed. I checked and it ran out yesterday.

    I checked the log and it said...

    The website “X”, owned by “X”, has a faulty SSL certificate (OPENSSL_VERIFY:0:10:CERT_HAS_EXPIRED NOT_ALL_DOMAINS ALMOST_EXPIRED AUTOSSL_READY_FOR_RENEWAL). AutoSSL will attempt to replace this certificate.

    That doesn't really help much.

    Checked the "orange" entries in the log and can see lots of entries like this...
    Code:
    WARN The domain “cpanel.X” failed domain control validation: The system queried for a temporary file at “<a href="http://cpanel.X/2B81D6EE1D439117E53C4F5B713A7F01.txt">http://cpanel.X/2B81D6EE1D439117E53C4F5B713A7F01.txt</a>”, but the web server responded with the following error: 404 (Not Found).
    
    However, I think these are normal. There were no entries for the addon domain listed either by the actual domain itself or as a subdomain of the primary.

    I checked his htaccess files and he did have a small number of redirects - but none of them were modified with any cpanel additions. Client says he hasn't modified anything.

    I removed the certificate and disabled AutoSSL on his account - then enabled it again. I see the message in the log...

    The website “sub.x”, owned by “X”, has no SSL certificate. AutoSSL will attempt to obtain a new certificate and install it - however when I look in the "pending" queue - there is nothing in there and it's been over 30 minutes and nothing has happened.

    The biggest problem here is that the client has set their site to always use SSL and so the site has now been down for close to an hour - which is totally unacceptable to them and will almost certainly result in us losing their business. They are obsessed with their site being available at all times.

    My conclusion here is that the AutoSSL process does not seem to work correctly with litespeed. We have lots of other servers that are not running litespeed and so far we've had no complaints about the AutoSSL process there.

    Can anyone confirm they are having the same or similar problem with litespeed and AutoSSL?

    Update: it looks to me as though the initial installation of these certs via AutoSSL worked fine but none of them are being renewed and there are no errors other than the vague one I pasted at the top of this thread. After over two hours, none of the certificates in this clients account that I removed and then re-enabled AutoSSL for have been installed, so I was forced to purchase a commercial certificate for this client. I've looked around but can't find any other problems reported with autossl and litespeed.
     
    #1 4u123, May 12, 2017
    Last edited: May 12, 2017
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,064
    Likes Received:
    1,287
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
  3. 4u123

    4u123 Well-Known Member
    PartnerNOC

    Joined:
    Jan 2, 2006
    Messages:
    788
    Likes Received:
    6
    Trophy Points:
    168
    It can't be related. AutoSSL should have renewed these certs 15 days before they were due to expire. They expired yesterday. It's possible that since I deleted them and re-enabled AutoSSL for this client today, the subsequent failure of the certs being installed may have been affected by the Comodo issue - but that would not be the root cause of this problem.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,064
    Likes Received:
    1,287
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Could you open a support ticket using the link in my signature so we can take a closer look and see why the AutoSSL certificate renewals failed to complete the domain validation process?

    Thank you.
     
Loading...

Share This Page