The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SOLVED AutoSSL can't verify/install certs

Discussion in 'Security' started by Pat Friedl, Feb 19, 2017.

  1. Pat Friedl

    Pat Friedl Registered

    Joined:
    Feb 19, 2017
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Kansas City
    cPanel Access Level:
    Website Owner
    Hi all,
    Ok, I'm new to autossl and not much of a server admin so hopefully I can get some help on this.

    I originally set up a Let's Encrypt cert own a domain example.com and store.example.com using this method I found here: [How-To] Installing SSL from Let's Encrypt

    A couple months later, my hosting provider did update my WHM to the latest version that supports autoSSL, so I immediately set that up to run on my accounts.

    However, LetsEncrypt has been unable to verify or install certs on all my sites. the .well-known directories get created, but no certs are installed.

    Furthermore, when I browse to any of the sites via https, I always get a security warning that the cert is only valid for
    Code:
    example.com  www.example.com
    The logs show that it's attempting to add the certs, and I'm getting 404 and permission denied errors. Even trying to reapply the cert for example.com I'm getting this error:
    Code:
     5:51:21 PM WARN (XID ss7su3) The system failed to create the directory “/home/MYUSERNAME/public_html/example.com/.well-known/acme-challenge” because of an error: Permission denied
    
    My host is telling me it's a purely htaccess permission problem, but I doubt it. I REALLY need to ensure HTTPS on some sites but I'm unable to get this going. Any help would be greatly appreciated. Thanks!

    PS - Let's Encrypt is also trying to install certs on the subdomains of the addon domains like addon-domain.cpanel-domain.com - is there any way to keep that from happening?
     
    #1 Pat Friedl, Feb 19, 2017
    Last edited by a moderator: Feb 25, 2017
  2. Jcats

    Jcats Well-Known Member

    Joined:
    May 25, 2011
    Messages:
    588
    Likes Received:
    88
    Trophy Points:
    153
    Location:
    New Jersey
    cPanel Access Level:
    DataCenter Provider
    It is possible its a .htaccess issue, but what you can do is just remove that directory all together, then rerun AutoSSL to see if it errors again.

    Code:
    rm -rf  /home/MYUSERNAME/public_html/example.com/.well-known
    If the problem persists, then yeah its most likely .htaccess but cPanel has added checks that will modify the .htaccess to allow the authentication to happen which is why its most likely a ownership/permissions issue with the directory itself.
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,184
    Likes Received:
    1,295
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Check the ownership values on the .well-known and acme-challenge directories to ensure they are no owned by the root user. Or, move them out of the way by renaming the directories and verify if the AutoSSL validation process continues to fail.

    Regarding your other question, it's not possible to exclude specific domain names under an account from automatic SSL certificate issuance, but you can vote and add feedback to the existing feature request for this at:

    AutoSSL: Prevent specific domains from being issued free SSL certificates

    Thank you.
     
  4. Pat Friedl

    Pat Friedl Registered

    Joined:
    Feb 19, 2017
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Kansas City
    cPanel Access Level:
    Website Owner
    Thanks for the help! I'm not sure why I didn't get a notice that you guys responded, but I'll be testing this.

    Here's another wrinkle...

    I've got a couple other cPanel accounts no this VPS, and autoSSL is working fine for them. This makes me think that since I previously installed the cert for store.example.com before getting autoSSL capabilities on the WHM account, that the manually installed cert is somehow corrupting the process on this particular cPanel account.

    First - is that possible, and second - how would I go about rectifying that with a clean uninstall of certs/keys/etc on that domain?
     
    #4 Pat Friedl, Feb 25, 2017
    Last edited by a moderator: Feb 25, 2017
  5. Pat Friedl

    Pat Friedl Registered

    Joined:
    Feb 19, 2017
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Kansas City
    cPanel Access Level:
    Website Owner
    Ok, I removed all .well-known directories on the account and re-ran AutoSSL - that seems to have fixed it!
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,184
    Likes Received:
    1,295
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    I'm happy to see the issue is now resolved. Thank you for updating us with the outcome.
     
Loading...

Share This Page