SOLVED AutoSSL can't verify/install certs

[Pat Friedl]

Hi all,
Ok, I'm new to autossl and not much of a server admin so hopefully I can get some help on this.

I originally set up a Let's Encrypt cert own a domain example.com and store.example.com using this method I found here: [How-To] Installing SSL from Let's Encrypt

A couple months later, my hosting provider did update my WHM to the latest version that supports autoSSL, so I immediately set that up to run on my accounts.

However, LetsEncrypt has been unable to verify or install certs on all my sites. the .well-known directories get created, but no certs are installed.

Furthermore, when I browse to any of the sites via https, I always get a security warning that the cert is only valid for

example.com  www.example.com

The logs show that it's attempting to add the certs, and I'm getting 404 and permission denied errors. Even trying to reapply the cert for example.com I'm getting this error:

 5:51:21 PM WARN (XID ss7su3) The system failed to create the directory “/home/MYUSERNAME/public_html/example.com/.well-known/acme-challenge” because of an error: Permission denied

My host is telling me it's a purely htaccess permission problem, but I doubt it. I REALLY need to ensure HTTPS on some sites but I'm unable to get this going. Any help would be greatly appreciated. Thanks!

PS - Let's Encrypt is also trying to install certs on the subdomains of the addon domains like addon-domain.cpanel-domain.com - is there any way to keep that from happening?

 

[Jcats]

It is possible its a .htaccess issue, but what you can do is just remove that directory all together, then rerun AutoSSL to see if it errors again.

rm -rf  /home/MYUSERNAME/public_html/example.com/.well-known

If the problem persists, then yeah its most likely .htaccess but cPanel has added checks that will modify the .htaccess to allow the authentication to happen which is why its most likely a ownership/permissions issue with the directory itself.

 

[cPanelMichael]

5:51:21 PM WARN (XID ss7su3) The system failed to create the directory “/home/MYUSERNAME/public_html/example.com/.well-known/acme-challenge” because of an error: Permission denied

Hello,

Check the ownership values on the .well-known and acme-challenge directories to ensure they are no owned by the root user. Or, move them out of the way by renaming the directories and verify if the AutoSSL validation process continues to fail.

Regarding your other question, it's not possible to exclude specific domain names under an account from automatic SSL certificate issuance, but you can vote and add feedback to the existing feature request for this at:

AutoSSL: Prevent specific domains from being issued free SSL certificates

Thank you.

 

[Pat Friedl]

Thanks for the help! I'm not sure why I didn't get a notice that you guys responded, but I'll be testing this.

Here's another wrinkle...

I've got a couple other cPanel accounts no this VPS, and autoSSL is working fine for them. This makes me think that since I previously installed the cert for store.example.com before getting autoSSL capabilities on the WHM account, that the manually installed cert is somehow corrupting the process on this particular cPanel account.

First - is that possible, and second - how would I go about rectifying that with a clean uninstall of certs/keys/etc on that domain?

 

[Pat Friedl]

Ok, I removed all .well-known directories on the account and re-ran AutoSSL - that seems to have fixed it!

 

[cPanelMichael]

New Ok, I removed all .well-known directories on the account and re-ran AutoSSL - that seems to have fixed it!

I'm happy to see the issue is now resolved. Thank you for updating us with the outcome.