SOLVED AutoSSL can't verify/install certs

Pat Friedl

Registered
Feb 19, 2017
3
0
1
Kansas City
cPanel Access Level
Website Owner
Hi all,
Ok, I'm new to autossl and not much of a server admin so hopefully I can get some help on this.

I originally set up a Let's Encrypt cert own a domain example.com and store.example.com using this method I found here: [How-To] Installing SSL from Let's Encrypt

A couple months later, my hosting provider did update my WHM to the latest version that supports autoSSL, so I immediately set that up to run on my accounts.

However, LetsEncrypt has been unable to verify or install certs on all my sites. the .well-known directories get created, but no certs are installed.

Furthermore, when I browse to any of the sites via https, I always get a security warning that the cert is only valid for
Code:
example.com  www.example.com
The logs show that it's attempting to add the certs, and I'm getting 404 and permission denied errors. Even trying to reapply the cert for example.com I'm getting this error:
Code:
 5:51:21 PM WARN (XID ss7su3) The system failed to create the directory “/home/MYUSERNAME/public_html/example.com/.well-known/acme-challenge” because of an error: Permission denied
My host is telling me it's a purely htaccess permission problem, but I doubt it. I REALLY need to ensure HTTPS on some sites but I'm unable to get this going. Any help would be greatly appreciated. Thanks!

PS - Let's Encrypt is also trying to install certs on the subdomains of the addon domains like addon-domain.cpanel-domain.com - is there any way to keep that from happening?
 
Last edited by a moderator:

Jcats

Well-Known Member
PartnerNOC
May 25, 2011
806
156
168
New Jersey
cPanel Access Level
DataCenter Provider
It is possible its a .htaccess issue, but what you can do is just remove that directory all together, then rerun AutoSSL to see if it errors again.

Code:
rm -rf  /home/MYUSERNAME/public_html/example.com/.well-known
If the problem persists, then yeah its most likely .htaccess but cPanel has added checks that will modify the .htaccess to allow the authentication to happen which is why its most likely a ownership/permissions issue with the directory itself.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,910
2,215
363
5:51:21 PM WARN (XID ss7su3) The system failed to create the directory “/home/MYUSERNAME/public_html/example.com/.well-known/acme-challenge” because of an error: Permission denied
Hello,

Check the ownership values on the .well-known and acme-challenge directories to ensure they are no owned by the root user. Or, move them out of the way by renaming the directories and verify if the AutoSSL validation process continues to fail.

Regarding your other question, it's not possible to exclude specific domain names under an account from automatic SSL certificate issuance, but you can vote and add feedback to the existing feature request for this at:

AutoSSL: Prevent specific domains from being issued free SSL certificates

Thank you.
 

Pat Friedl

Registered
Feb 19, 2017
3
0
1
Kansas City
cPanel Access Level
Website Owner
Thanks for the help! I'm not sure why I didn't get a notice that you guys responded, but I'll be testing this.

Here's another wrinkle...

I've got a couple other cPanel accounts no this VPS, and autoSSL is working fine for them. This makes me think that since I previously installed the cert for store.example.com before getting autoSSL capabilities on the WHM account, that the manually installed cert is somehow corrupting the process on this particular cPanel account.

First - is that possible, and second - how would I go about rectifying that with a clean uninstall of certs/keys/etc on that domain?
 
Last edited by a moderator: