Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SOLVED AutoSSL Certificate does not renew automatically

Discussion in 'Security' started by jackofalltrades, Dec 1, 2016.

Tags:
  1. jackofalltrades

    Joined:
    Nov 1, 2012
    Messages:
    15
    Likes Received:
    2
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    Over a month ago CPanel installed a SSL link in my Awstats page to an https version of my website. About the same time I noticed my website Icon disappeared from the browser when visiting my website, replacing with a notice saying my wewbsite might not be safe (or something like that). Some days after I received a phone call from a Certifying company offering to sell me a SSL certificate. In consequence, after all that, I started searching to find out what was going on. That's how I got to AutoSSL free from CPanel, automatically installed for my website. As my website is merely informative, no commerce, doesn't have a login, and doesn't even collect emails or any other data from its visitors I didn't consider it imperative to have a SSL certificate. But, as it was free, Google at some point will demand all sites have it, even if it's the simplest of sites, I got into the task of getting this certificate and activating it. I made major changes to my website, all links on all my pages, htaccess, redirects, canonicals, etc., etc. I got everything working as should be, my website had the green padlock, and worked fine, so I started updating all the backlinks I could in directories, profiles, posts, social media, all the package. Not being a regular webmaster, just a professional in another field who tries to do his best in managing his own website because I can’t pay the costs of hiring someone else, I really lost blood on the way.

    On the 30th November the SSL certificate expired, and all my visitors were redirected to a page that said my website was unsafe KEEP AWAY!

    Automatic? My hat. I ask my hosting provider who provides CPanel, what was happening, if he could find a solution. He says he doesn’t know much about the AutoSSL, but he’ll try and find out.

    He finds out and says CPanel will renew my Certificate and I should see this happen in 48 hours.

    Later he says CPanel can’t install it because I have some redirects in my htaccess. Of course, I have a non-www to www redirect, I have an http to https redirect, and I have a few other redirects of some old deleted webpages. I eliminate all new redirects (those that weren’t there when CPanel installed the first Certificate I didn’t ask for), including the canonicals on each file, hoping this will put things back to what CPanel offered. Meanwhile, and considering my website has been flagged erroneously as unsafe, and the consequences that brings to my traffic, and specially to my Google reputation and SERP, I started replacing all my https files for the old http files (at least I should be able to stay on the air while CPanel and my hosting provider figure out how to fix the issue) but HO! No, the flagging page still comes up when I search for my website. After looking around, eliminating cookies and caching I noticed that the http files come up OK, it’s only the home page that shows the unsafe flag to my visitors. If they type in http://example.com/index.php or any other page like ../otherpage.php they can see the pages. But most probably all the https links, backlinks and typing https in the browser will take them to the unsafe flag page.

    So, my website is a mess, my statistics are in a mess, my Google reputation is in a mess (luckily Google doesn’t react immediately), but if it does react recovering my SERP and reputation will be a real mess. But the worse mess is being viewed by my visitors, many of which can be clients or potential clients, who seeing that mess won’t ever come back.

    I would like to know what can CPanel tell me, or better, what can CPanel do to fix up this mess before I really start suffering damage, apart of all the time I’ve wasted on this free safety.
     
  2. jackofalltrades

    Joined:
    Nov 1, 2012
    Messages:
    15
    Likes Received:
    2
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    Last night a new Certificate was installed.
    I don't know if this was a consequence of eliminating the redirects from the htaccess file, because I uninstalled the expired certificate or because I deleted the canonicals. What seems to be clear is that renewing the certificate is not automatic, it brings a lot of trouble (including your website being flagged as unsafe) and there is no information available as to avoiding these problems.

    I would like to know if this was a one time event, or should I expect to have the same problems in 3 months time when the certificate expires again. What can be done to avoid these problems, if anything, or is this the cost of a free certificate, which in any case, as I understand, doesn't cover all events.
    I'm gratefull for having the opportunity to upgrade my website to current trends, with a free certificate, but if the cost is having my website flagged as unsafe for two days every three months, I'll have to think about it. My website belongs to a very particular niche, it does not live off volumes of traffic, and maybe just going back to an http website is better for me.

    Thanks anyway.
     
  3. jackofalltrades

    Joined:
    Nov 1, 2012
    Messages:
    15
    Likes Received:
    2
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    Additionally, being a first timer, and CPanel probably knowing which is the procedure (I understand AutoSSL has existid for some time now), there was no warning on how to proceed for best results.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello @jackofalltrades,

    I'm sorry to see you had some trouble with the AutoSSL feature. I notice you mentioned your web hosting provider. Could you verify if this is a shared hosting account, or if you have root access to the server itself? This will help us to determine the best course of action.

    Thanks!
     
  5. jackofalltrades

    Joined:
    Nov 1, 2012
    Messages:
    15
    Likes Received:
    2
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    Hello Michael,

    Yes, its a shared server and I don't have access to the server. I can put you in contact with the provider if you are both willing to find a best procedure for the future. Can you contact me in private?
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    The AutoSSL feature, while it installs SSL certificates for individual domain names, is intended to be managed by the server administrator (e.g. your web hosting provider). When domain validation fails with AutoSSL, the first step is to review the AutoSSL logs to see what happened via "WHM >> Manage AutoSSL >> Logs". This isn't something you can do as an end-user. Certificate requests occur nightly during cPanel updates, and the validation process typically only takes a few hours. Certificate renewal attempts for cPanel-signed certificates begin within 15 days of expiry. Thus, the responsibility is with your hosting provider to address any issues preventing domain validation with the AutoSSL feature before the certificate expires.

    We've resolved several issues with AutoSSL since it's delivery as a feature. You can search for the term "autossl" on our change logs to see cases we've addressed:

    60 Change Log - Change Logs - cPanel Documentation
    58 Change Log - Change Logs - cPanel Documentation

    If an issue still exists at the next renewal attempt, your hosting provider would be able to recognize the issue 15-days out, and they could open a support request with us so we could determine the cause of the problem.

    Thank you.
     
  7. jackofalltrades

    Joined:
    Nov 1, 2012
    Messages:
    15
    Likes Received:
    2
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    Ok. As I understand it: 15 or less days before renewal I should contact my hosting provider and ask him to check the "WHM >> Manage AutoSSL >> Logs" to see if there is anything that might be preventing that renewal so he can open a support request and get you to solve the problem. And that should be it.

    I haven't yet seen the links you disclosed above, so maybe the answer to the following is there, if not:

    Why was I asked by the hosting provider to eliminate redirects in my htaccess file? And, would that be a recurrent requirement for renewal? I must say, the only redirects I had there were:
    1- From non-www to www
    2- From http to https
    3- From /otherpage1.php to /newpage.php
    4- From /otherpage2.php to /newpage.php
    5- and one more otherpage3 to the same /newpage.php
    6-11 and six otherpagesX to their own newpageX.php

    all permanent redirects,
    Nine as: [R=301,L]
    One as [R=301,NC,NE,QSA,L]
    One as [R=permanent,L]

    Each https file also had a canonical http to https

    Thanks, Michael.
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Yes, that's correct.

    Here's a thread that explains this a little more:

    AutoSSL and HTTP Redirects

    Let us know if that answers your question.

    Thanks!
     
  9. jackofalltrades

    Joined:
    Nov 1, 2012
    Messages:
    15
    Likes Received:
    2
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    Hello, Michael.
    I went through the change logs and didn't really understand much, except that CPanel has many issues it is fixing daily, and that on the dates 30 Nov to 4 Dec there seems to have been no issues fixed. The issues I had shouldn't they appear in this log if it was a CPanel issue? Or is it that those particular issues haven't been fixed yet and the new/renewed certificate was installed using a bypass or alternative way of doing it?

    Thanks.
     
  10. jackofalltrades

    Joined:
    Nov 1, 2012
    Messages:
    15
    Likes Received:
    2
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    Ok, Michael.
    I read: AutoSSL and HTTP Redirects and cPanel & WHM’s AutoSSL/SSL ordering process

    I understand I'm using Comodo (I suppose I can verify that in my CPanel), so then I should edit my htaccess file puting: RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt$
    before every “RewriteRule” for the redirects. With this included the following renewal should be automatic unless the hosting provider finds some other unknown issue in the logs. Would this be right?

    Does that include other RewriteRule? like:

    RewriteCond %{HTTP_USER_AGENT} libwww-perl.*
    RewriteRule .* – [F,L]

    Thanks.
     
  11. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    There's no particular case to reference, it was more-so to let you know we are constantly improving the AutoSSL feature to account for issues like the one you encountered.

    No, I don't suggest making any changes to the .htaccess file unless your system still uses cPanel version 58. This happens automatically in cPanel version 60. The link was provided to offer some information on the issue you may have encountered with the last AutoSSL failure.

    Thank you.
     
  12. jackofalltrades

    Joined:
    Nov 1, 2012
    Messages:
    15
    Likes Received:
    2
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    Ok. Many thanks for your clear and to the point explanations.

    I hope I don't have to bother you again. :)

    And, have a nice weekend.
     
    Infopro and cPanelMichael like this.
  13. jackofalltrades

    Joined:
    Nov 1, 2012
    Messages:
    15
    Likes Received:
    2
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    CPanel Blunder.jpg

    This is what has happened with my daily visitors during the changeover from http to https. Around Nov 2 awstats started finding visitors to the https version. The grey tendency line shows a clear climbing tendency over the usual variability between Oct 15th and Nov 30th. On Nov 30th the AutoSSL Certificate did not renew, causing not only a fall in total visitors but also a change in tendency. I couldn't include the tendency from 52 on (when the new Certificate was in place), but it's a downward tendency, that is the Presence of the Certificate and being online with a https status has not allowed a recovery, at least to the situation previous to the failed AutoSSL. And we must consider that during the last 10 days I have been doing a good amount of marketing, increasing backlinks in more than 10%, posting YouTube videos, taking part in a like, follow and share campaign among my peers, etc., so what I really have been doing is avoiding an even worse fall. My website is not called Wikipedia, so figures are quite small, but in proportion they are significant. How long it will take before this gets back to the historic trend, as it should, is hard to say but clearly not very soon. I leave this here for others considering evolving from Http to Https, which are the dangers, and specially, for CPanel managers to disclose a step to step procedure, for those of us who are not experts or can't read your minds, and specially to teach hosting providers when you introduce these kinds of "improvements" so they can channel procedures with users before these kinds of issues occur.
     
  14. jackofalltrades

    Joined:
    Nov 1, 2012
    Messages:
    15
    Likes Received:
    2
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    BTW The last point in the graph in a steep fall is because awstats data is incomplete for the last 24 hours, tomorrow that line should be be less steep, horizontal or climbing.
     
Loading...

Share This Page