SOLVED AutoSSL Certificate problem

Nirjonadda

Well-Known Member
May 8, 2013
751
28
78
cPanel Access Level
Root Administrator
Hello,

To update, Comodo has completed the emergency maintenance on their servers. The AutoSSL feature should now work as expected.

Thank you.
Still are not working.

Code:
Log for the AutoSSL run for “mysite”: Friday, May 12, 2017 8:53:45 PM GMT+0200 (cPanel (powered by Comodo))
8:53:45 PM This system has AutoSSL set to use “cPanel (powered by Comodo)”.
8:53:45 PM Checking websites for “mysite” …
8:53:45 PM The website “mysite.com”, owned by “mysite”, has a faulty SSL certificate (OPENSSL_VERIFY:0:18:DEPTH_ZERO_SELF_SIGNED_CERT NOT_ALL_DOMAINS). AutoSSL will attempt to replace this certificate.
8:53:46 PM The system will attempt to renew SSL certificates for the following websites:
8:53:46 PM mysite.com (mysite.com www.mysite.com mail.mysite.com webmail.mysite.com cpanel.mysite.com webdisk.mysite.com)
8:53:48 PM The system has completed the AutoSSL check for “mysite”.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,236
463
Hello @Nirjonadda,

I moved this post to it's own thread, as it does not appear related to the issue with Comodo's servers.

8:53:46 PM The system will attempt to renew SSL certificates for the following websites: 8:53:46 PM mysite.com (mysite.com www.mysite.com mail.mysite.com webmail.mysite.com cpanel.mysite.com webdisk.mysite.com) 8:53:48 PM The system has completed the AutoSSL check for “mysite”.
This suggests the certificate is waiting on Comodo for processing. While the AutoSSL feature generally only requires a short amount of time to complete the installation process, certain factors may lead to longer wait times. Under some conditions, certificates may require up to 48 hours to process. You can try waiting a few hours and then running the following command to check the AutoSSL certificate for the account:

Code:
/usr/local/cpanel/bin/autossl_check --user=$username
Thank you.
 
Last edited:

Rob Golding

Registered
Jul 6, 2016
3
0
1
London, UK
cPanel Access Level
DataCenter Provider
Comodo being essentially "down" for 3 days hasn't helped with real certs:(

We don't use auto-ssl on production systems, but have vps clients who do, it's been unable to update/validate/download certs for over a week with them "stuck" in the queue

Although the docs say they'll only stay there for 24 hours the .json file never seems to get purged. Deleting it manually and fcing it to try again ...

/usr/local/cpanel/bin/autossl_check_cpstore_queue --force
Polling for redacted new certificate for redacted (order item ID redacted) …
The certificate is not available. (processing)
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,236
463
Hello Rob,

Feel free to open a support ticket using the link in my signature if the certificates are still not processing so we can take a closer look and see what's happening.

Thank you.
 

Adwin Lui

Member
Feb 10, 2015
6
1
3
Vancouver, British Columbia, C
cPanel Access Level
Reseller Owner
I hope it's ok to piggyback onto this thread, it seems I have the same issue, it's been in the queue for a few days, here is the autossl Log for this account:

11:55:01 AM Polling for “domain”’s new certificate for “domain.com” (order item ID “199073739”) …
11:55:02 AM The certificate is not available. (processing)
12:00:02 PM The queue contains a request for a certificate for “domain”’s website “domain.com”. The system last polled for this certificate at Jun 19, 2017, 6:55:02 PM UTC. The next poll will be no earlier than Jun 19, 2017, 7:55:02 PM UTC.

Here is the Pending queue:

www.domain.com domain.com domain Jun 19, 2017 2:41:01 AM 199073739 Pending
domain.com domain.com domain Jun 19, 2017 2:41:01 AM 199073739 Pending

The following Comodo's IP are already in our CSF allow:
178.255.81.12
178.255.81.13
91.199.212.132
199.66.201.132

This is a wordpress site, but we're not running any usual culprit plugins like Wordfence or iThemes security

The cpanel-generated comodo redirect rules are present in htaccess

Thank you for any advice!
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,236
463
Hello @Adwin Lui,

Feel free to open a support ticket if you'd like us to take a closer look.

Thanks.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,236
463
Hello,

I'm glad to see the issue is now solved. Thank you for updating us with the outcome.
 

rogerw

Member
Feb 21, 2012
23
4
53
cPanel Access Level
Website Owner
Hello @Nirjonadda,

"...then running the following command to check the AutoSSL certificate for the account..."

Code:
/usr/local/cpanel/bin/autossl_check --user $username
Quick heads up to anyone looking to troubleshoot, as I was. The above command gave me some pause, and twiddling around. Turns out the correct command is:

/usr/local/cpanel/bin/autossl_check --user=<username>

I hope this minor tweak in command helps anyone else searching for troubleshooting information.
 
  • Like
Reactions: cPanelMichael

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,236
463
Hi @rogerw,

Good catch. The previous command looks to have worked well, but you are right that it doesn't match our documentation. I've modified my earlier response to reflect the change you noted.

Thanks!