Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

AutoSSL corrupting existing SSL certificate

Discussion in 'Security' started by archie_n, Feb 9, 2017.

Tags:
  1. archie_n

    archie_n Registered

    Joined:
    Feb 9, 2017
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Norway
    cPanel Access Level:
    Root Administrator
    Just had a rather unpleasent experience with AutoSSL on a account with an existing purchased and installed SSL certificate: I've parked two new domains on this account prior to registering the new domain. This apperently resulted in overwriting the existing SSL certificate with an unsigned certificate.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Could you verify if "Allow AutoSSL to replace invalid or expiring non-AutoSSL certificates" is enabled under the "Options" tab in "WHM >> SSL/TLS >> Manage AutoSSL"?

    Thank you.
     
  3. archie_n

    archie_n Registered

    Joined:
    Feb 9, 2017
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Norway
    cPanel Access Level:
    Root Administrator
    Hi!

    After this experience, I've disabled the AutoSSL feature. When checking now, the mentioned options is not enabled.

    Log file:
    Code:
    Log for the AutoSSL run for “existing_domain_owner”: Thursday, February 9, 2017 4:03:14 PM GMT+0100 (cPanel (powered by Comodo))
    
     4:03:14 PM This system has AutoSSL set to use “cPanel (powered by Comodo)”.
     4:03:14 PM Checking websites for “existing_domain_owner” …
     4:03:15 PM The website “EXISTING_DOMAIN_dot_TLD”, owned by “existing_domain_owner”, has a faulty SSL certificate (OPENSSL_VERIFY:0:18:DEPTH_ZERO_SELF_SIGNED_CERT NOT_ALL_DOMAINS). AutoSSL will attempt to replace this certificate.
     4:03:15 PM WARN The domain “NEW_PARKED_DOMAIN_dot_TLD” failed domain control validation: “NEW_PARKED_DOMAIN_dot_TLD” does not resolve to any IPv4 addresses on the internet. at bin/autossl_check.pl line 562.
     4:03:17 PM WARN The domain “www.NEW_PARKED_DOMAIN_dot_TLD” failed domain control validation: “www.NEW_PARKED_DOMAIN_dot_TLD” does not resolve to any IPv4 addresses on the internet. at bin/autossl_check.pl line 562.
     4:03:17 PM WARN The domain “mail.NEW_PARKED_DOMAIN_dot_TLD” failed domain control validation: “mail.NEW_PARKED_DOMAIN_dot_TLD” does not resolve to any IPv4 addresses on the internet. at bin/autossl_check.pl line 562.
     4:03:18 PM The system will attempt to renew SSL certificates for the following websites:
     4:03:18 PM EXISTING_DOMAIN_dot_TLD (EXISTING_DOMAIN_dot_TLD 55553400.no FURTHER_DOMAINS_dot_TLD)
    
     
    #3 archie_n, Feb 10, 2017
    Last edited by a moderator: Feb 10, 2017
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    The AutoSSL feature should not replace non-AutoSSL SSL certificates unless "Allow AutoSSL to replace invalid or expiring non-AutoSSL certificates" is enabled under the "Options" tab in "WHM >> SSL/TLS >> Manage AutoSSL".

    Feel free to open a support ticket using the link in my signature so we can take a closer look if this is happening on your system. You can post the ticket number here and we will update this thread with the outcome.

    Thank you.
     
Loading...

Share This Page