AutoSSL corrupting existing SSL certificate

archie_n

Registered
Feb 9, 2017
2
0
1
Norway
cPanel Access Level
Root Administrator
Just had a rather unpleasent experience with AutoSSL on a account with an existing purchased and installed SSL certificate: I've parked two new domains on this account prior to registering the new domain. This apperently resulted in overwriting the existing SSL certificate with an unsigned certificate.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,222
463
Hello,

Could you verify if "Allow AutoSSL to replace invalid or expiring non-AutoSSL certificates" is enabled under the "Options" tab in "WHM >> SSL/TLS >> Manage AutoSSL"?

Thank you.
 

archie_n

Registered
Feb 9, 2017
2
0
1
Norway
cPanel Access Level
Root Administrator
Hello,

Could you verify if "Allow AutoSSL to replace invalid or expiring non-AutoSSL certificates" is enabled under the "Options" tab in "WHM >> SSL/TLS >> Manage AutoSSL"?

Thank you.
Hi!

After this experience, I've disabled the AutoSSL feature. When checking now, the mentioned options is not enabled.

Log file:
Code:
Log for the AutoSSL run for “existing_domain_owner”: Thursday, February 9, 2017 4:03:14 PM GMT+0100 (cPanel (powered by Comodo))

 4:03:14 PM This system has AutoSSL set to use “cPanel (powered by Comodo)”.
 4:03:14 PM Checking websites for “existing_domain_owner” …
 4:03:15 PM The website “EXISTING_DOMAIN_dot_TLD”, owned by “existing_domain_owner”, has a faulty SSL certificate (OPENSSL_VERIFY:0:18:DEPTH_ZERO_SELF_SIGNED_CERT NOT_ALL_DOMAINS). AutoSSL will attempt to replace this certificate.
 4:03:15 PM WARN The domain “NEW_PARKED_DOMAIN_dot_TLD” failed domain control validation: “NEW_PARKED_DOMAIN_dot_TLD” does not resolve to any IPv4 addresses on the internet. at bin/autossl_check.pl line 562.
 4:03:17 PM WARN The domain “www.NEW_PARKED_DOMAIN_dot_TLD” failed domain control validation: “www.NEW_PARKED_DOMAIN_dot_TLD” does not resolve to any IPv4 addresses on the internet. at bin/autossl_check.pl line 562.
 4:03:17 PM WARN The domain “mail.NEW_PARKED_DOMAIN_dot_TLD” failed domain control validation: “mail.NEW_PARKED_DOMAIN_dot_TLD” does not resolve to any IPv4 addresses on the internet. at bin/autossl_check.pl line 562.
 4:03:18 PM The system will attempt to renew SSL certificates for the following websites:
 4:03:18 PM EXISTING_DOMAIN_dot_TLD (EXISTING_DOMAIN_dot_TLD 55553400.no FURTHER_DOMAINS_dot_TLD)
 
Last edited by a moderator:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,222
463
Hello,

The AutoSSL feature should not replace non-AutoSSL SSL certificates unless "Allow AutoSSL to replace invalid or expiring non-AutoSSL certificates" is enabled under the "Options" tab in "WHM >> SSL/TLS >> Manage AutoSSL".

Feel free to open a support ticket using the link in my signature so we can take a closer look if this is happening on your system. You can post the ticket number here and we will update this thread with the outcome.

Thank you.