AutoSSL? End User Getting: "invalid security certificate"

Rel82me

Member
Feb 20, 2016
16
0
51
Toronto
cPanel Access Level
Root Administrator
Hey Friends,
I always thought the idea here with AutoSSL was to allow your end-users to be able to use HTTPS and browse securely?

We are receiving the following:

******* uses an invalid security certificate.

The certificate is not trusted because it is self-signed.

Error code: MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT
 
Last edited by a moderator:

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
4,871
601
273
cPanel Access Level
Root Administrator
Hey there! That error would indicate that there is no SSL installed on the domain, or the secure connection is connecting to the wrong vhost.

If you check the logs in WHM >> Manage AutoSSL do you see any errors for that domain? You could also run this command to see them in real-time on the system:

Code:
/usr/local/cpanel/bin/autossl_check --user=username
You'll just need to change the "username" portion to the specific cPanel user you're working with.
 

Rel82me

Member
Feb 20, 2016
16
0
51
Toronto
cPanel Access Level
Root Administrator
Hey there! That error would indicate that there is no SSL installed on the domain, or the secure connection is connecting to the wrong vhost.

If you check the logs in WHM >> Manage AutoSSL do you see any errors for that domain? You could also run this command to see them in real-time on the system:

Code:
/usr/local/cpanel/bin/autossl_check --user=username
You'll just need to change the "username" portion to the specific cPanel user you're working with.
og for the AutoSSL run for all users: Friday, March 12, 2021 2:39:17 PM GMT-0500 (cPanel (powered by Sectigo))

[REDACTED]
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
4,871
601
273
cPanel Access Level
Root Administrator
Thanks for the details. I removed that log as you don't want the domains to be public on the forum, but I can still see that on my end if necessary.

Are all those domains under the same cPanel user account? It looks like that was the entire log for the whole machine.

If there are multiple domains failing the DCV checks it would be best to submit a ticket so we can check things directly on the server as there is likely more happening than an issue with just one domain.