The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

AutoSSL Feedback

Discussion in 'Security' started by ebizindia, Oct 6, 2016.

Tags:
  1. ebizindia

    ebizindia Well-Known Member

    Joined:
    Oct 13, 2005
    Messages:
    72
    Likes Received:
    2
    Trophy Points:
    8
    Location:
    Kolkata, India
    cPanel Access Level:
    Root Administrator
    Extremely disappointed with the way AutoSSL works on renewal of certificates earlier issued by another agency. I have to manually buy certificates after experiencing a downtime of the sites in each such case.

    The AutoSSL file validation failed in many cases but that is another story. Even after successful validation, a new certificate request was sent was the certificate was never received. We kept waiting and then had to manually the certificate to keep the site operational.

    I sincerely request that this process needs to be made more responsive. I am now awaiting another certificate renewal for the server and am fairly convinced that even this will fail.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,745
    Likes Received:
    662
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello @ebizindia,

    I'm sorry to see you are disappointed with the AutoSSL functionality.

    In cPanel version 60, we now automatically update .htaccess files to exclude DCV checks from HTTP redirections so that the DCV checks complete successfully. This resolves issues that some customers reported with AutoSSL and cPanel Market purchases. You can review the full release notes for cPanel version 60 (with references to some additional AutoSSL improvements) at:

    60 Release Notes - Documentation - cPanel Documentation

    Regarding the certificate request process, the following utility runs every five minutes as part of a cron job to see if a certificate has been processed:

    Code:
    /usr/local/cpanel/bin/autossl_check_cpstore_queue
    Could you let us know how long the certificate was in the processing stage before you manually installed a certificate? We have a thread here that goes into more detail about the ordering process:

    cPanel & WHM’s AutoSSL/SSL ordering process

    Thank you.
     
  3. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,426
    Likes Received:
    2
    Trophy Points:
    38
    cPanel Access Level:
    DataCenter Provider
    Good news: In 11.60 we will over an option to allow you to configure if non-AutoSSL certificates get overwritten.

    This is already available for testing in 11.59.9999.169 and later in the EDGE tier.
     

    Attached Files:

  4. ebizindia

    ebizindia Well-Known Member

    Joined:
    Oct 13, 2005
    Messages:
    72
    Likes Received:
    2
    Trophy Points:
    8
    Location:
    Kolkata, India
    cPanel Access Level:
    Root Administrator
    I checked the log and got this:

    Code:
     10:05:01 PM WARN The request for a certificate for the website “example.com” has taken more than the allowed time (8 days). The system will no longer track this request. at bin/autossl_check_cpstore_queue.pl line 246.
    I will need the certificate for the server renewed in a couple of days and I am worried that even this will fail. Can I do something to ensure that it does not?
     
  5. ebizindia

    ebizindia Well-Known Member

    Joined:
    Oct 13, 2005
    Messages:
    72
    Likes Received:
    2
    Trophy Points:
    8
    Location:
    Kolkata, India
    cPanel Access Level:
    Root Administrator
    Can you provide a rough timeline for ver 60 to get in the Release tier?
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,745
    Likes Received:
    662
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Could you open a support ticket using the link in my signature so we can take a closer look at your system and determine why the certificate didn't process? You can post the ticket number here so we can update this thread with the outcome.

    It's tentatively scheduled for the "Current" build tier early next week. There's currently no specific time frame to offer on it's publication to the "Release" tier, though it typically takes 2 to 4 weeks for a version to go from "Current" to "Release". Here's a document and blog post that explains the process:

    Product Versions and the Release Process - cPanel Knowledge Base - cPanel Documentation
    The cPanel Development Process | cPanel Blog

    Thank you.
     
Loading...

Share This Page