Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

AutoSSL from cPanel says expired

Discussion in 'Security' started by InteractM, Dec 11, 2017.

Tags:
  1. InteractM

    InteractM Well-Known Member

    Joined:
    Apr 2, 2013
    Messages:
    135
    Likes Received:
    1
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    I have an issue with multiple sites over the weekend where AutoSSL issued by cPanel say is expired but SSL Storage Manager shows that are not.

    Example: - Removed -

    SSL Cert envelope:
    Code:
    Certificate:
        Data:
            Version: 3 (0x2)
            Serial Number:
                35:58:6e:53:2a:b7:86:09:43:5e:d7:88:6a:47:8a:0b
        Signature Algorithm: sha256WithRSAEncryption
            Issuer: C = US, ST = TX, L = Houston, O = "cPanel, Inc.", CN = "cPanel, Inc. Certification Authority"
            Validity
                Not Before: Nov 25 00:00:00 2017 GMT
                Not After : Feb 23 23:59:59 2018 GMT
            Subject: CN = - Removed -
    
    Any clue how get that issue to fix?
     
    #1 InteractM, Dec 11, 2017
    Last edited by a moderator: Dec 11, 2017
  2. Eminds

    Eminds Well-Known Member

    Joined:
    Nov 10, 2016
    Messages:
    263
    Likes Received:
    19
    Trophy Points:
    18
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Login to WHM with root >> go to AutoSSL Manager >> check the logs tab for that particular domain and it will show you what exactly happening with the SSL certificates.
     
  3. InteractM

    InteractM Well-Known Member

    Joined:
    Apr 2, 2013
    Messages:
    135
    Likes Received:
    1
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Well, I was there few times and says nothing interesting:
    Code:
    Log for the AutoSSL run for “gems”: Monday, December 11, 2017 9:35:08 PM GMT-0500 (cPanel (powered by Comodo))
    9:35:08 PM This system has AutoSSL set to use “cPanel (powered by Comodo)”.
    9:35:08 PM Checking websites for “gems” …
    9:35:08 PM The website “example.com”, owned by “gems”, has a valid SSL certificate, but additional SSL coverage may be possible for the domains “cpanel.example.com”, “webmail.example.com”, and “webdisk.example.com”. The system will attempt to replace this certificate with one that includes these additional domains.
    9:35:09 PM AutoSSL cannot add any new domains to SSL coverage for the website “example.com”.
    9:35:09 PM The system has completed the AutoSSL check for “gems”.
    
    
     
    #3 InteractM, Dec 11, 2017
    Last edited by a moderator: Dec 12, 2017
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    42,802
    Likes Received:
    1,714
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Do you have proxy subdomain DNS entries configured for that account? If not, and if proxy subdomains are enabled, you can automatically add the missing entries for all domain names on the server with the following command:

    Code:
    /scripts/checkproxysubdomains --force
    If that doesn't address the issue during the next AutoSSL check, or if the proxy subdomain records are already populated in the domain name's DNS zone, feel free to open a support ticket so we can take a closer look.

    Thank you.
     
  5. Mayc

    Mayc Member

    Joined:
    Oct 11, 2017
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    same proble here. In 2 diferent servers. This only happens when I use a proxy for the ssl. I use xvarnish, everything was working perfectly and suddenly 2 or 3 weeks ago in both cases the same problem occurred. Most websites with ssl give this error in the browser: NET::ERR_CERT_DATE_INVALID. But nevertheless the certificate is active and not expired. Turning off the proxy works fine. where I have been able to investigate the xvarnish has not been updated since August so it must have coincided with some update of cpanel.

    Any idea??
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    42,802
    Likes Received:
    1,714
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    If it's not happening when the plugin is uninstalled, it suggests an issue with the plugin itself (possibly with custom Apache templates). Have you reported the issue to the support team for that Varinish plugin so they can take a closer look?

    Thank you.
     
  7. Mayc

    Mayc Member

    Joined:
    Oct 11, 2017
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    with the proxy enabled gives expired certificate
    Valid from Thu, 07 Sep 2017 00:00:00 UTC
    Valid until Wed, 06 Dec 2017 23:59:59 UTC (expired 12 days, 18 hours ago) EXPIRED

    without the proxy
    Valid from Wed, 22 Nov 2017 00:00:00 UTC
    Valid until Tue, 20 Feb 2018 23:59:59 UTC (expires in 2 months and 1 day)

    Unfortunately the xvarnish support team is non-existent
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    42,802
    Likes Received:
    1,714
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    The information you provided suggests that plugin might not have been updated to account for the following changes in cPanel 68:

    SSL Storage Modification

    You may want to consider using a different plugin if you are unable to reach their support team.

    Thank you.
     
Loading...

Share This Page