AutoSSL from cPanel says expired

[InteractM]

I have an issue with multiple sites over the weekend where AutoSSL issued by cPanel say is expired but SSL Storage Manager shows that are not.

Example: - Removed -

SSL Cert envelope:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:58:6e:53:2a:b7:86:09:43:5e:d7:88:6a:47:8a:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = US, ST = TX, L = Houston, O = "cPanel, Inc.", CN = "cPanel, Inc. Certification Authority"
        Validity
            Not Before: Nov 25 00:00:00 2017 GMT
            Not After : Feb 23 23:59:59 2018 GMT
        Subject: CN = - Removed -

Any clue how get that issue to fix?

 

[Eminds]

Login to WHM with root >> go to AutoSSL Manager >> check the logs tab for that particular domain and it will show you what exactly happening with the SSL certificates.

 

[InteractM]

Well, I was there few times and says nothing interesting:

Log for the AutoSSL run for “gems”: Monday, December 11, 2017 9:35:08 PM GMT-0500 (cPanel (powered by Comodo))
9:35:08 PM This system has AutoSSL set to use “cPanel (powered by Comodo)”.
9:35:08 PM Checking websites for “gems” …
9:35:08 PM The website “example.com”, owned by “gems”, has a valid SSL certificate, but additional SSL coverage may be possible for the domains “cpanel.example.com”, “webmail.example.com”, and “webdisk.example.com”. The system will attempt to replace this certificate with one that includes these additional domains.
9:35:09 PM AutoSSL cannot add any new domains to SSL coverage for the website “example.com”.
9:35:09 PM The system has completed the AutoSSL check for “gems”.

 

[cPanelMichael]

Hello,

Do you have proxy subdomain DNS entries configured for that account? If not, and if proxy subdomains are enabled, you can automatically add the missing entries for all domain names on the server with the following command:

/scripts/checkproxysubdomains --force

If that doesn't address the issue during the next AutoSSL check, or if the proxy subdomain records are already populated in the domain name's DNS zone, feel free to open a support ticket so we can take a closer look.

Thank you.

 

[Mayc]

same proble here. In 2 diferent servers. This only happens when I use a proxy for the ssl. I use xvarnish, everything was working perfectly and suddenly 2 or 3 weeks ago in both cases the same problem occurred. Most websites with ssl give this error in the browser: NET::ERR_CERT_DATE_INVALID. But nevertheless the certificate is active and not expired. Turning off the proxy works fine. where I have been able to investigate the xvarnish has not been updated since August so it must have coincided with some update of cpanel.

Any idea??

 

[cPanelMichael]

Turning off the proxy works fine. where I have been able to investigate the xvarnish has not been updated since August so it must have coincided with some update of cpanel.

Hello,

If it's not happening when the plugin is uninstalled, it suggests an issue with the plugin itself (possibly with custom Apache templates). Have you reported the issue to the support team for that Varinish plugin so they can take a closer look?

Thank you.

 

[Mayc]

with the proxy enabled gives expired certificate
Valid from Thu, 07 Sep 2017 00:00:00 UTC
Valid until Wed, 06 Dec 2017 23:59:59 UTC (expired 12 days, 18 hours ago) EXPIRED

without the proxy
Valid from Wed, 22 Nov 2017 00:00:00 UTC
Valid until Tue, 20 Feb 2018 23:59:59 UTC (expires in 2 months and 1 day)

Unfortunately the xvarnish support team is non-existent

 

[cPanelMichael]

Unfortunately the xvarnish support team is non-existent

The information you provided suggests that plugin might not have been updated to account for the following changes in cPanel 68:

SSL Storage Modification

You may want to consider using a different plugin if you are unable to reach their support team.

Thank you.