AutoSSL Issuing Expired Certificates

Operating System & Version
Linux, version unknown
cPanel & WHM Version
Don't Know, But new Enough to No Longer Show Version Where It Was Forever

PostAlmostAnything

Well-Known Member
Mar 3, 2020
70
1
8
Portland, Oregon
cPanel Access Level
Website Owner
Sometime this week my server suddenly began issuing pre-expired SSL certificates on one account. This account is used only to host email for a specific domain, so the only DNS pointing to the cPanel server is mail.example.com. Hosting mail only for that domain has never been a problem and I doubt it is now, but because the site itself is hosted on a Windows Server whatever fix I find here has to keep this in mind.

The site itself is an ASP.Net Core app which connects from Razor pages with the cPanel server to process mail sent from sites when users fill out contact forms, register, or the system wants to send them notifications. When trying to send mail I am told "A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file."

Thinking this was due an error in .Net which was failing to send emails due to a criteria that shouldn't stop a message from being sent I started posting elsewhere, but people in those places seem to think the problem is with the mail server and not the .Net Core framework.

Back to the cPanel server, whenever I run AutoSSL the certificate that gets generated has an expiration date of today12:00 AM which was of course the beginning of TODAY, so how am I supposed to use AutoSSL if it only issues expired certificates now?

Also, is there any way to force cPanel to only issue certs with expiration dates for which the year must be at least one higher than the current one? Usually, SSL certificates are supposed be issued annually.
 
Last edited:

PostAlmostAnything

Well-Known Member
Mar 3, 2020
70
1
8
Portland, Oregon
cPanel Access Level
Website Owner
Odd, the AutoSSL certificate for mail.example.com now appears just fine, but the site still gets the same error when sending email. Is there some type of cache I am not aware of that might give the site outdated info?
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
12,499
1,971
363
cPanel Access Level
Root Administrator
Hey there! AutoSSL certificates are issued for 90-days, and there isn't a way for that to issue an expired certificate.

As you found, you may just be seeing cached data, or it's possible the SSL didn't update for all services. Can you check the WHM >> Manage Service SSL Certificates page to see if the data there is correct?