My SSL certificates provided by let's encrypt and set up using cpanel's autossl are not automatically renewing.
I have 3 domains with about 12 subdomains on one of them.
Autossl runs every 24 hours (I have the logs) but the certificates are close to expiration (some of them within 30 days, 1 of them expired 3 days ago) but did not renew.
These certificates were all issued by let's encrypt, I've had let's encrypt and autossl
installed for over a year. I do have my SSH port number changed from the default if that is meaningful.
THE AUTOSSL checks run every 24 hours and I have the logs from the past 30 days to see that it runs.
I have about a dozen subdomains of 1 domain, and most, but not all - have the entry of
"TLS Status: Incomplete" in the autossl logs.
Ther are a few of them though that do say:
TLS Status: OK
Their certificates expire at different dates, but 1 of them has expired within the past week and it did not auto renew.
I did find a pattern though:
the subdomains that have a TLS status of "OK"
do not have the following type of listing in the autossl log:
Local HTTP DCV error (www.subdomainname.domainname.tld): “www.subdomainname.domainname.tld” does not resolve to any IPv4 addresses on the internet.
What I've done:
I did more searching and found SOLVED - AutoSSL Not Generating Signing Request
But I did confirm that I do have A records (ones that are www.subdomainname and subdomainname ) for all of my subdomains.
found
AutoSSL does not resolve to any IPv4 addresses on the internet.
which suggested to output
cat /var/cpanel/cpnat
and then run
/scripts/build_cpnat
if the cat outputted nothing; I did that;
and then re-ran the autossl script within cpanel; and same result
(I did it once more; then as sudo, and same result)
What other steps should I take?
I have 3 domains with about 12 subdomains on one of them.
Autossl runs every 24 hours (I have the logs) but the certificates are close to expiration (some of them within 30 days, 1 of them expired 3 days ago) but did not renew.
These certificates were all issued by let's encrypt, I've had let's encrypt and autossl
installed for over a year. I do have my SSH port number changed from the default if that is meaningful.
THE AUTOSSL checks run every 24 hours and I have the logs from the past 30 days to see that it runs.
I have about a dozen subdomains of 1 domain, and most, but not all - have the entry of
"TLS Status: Incomplete" in the autossl logs.
Ther are a few of them though that do say:
TLS Status: OK
Their certificates expire at different dates, but 1 of them has expired within the past week and it did not auto renew.
I did find a pattern though:
the subdomains that have a TLS status of "OK"
do not have the following type of listing in the autossl log:
Local HTTP DCV error (www.subdomainname.domainname.tld): “www.subdomainname.domainname.tld” does not resolve to any IPv4 addresses on the internet.
What I've done:
I did more searching and found SOLVED - AutoSSL Not Generating Signing Request
But I did confirm that I do have A records (ones that are www.subdomainname and subdomainname ) for all of my subdomains.
found
AutoSSL does not resolve to any IPv4 addresses on the internet.
which suggested to output
cat /var/cpanel/cpnat
and then run
/scripts/build_cpnat
if the cat outputted nothing; I did that;
and then re-ran the autossl script within cpanel; and same result
(I did it once more; then as sudo, and same result)
What other steps should I take?
