AutoSSL not renewing when it should?

aolbrechts

Active Member
Feb 24, 2016
26
1
3
Belgium
cPanel Access Level
Root Administrator
Hello,

I regularly have issues with AutoSSL that doesn't automatically renews SSL certificates for client web sites before they expire. Each time I have to manually check and force to renew them, which often causes web site downtime as moderne browsers don't display the web site if certificate isn't OK.

I there something to change so that I'm sur the certificate automatically renews BEFORE expiration ?

Thanks,
Antoine
 

Agics

Member
May 16, 2013
16
0
1
Netherlands
cPanel Access Level
Root Administrator
I had this issue as well. It solved on my site weirdly enough by going in cpanel, select ssl status and include all subdomains. Often the ipv6 address is excluded by my users as it avoid them to get an e-mail. When autossl ran again the problem was solved.
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,271
313
Houston
Hello @aolbrechts

As suggested by @Agics you may want to ensure that some domains are not excluded. If that is not the case can you please provide the output of the AutoSSL logs where the domains didn't renew?

Thanks!
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,271
313
Houston
Hi @aolbrechts

I removed the post due to the domain name being visible in a number of places in the response. Before I removed it though I looked at the logs and it doesn't seem that there is an error besides the notification prior to the DCV check that it doesn't have a valid certificate when the check completes. I checked a couple of the domains listed as well and they all show that they have SSL certificates assigned.


Thank you
 

aolbrechts

Active Member
Feb 24, 2016
26
1
3
Belgium
cPanel Access Level
Root Administrator
Hello,

Indeed there was no apparent error, and no the SSL certificates are OK, but that's after I manually ran AutoSSL again.
I would rather prefer not running in manually everyday in case there is a certificate to renew, not very practical ;-)

Antoine
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,271
313
Houston
Hi @aolbrechts

Are there logs from when you DID NOT run it automatically or is it just not running? That's ultimately what we'd need to see as I noted in my response.

Thanks!
 

aolbrechts

Active Member
Feb 24, 2016
26
1
3
Belgium
cPanel Access Level
Root Administrator
Hello @cPanelLauren

It's happening again, some certificates not being automatically renewed, although there aren't any issues. One example below, it's been in the queue for 2 days and nothing's going on. It's really a bummer, I have clients that randomly call me because the certificate isn't renewed automatically and their web site becomes unaccessible.



Log for the AutoSSL run for “klarisd”: Saturday, July 28, 2018 11:48:58 AM GMT+0200 (cPanel (powered by Comodo))
11:48:58 AM AutoSSL’s configured provider is “cPanel (powered by Comodo)”.
Checking websites for “klarisd” …
11:48:58 AM Checking “klarisd.-------------” …
11:48:58 AM ERROR TLS Status: Defective
ERROR Certificate expiry: 7/26/18, 12:00 AM UTC (2.41 days ago)
ERROR Defect: OPENSSL_VERIFY: The certificate chain failed OpenSSL’s verification (0:10:CERT_HAS_EXPIRED).
11:48:59 AM AutoSSL will request a new certificate.
11:48:59 AM The system will attempt to renew the SSL certificate for the website (klarisd.---------------------).
The provider “cPanel (powered by Comodo)”’s AutoSSL queue already contains a request for a certificate for “klarisd”’s website “klarisd---------”. The request’s start time is Jul 26, 2018, 7:46:16 AM UTC and its last poll time is Jul 26, 2018, 7:48:01 AM UTC.
11:48:59 AM The system has completed the AutoSSL check for “klarisd”.
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,271
313
Houston
Hi @aolbrechts

Is this originating from a different server as the first request? Could you please send me a private message with the IP address the domain is assigned to? I'd like to take a look at what is occurring on our internal system.

Thanks!