Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

AutoSSL not renewing when it should?

Discussion in 'Security' started by aolbrechts, Jul 3, 2018.

  1. aolbrechts

    aolbrechts Active Member

    Joined:
    Feb 24, 2016
    Messages:
    26
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Belgium
    cPanel Access Level:
    Root Administrator
    Hello,

    I regularly have issues with AutoSSL that doesn't automatically renews SSL certificates for client web sites before they expire. Each time I have to manually check and force to renew them, which often causes web site downtime as moderne browsers don't display the web site if certificate isn't OK.

    I there something to change so that I'm sur the certificate automatically renews BEFORE expiration ?

    Thanks,
    Antoine
     
  2. Agics

    Agics Member

    Joined:
    May 16, 2013
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Netherlands
    cPanel Access Level:
    Root Administrator
    I had this issue as well. It solved on my site weirdly enough by going in cpanel, select ssl status and include all subdomains. Often the ipv6 address is excluded by my users as it avoid them to get an e-mail. When autossl ran again the problem was solved.
     
  3. cPanelLauren

    cPanelLauren Forums Analyst
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    2,719
    Likes Received:
    185
    Trophy Points:
    143
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hello @aolbrechts

    As suggested by @Agics you may want to ensure that some domains are not excluded. If that is not the case can you please provide the output of the AutoSSL logs where the domains didn't renew?

    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. cPanelLauren

    cPanelLauren Forums Analyst
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    2,719
    Likes Received:
    185
    Trophy Points:
    143
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @aolbrechts

    I removed the post due to the domain name being visible in a number of places in the response. Before I removed it though I looked at the logs and it doesn't seem that there is an error besides the notification prior to the DCV check that it doesn't have a valid certificate when the check completes. I checked a couple of the domains listed as well and they all show that they have SSL certificates assigned.


    Thank you
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. aolbrechts

    aolbrechts Active Member

    Joined:
    Feb 24, 2016
    Messages:
    26
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Belgium
    cPanel Access Level:
    Root Administrator
    Hello,

    Indeed there was no apparent error, and no the SSL certificates are OK, but that's after I manually ran AutoSSL again.
    I would rather prefer not running in manually everyday in case there is a certificate to renew, not very practical ;-)

    Antoine
     
  6. cPanelLauren

    cPanelLauren Forums Analyst
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    2,719
    Likes Received:
    185
    Trophy Points:
    143
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @aolbrechts

    Are there logs from when you DID NOT run it automatically or is it just not running? That's ultimately what we'd need to see as I noted in my response.

    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. aolbrechts

    aolbrechts Active Member

    Joined:
    Feb 24, 2016
    Messages:
    26
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Belgium
    cPanel Access Level:
    Root Administrator
    Hello @cPanelLauren

    It's happening again, some certificates not being automatically renewed, although there aren't any issues. One example below, it's been in the queue for 2 days and nothing's going on. It's really a bummer, I have clients that randomly call me because the certificate isn't renewed automatically and their web site becomes unaccessible.



    Log for the AutoSSL run for “klarisd”: Saturday, July 28, 2018 11:48:58 AM GMT+0200 (cPanel (powered by Comodo))
    11:48:58 AM AutoSSL’s configured provider is “cPanel (powered by Comodo)”.
    Checking websites for “klarisd” …
    11:48:58 AM Checking “klarisd.-------------” …
    11:48:58 AM ERROR TLS Status: Defective
    ERROR Certificate expiry: 7/26/18, 12:00 AM UTC (2.41 days ago)
    ERROR Defect: OPENSSL_VERIFY: The certificate chain failed OpenSSL’s verification (0:10:CERT_HAS_EXPIRED).
    11:48:59 AM AutoSSL will request a new certificate.
    11:48:59 AM The system will attempt to renew the SSL certificate for the website (klarisd.---------------------).
    The provider “cPanel (powered by Comodo)”’s AutoSSL queue already contains a request for a certificate for “klarisd”’s website “klarisd---------”. The request’s start time is Jul 26, 2018, 7:46:16 AM UTC and its last poll time is Jul 26, 2018, 7:48:01 AM UTC.
    11:48:59 AM The system has completed the AutoSSL check for “klarisd”.
     
  8. cPanelLauren

    cPanelLauren Forums Analyst
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    2,719
    Likes Received:
    185
    Trophy Points:
    143
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @aolbrechts

    Is this originating from a different server as the first request? Could you please send me a private message with the IP address the domain is assigned to? I'd like to take a look at what is occurring on our internal system.

    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice