Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

AutoSSL Renewals

Discussion in 'Security' started by chiareu, Feb 12, 2017.

Tags:
  1. chiareu

    chiareu Member

    Joined:
    Feb 8, 2016
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Bucharest
    cPanel Access Level:
    Root Administrator
    1. I'm in the situation on one of the certificates expired. The new one are in pending status. Meantime the website keep display the window showing Invalid Cert warning to end users who browse the site.
    That's not good at all for those domains. And the cherry on top is that other domains SSL will expire in the next few days. There is no pending new SSL in the system for them. So seams that your built in system AutoSSL are requesting the new SLL only after the old one expired.
     
    #1 chiareu, Feb 12, 2017
    Last edited by a moderator: Feb 13, 2017
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello @chiareu,

    Could you browse to the "Logs" tab in "WHM >> Manage AutoSSL" and view the most recent log to let us know the specific message you see regarding this domain name?

    Were these certificates generated via the AutoSSL feature, or are these non-AutoSSL certificates the AutoSSL feature is replacing because you have enabled Allow AutoSSL to replace invalid or expiring non-AutoSSL certificates under the "Options" tab in "WHM >> Manage AutoSSL"? The expiring non-AutoSSL certificates are replaced when they expire within 3 days, as opposed to the 15-day expiry window used when certificates generated through the AutoSSL feature are replaced.

    Thank you.
     
  3. chiareu

    chiareu Member

    Joined:
    Feb 8, 2016
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Bucharest
    cPanel Access Level:
    Root Administrator
    Hi, here we have last log entries for that domain:

    Code:
    Log for the AutoSSL run for all users: Saturday, February 18, 2017 2:00:01 AM GMT+0200 (cPanel (powered by Comodo))
    2:00:01 AM This system has AutoSSL set to use “cPanel (powered by Comodo)”.
    2:00:01 AM Checking websites for “example” …
    2:00:01 AM The website “example.ro”, owned by “example”, has a faulty SSL certificate (OPENSSL_VERIFY:0:10:CERT_HAS_EXPIRED ALMOST_EXPIRED AUTOSSL_READY_FOR_RENEWAL). AutoSSL will attempt to replace this certificate.
    2:00:02 AM The system will attempt to renew SSL certificates for the following websites:
    2:00:02 AM example.ro (example.ro www.example.ro mail.example.ro)
    2:00:02 AM The system has completed the AutoSSL check for “example”.
    
    AutoSSL Pending Queue
    
    Showing 1 - 3 of 3 items
    Domain Website User Request Time Order Item ID Status
    mail.example.ro example.ro example Feb 12, 2017 12:00:01 AM 112909161 Pending
    www.example.ro example.ro example Feb 12, 2017 12:00:01 AM 112909161 Pending
    example.ro example.ro example Feb 12, 2017 12:00:01 AM 112909161 Pending 
    
    
     
    #3 chiareu, Feb 18, 2017
    Last edited by a moderator: Feb 20, 2017
  4. triatlas

    triatlas Registered

    Joined:
    Jan 27, 2017
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    GERMANY
    cPanel Access Level:
    Root Administrator
    Same story here. Status remains "Pending".
     
  5. Jcats

    Jcats Well-Known Member

    Joined:
    May 25, 2011
    Messages:
    599
    Likes Received:
    92
    Trophy Points:
    153
    Location:
    New Jersey
    cPanel Access Level:
    DataCenter Provider
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Feel free to open a support ticket using the link in my signature so we can verify why the AutoSSL validation process isn't succeeding. You can post the ticket number here and we can update this thread with the outcome.

    Thank you.
     
  7. anton_latvia

    anton_latvia Well-Known Member
    PartnerNOC

    Joined:
    May 11, 2004
    Messages:
    354
    Likes Received:
    3
    Trophy Points:
    168
    Location:
    Latvia
    cPanel Access Level:
    Root Administrator
    +1 - many pending requests in the queue. most of them are 6 to 7 days old. Previously issued certificates have expired.

    I tried removing them from the server and requesting new check - but request end up in the queue with "pending" state, saying - "...waiting AutoSSL provider to validate and issue..."
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Do you notice any additional output for these domain names in the most recent log under the "Logs" tab in "WHM >> Manage AutoSSL"?

    Thank you.
     
  9. anton_latvia

    anton_latvia Well-Known Member
    PartnerNOC

    Joined:
    May 11, 2004
    Messages:
    354
    Likes Received:
    3
    Trophy Points:
    168
    Location:
    Latvia
    cPanel Access Level:
    Root Administrator
    Some log entries end with "SUCCESS The certificate is now installed!".

    Some, especially for the user in question, still has "The system has completed the AutoSSL check for “username”."

    Is there way to removed entries from active queue and just try with a new request? Does system use any non-stadard ports for this?
     
  10. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    The domain validation process occurs over the standard Apache port (e.g. 80). Could you open a support ticket so we can take a closer look to see why domain validation is failing for the accounts in question?

    Thank you.
     
Loading...

Share This Page