Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SOLVED AutoSSL still not renewed after expiring

Discussion in 'Security' started by tdldrg, Dec 7, 2016.

Tags:
  1. tdldrg

    tdldrg Registered

    Joined:
    Jul 17, 2016
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    PHL
    cPanel Access Level:
    Root Administrator
    I enabled AutoSSL by cPanel and it gave a ssl for 8/30-11/29 which worked fine but then it expired and until to this date still not renewed. I checked the log everyday all I see is same message yet it hasn't renewed it...

    10:59:41 AM The website “domain.com”, owned by “xxxx”, has a faulty SSL certificate (OPENSSL_VERIFY:0:10:CERT_HAS_EXPIRED NOT_ALL_DOMAINS ALMOST_EXPIRED AUTOSSL_READY_FOR_RENEWAL). AutoSSL will attempt to replace this certificate.
    10:59:41 AM The system will attempt to renew SSL certificates for the following websites:

    Wasn't it suppose to renew 10days earlier but it seems it doesn't renew even after expiring and still attemping only..

    How to force it to renew it right away? And why it seems it doesn't renew the expired ssl?
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Could you let us know which version of cPanel is installed on this system? You can check via the following command:

    Code:
    cat /usr/local/cpanel/version
    Also, could you let us know the rest of the output? For instance, are there any DCV (Domain Control Validation) error messages?

    Thank you.
     
  3. tdldrg

    tdldrg Registered

    Joined:
    Jul 17, 2016
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    PHL
    cPanel Access Level:
    Root Administrator
    It doesn't have any error that goes orange like some. Here's the new one today from 'all users' log. Til now it is still not renewed itself after expiring and same goes for some few domains that have expired already. Seems like stuck on attempt to renew SSL...
    Code:
    11:03:02 PM Checking websites for “xxxxx” …
    11:03:02 PM The website “xxxxxx.co.uk”, owned by “xxxxx”, has a faulty SSL certificate (OPENSSL_VERIFY:0:10:CERT_HAS_EXPIRED NOT_ALL_DOMAINS ALMOST_EXPIRED AUTOSSL_READY_FOR_RENEWAL). AutoSSL will attempt to replace this certificate.
    11:03:06 PM The system will attempt to renew SSL certificates for the following websites:
    11:03:06 PM xxxxx.co.uk (xxxxxxxx.com xxxxxxxxx.co.uk www.xxxxxxx.com www.xxxxxxx.co.uk mail.xxxxxxxcom mail.xxxxxx.co.uk)
    11:03:06 PM The system has completed the AutoSSL check for “xxxxx”.
     
    #3 tdldrg, Dec 8, 2016
    Last edited by a moderator: Dec 8, 2016
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Are you sure the previous SSL certificates were installed with the AutoSSL feature? If not, you'd need to enable the following option under the "Options" tab in "WHM >> Manage AutoSSL":

    Allow AutoSSL to replace invalid or expiring non-AutoSSL certificates.

    Here's the option's description:

    Note you can use the following command to manually run the AutoSSL check for an individual account if you don't want to wait for the automatic nightly run:

    Code:
    /usr/local/cpanel/bin/autossl_check --user $username
    Thank you.
     
  5. tdldrg

    tdldrg Registered

    Joined:
    Jul 17, 2016
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    PHL
    cPanel Access Level:
    Root Administrator
    Yes I'm quite sure it's AutoSSL installed the expired one. Only certificates issued from AutoSSL covers for a few months as mentioned it was 8/30/2016 - 11/29/2016. Could wish 6 months or a year perhaps.

    I didn't enable the "Allow AutoSSL to replace invalid or expiring non-AutoSSL certificates." as we also have other non-AutoSSL issued certificates using EV and other SSL installed.

    I've also tried that manually checking the account via WHM AutoSSL manage user or command you suggest but just the same.
    Code:
    4:07:43 PM This system has AutoSSL set to use “cPanel (powered by Comodo)”.
    4:07:43 PM Checking websites for “xxxx …
    4:07:43 PM The website “xxxx.co.uk”, owned by “xxxx”, has a faulty SSL certificate (OPENSSL_VERIFY:0:10:CERT_HAS_EXPIRED NOT_ALL_DOMAINS ALMOST_EXPIRED AUTOSSL_READY_FOR_RENEWAL). AutoSSL will attempt to replace this certificate.
    4:07:43 PM The system will attempt to renew SSL certificates for the following websites:
    4:07:43 PM xxxx.co.uk (xxxxx.com xxxxx.co.uk www.xxxxx.com www.xxxxxx.co.uk mail.xxxxx.com mail.xxxxx.co.uk)
    4:07:43 PM The system has completed the AutoSSL check for “xxxx”.
    4:07:43 PM The system has finished checking 1 user.
    
     
    #5 tdldrg, Dec 8, 2016
    Last edited by a moderator: Dec 9, 2016
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Could you open a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
  7. tdldrg

    tdldrg Registered

    Joined:
    Jul 17, 2016
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    PHL
    cPanel Access Level:
    Root Administrator
    I've opened a ticket Support Request ID is: 8047329
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    To update, it looks like the renewal failed because Comodo was blocked from accessing the website due to rules in the account's .htaccess file, and thus domain validation failed. Regarding the certificate renewal schedule, this is noted on the Manage AutoSSL document:

    Let us know if you have any additional questions.

    Thank you.
     
Loading...

Share This Page