AutoSSL: The certificate is not available. (processing)

[jaxcon]

I enabled AutoSSL using Comodo and had several domains where the enrollment resulted in AutoSSL checking for a certificate every 5 minutes but is reporting the following message in the log:

The certificate is not available. (processing)

Though it has been checking for the past week, it continues to be unable to retrieve a certificate.

Can I cancel or delete these certificate requests so that it doesn't continue to poll for a certificate every 5 minutes that isn't going to resolve and start over with a new certificate request?

 

[cPanelMichael]

Hello,

Could you verify if any additional output is provided in the log files? If so, could you post the full output here?

Thank you.

 

[Nathan Reid]

Hello,

Could you verify if any additional output is provided in the log files? If so, could you post the full output here?

Thank you.

I'm having the same issue with an order polling every 5 minutes with "The certificate is not available. (processing)". I also have 3 in progress orders which haven't changed status in over 12 hours.

 

[jaxcon]

Hi Michael -

Yes, attached is the log output (I've attached a text file since it contains 3,000+ lines).

I also replaced the cPanel username with cpaneluser, the domain name with domain.com and the order number with 11111111.

Thanks for taking a look.

 

[nt81]

I have a similar issue.

I have a VPS with approx 30 sites on it and most of them received AutoSSL certificates when the WHM update came through and I enabled it. However I have one hosting particular that I've been waiting on for about a week now and it refuses to install as per the issues mentioned above.

The only thing different to my other domains is that this one has another domain parked (main .com.au and secondary .com) on the same cpanel account so I'm not sure if that is related to the issue.

I would love to find a solution for this.

Every time I check the domain, I just get this in the log :

8:57:18 AM This system has AutoSSL set to use “cPanel (powered by Comodo)”.
8:57:18 AM Checking websites for “redacted” …
8:57:18 AM The website “<redacted>.com.au”, owned by “redacted”, has no SSL certificate. AutoSSL will attempt to obtain a new certificate and install it.
8:57:18 AM The system will attempt to renew SSL certificates for the following websites:
8:57:18 AM <redacted>.com.au (<redacted>.com <redacted>.com.au .com" target="_blank" class="externalLink ProxyLink" data-proxy-href="http://www..com" rel="nofollow">www.<redacted>.com .com.au" target="_blank" class="externalLink ProxyLink" data-proxy-href="http://www..com.au" rel="nofollow">www.<redacted>.com.au)
8:57:23 AM The system has completed the AutoSSL check for “redacteduser”.
8:57:23 AM The system has finished checking 1 user.
8:59:02 AM Polling for “redacted”’s new certificate for “<redacted>.com.au” (order item ID “12411789”) …
8:59:03 AM The certificate is not available. (processing)
9:04:01 AM Polling for “redacted”’s new certificate for “<redacted>.com.au” (order item ID “12411789”) …
9:04:02 AM The certificate is not available. (processing)
9:09:01 AM Polling for “redacted”’s new certificate for “<redacted>.com.au” (order item ID “12411789”) …
9:09:02 AM The certificate is not available. (processing)

 

[nt81]

And this, every 5 minutes for the past 6 hours. What's going on guys?

 

[cPanelMichael]

Hello,

The following utility runs every five minutes as part of a cron job to see if a certificate has been processed:

/usr/local/cpanel/bin/autossl_check_cpstore_queue

This should not result in any CPU/Memory issues on your system, but let us know if that's happening. Your system will automatically stop attempting to retrieve a certificate after 86400 seconds (1 day), so if it hasn't been issued within this time, it's removed from the queue and you will no longer see the "processing" message.

The troubleshooting steps to see why a certificate was not validated are available at:

cPanel & WHM’s AutoSSL/SSL ordering process

Let me know if this information helps, or if you have any additional questions.

Thank you.

 

[Nathan Reid]

Seems my system is still attempting to retrieve the certificate 5 days later. The log is huge. Is there any support I can get to help with this issue?

 

[cPanelMichael]

Seems my system is still attempting to retrieve the certificate 5 days later. The log is huge. Is there any support I can get to help with this issue?

Feel free to open a support ticket using the link in my signature and we can take a closer look. You can post the ticket number here so we can update this thread with the outcome.

Thank you.

 

[nt81]

Yeah, that was basically no help at all but thanks.

For one hosting account on my VPS it just would NOT install an autoSSL and has been trying daily for the past couple of weeks and I gave up in disgust for a while.

[SIZE=3][B]Log for the AutoSSL run for “redacted”: Saturday, September 10, 2016 8:20:32 AM GMT+1000 (cPanel (powered by Comodo))[/B][/SIZE]
10:20:32 PM This system has AutoSSL set to use “cPanel (powered by Comodo)”.
10:20:32 PM Checking websites for “redacted” …
10:20:32 PM The website “redacted.com.au”, owned by “redacted”, has no SSL certificate. AutoSSL will attempt to obtain a new certificate and install it.
10:20:33 PM The system will attempt to renew SSL certificates for the following websites:
10:20:33 PM redacted.com.au (redacted.com redacted.com.au [URL='http://www.redacted.com']www.redacted.com[/URL] [URL='http://www.redacted.com.au']www.redacted.com.au[/URL])
10:20:33 PM The system has completed the AutoSSL check for “redacted”.
10:20:33 PM The system has finished checking 1 user.

basically this would time out EVERY time.

I found a solution so hopefully this helps someone else.

Run this command in your console and see what it says :
/usr/local/cpanel/bin/autossl_check_cpstore_queue

At first mine said

Polling for “redacted”’s new certificate for “redacted.com.au” (order item ID “12411789”) …
The certificate is not available. (revoked)
The request for a certificate for the website “redacted.com.au” has taken more than the allowed time (8 days). The system will no longer track this request. at bin/autossl_check_cpstore_queue.pl line 246.
Cpanel::Exception/(XID zdr6ck) You do not have a document root for the domain “redacted.com”.
at /usr/local/cpanel/Cpanel/Market/Provider/cPStore.pm line 607.
        Cpanel::Market::Provider::cPStore::_get_preparation_for_csr("-----BEGIN CERTIFICATE REQUEST-----\x{a}MIIC3DCCAcQCAQAwHTEbMBkGA"...) called at /usr/local/cpanel/Cpanel/Market/Provider/cPStore.pm line 394
        Cpanel::Market::Provider::cPStore::undo_domain_control_validation_preparation("csr", "-----BEGIN CERTIFICATE REQUEST-----\x{a}MIIC3DCCAcQCAQAwHTEbMBkGA"...) called at bin/autossl_check_cpstore_queue.pl line 255
        bin::autossl_check_cpstore_queue::_process_user(bin::autossl_check_cpstore_queue=HASH(0x2ed8fa0), "redacted") called at bin/autossl_check_cpstore_queue.pl line 129
        bin::autossl_check_cpstore_queue::__ANON__() called at /usr/local/cpanel/3rdparty/perl/522/lib64/perl5/cpanel_lib/Try/Tiny.pm line 80
        eval {...} called at /usr/local/cpanel/3rdparty/perl/522/lib64/perl5/cpanel_lib/Try/Tiny.pm line 71
        Try::Tiny::try(CODE(0x31b63a0), Try::Tiny::Catch=REF(0x267d098)) called at bin/autossl_check_cpstore_queue.pl line 141
        bin::autossl_check_cpstore_queue::_run_maybe_captured(bin::autossl_check_cpstore_queue=HASH(0x2ed8fa0)) called at bin/autossl_check_cpstore_queue.pl line 80
        bin::autossl_check_cpstore_queue::__ANON__() called at /usr/local/cpanel/Cpanel/CaptureFH.pm line 50
        Cpanel::CaptureFH::do_with_output_captured_to_path_if_non_tty("/usr/local/cpanel/logs/error_log", CODE(0x2ed9000)) called at bin/autossl_check_cpstore_queue.pl line 81
        bin::autossl_check_cpstore_queue::run(bin::autossl_check_cpstore_queue=HASH(0x2ed8fa0)) called at bin/autossl_check_cpstore_queue.pl line 64

Which made me realise that I didn't have the .com domain parked on the cPanel account correctly

Once I re-added that in, I tried again and success!

/usr/local/cpanel/bin/autossl_check_cpstore_queue

Polling for “redacted”’s new certificate for “redacted.com.au” (order item ID “13533889”) …
The certificate is available. The system will now attempt to install it.
The certificate is now installed!

Auto SSL Log :

[SIZE=3][B]Log for the AutoSSL run for “redacted”: Saturday, September 10, 2016 8:22:05 AM GMT+1000 (cPanel (powered by Comodo))[/B][/SIZE]
10:22:05 PM This system has AutoSSL set to use “cPanel (powered by Comodo)”.
10:22:05 PM Checking websites for “redacted” …
10:22:05 PM The website “redacted.com.au”, owned by “redacted”, has no SSL certificate. AutoSSL will attempt to obtain a new certificate and install it.
10:22:06 PM The system will attempt to renew SSL certificates for the following websites:
10:22:06 PM redacted.com.au (redacted.com redacted.com.au [URL='http://www.redacted.com']www.redacted.com[/URL] [URL='http://www.redacted.com.au']www.redacted.com.au[/URL])
10:22:12 PM The system has completed the AutoSSL check for “redacted”.
10:22:12 PM The system has finished checking 1 user.
10:22:15 PM Polling for “redacted”’s new certificate for “redacted.com.au” (order item ID “13533889”) …
10:22:16 PM The certificate is not available. (processing)
10:22:23 PM Polling for “redacted”’s new certificate for “redacted.com.au” (order item ID “13533889”) …
10:22:24 PM The certificate is not available. (processing)
10:25:01 PM Polling for “redacted”’s new certificate for “redacted.com.au” (order item ID “13533889”) …
10:25:02 PM The certificate is not available. (processing)
10:27:30 PM Polling for “redacted”’s new certificate for “redacted.com.au” (order item ID “13533889”) …
10:27:31 PM The certificate is available. The system will now attempt to install it.
10:27:36 PM SUCCESS The certificate is now installed!

It would be nice if some of that log file feedback could flow back into the AutoSSL log guys !
My solution was right under my nose but I needed more log information to work it all out.

Hope this helps someone else!

 

[cPanelMichael]

It would be nice if some of that log file feedback could flow back into the AutoSSL log guys !

Hello,

Could you verify the specific log file location you are using, in addition to the specific event you would like added to this log file?

Thank you.

 

[realtech]

I'm having the same issue:
The certificate is not available. (processing)
I opened a ticket 7821769

 

[realtech]

It finally worked! It took about 3 hours. I had to add Comodo's IPs to my Allow list in csf firewall and I had to uncheck the Enable HackRepair.com's blacklist feature in the iThemes Security plugin in Wordpress.

Now looking to find out how to get one of these installed where there is currently a paid SSL.....

 

[realtech]

It finally worked! It took about 3 hours. I had to add Comodo's IPs to my Allow list in csf firewall and I had to uncheck the Enable HackRepair.com's blacklist feature in the iThemes Security plugin in Wordpress.

Now looking to find out how to get one of these installed where there is currently a paid SSL.....

I deleted the SSL in Manage SSL Hosts area of WHM, then in Manage AutoSSL/Manage Users clicked the 'check' button and it worked great.

 

[cPanelMichael]

New It finally worked! It took about 3 hours. I had to add Comodo's IPs to my Allow list in csf firewall and I had to uncheck the Enable HackRepair.com's blacklist feature in the iThemes Security plugin in Wordpress.

Hello,

I'm happy to see it's now working well. Thank you for updating us with the outcome.

 

[Mario Franco]

It finally worked! It took about 3 hours. I had to add Comodo's IPs to my Allow list in csf firewall and I had to uncheck the Enable HackRepair.com's blacklist feature in the iThemes Security plugin in Wordpress.

Now looking to find out how to get one of these installed where there is currently a paid SSL.....

I'm having the same problem. Could you please provide the COMODO's IPs?

 

[cPanelMichael]

I'm having the same problem. Could you please provide the COMODO's IPs?

Hello @Mario Franco,

178.255.81.12
178.255.81.13
91.199.212.132
199.66.201.132

Thanks!