AutoSSL: The certificate is not available. (processing)

jaxcon

Registered
Aug 16, 2016
2
1
3
United States
cPanel Access Level
Root Administrator
I enabled AutoSSL using Comodo and had several domains where the enrollment resulted in AutoSSL checking for a certificate every 5 minutes but is reporting the following message in the log:

The certificate is not available. (processing)

Though it has been checking for the past week, it continues to be unable to retrieve a certificate.

Can I cancel or delete these certificate requests so that it doesn't continue to poll for a certificate every 5 minutes that isn't going to resolve and start over with a new certificate request?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,254
463
Hello,

Could you verify if any additional output is provided in the log files? If so, could you post the full output here?

Thank you.
 

jaxcon

Registered
Aug 16, 2016
2
1
3
United States
cPanel Access Level
Root Administrator
Hi Michael -

Yes, attached is the log output (I've attached a text file since it contains 3,000+ lines).

I also replaced the cPanel username with cpaneluser, the domain name with domain.com and the order number with 11111111.

Thanks for taking a look.
 

Attachments

  • Like
Reactions: Nathan Reid

nt81

Registered
Aug 17, 2016
3
1
1
Brisbane, Australua
cPanel Access Level
Root Administrator
I have a similar issue.

I have a VPS with approx 30 sites on it and most of them received AutoSSL certificates when the WHM update came through and I enabled it. However I have one hosting particular that I've been waiting on for about a week now and it refuses to install as per the issues mentioned above.

The only thing different to my other domains is that this one has another domain parked (main .com.au and secondary .com) on the same cpanel account so I'm not sure if that is related to the issue.

I would love to find a solution for this.

Every time I check the domain, I just get this in the log :

Code:
8:57:18 AM This system has AutoSSL set to use “cPanel (powered by Comodo)”.
8:57:18 AM Checking websites for “redacted” …
8:57:18 AM The website “<redacted>.com.au”, owned by “redacted”, has no SSL certificate. AutoSSL will attempt to obtain a new certificate and install it.
8:57:18 AM The system will attempt to renew SSL certificates for the following websites:
8:57:18 AM <redacted>.com.au (<redacted>.com <redacted>.com.au .com" target="_blank" class="externalLink ProxyLink" data-proxy-href="http://www..com" rel="nofollow">www.<redacted>.com .com.au" target="_blank" class="externalLink ProxyLink" data-proxy-href="http://www..com.au" rel="nofollow">www.<redacted>.com.au)
8:57:23 AM The system has completed the AutoSSL check for “redacteduser”.
8:57:23 AM The system has finished checking 1 user.
8:59:02 AM Polling for “redacted”’s new certificate for “<redacted>.com.au” (order item ID “12411789”) …
8:59:03 AM The certificate is not available. (processing)
9:04:01 AM Polling for “redacted”’s new certificate for “<redacted>.com.au” (order item ID “12411789”) …
9:04:02 AM The certificate is not available. (processing)
9:09:01 AM Polling for “redacted”’s new certificate for “<redacted>.com.au” (order item ID “12411789”) …
9:09:02 AM The certificate is not available. (processing)
 
Last edited by a moderator:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,254
463
Hello,

The following utility runs every five minutes as part of a cron job to see if a certificate has been processed:

Code:
/usr/local/cpanel/bin/autossl_check_cpstore_queue
This should not result in any CPU/Memory issues on your system, but let us know if that's happening. Your system will automatically stop attempting to retrieve a certificate after 86400 seconds (1 day), so if it hasn't been issued within this time, it's removed from the queue and you will no longer see the "processing" message.

The troubleshooting steps to see why a certificate was not validated are available at:

cPanel & WHM’s AutoSSL/SSL ordering process

Let me know if this information helps, or if you have any additional questions.

Thank you.
 
  • Like
Reactions: eva2000

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,254
463
Seems my system is still attempting to retrieve the certificate 5 days later. The log is huge. Is there any support I can get to help with this issue?
Feel free to open a support ticket using the link in my signature and we can take a closer look. You can post the ticket number here so we can update this thread with the outcome.

Thank you.
 

nt81

Registered
Aug 17, 2016
3
1
1
Brisbane, Australua
cPanel Access Level
Root Administrator
Yeah, that was basically no help at all but thanks.

For one hosting account on my VPS it just would NOT install an autoSSL and has been trying daily for the past couple of weeks and I gave up in disgust for a while.

Code:
[SIZE=3][B]Log for the AutoSSL run for “redacted”: Saturday, September 10, 2016 8:20:32 AM GMT+1000 (cPanel (powered by Comodo))[/B][/SIZE]
10:20:32 PM This system has AutoSSL set to use “cPanel (powered by Comodo)”.
10:20:32 PM Checking websites for “redacted” …
10:20:32 PM The website “redacted.com.au”, owned by “redacted”, has no SSL certificate. AutoSSL will attempt to obtain a new certificate and install it.
10:20:33 PM The system will attempt to renew SSL certificates for the following websites:
10:20:33 PM redacted.com.au (redacted.com redacted.com.au [URL='http://www.redacted.com']www.redacted.com[/URL] [URL='http://www.redacted.com.au']www.redacted.com.au[/URL])
10:20:33 PM The system has completed the AutoSSL check for “redacted”.
10:20:33 PM The system has finished checking 1 user.
basically this would time out EVERY time.

I found a solution so hopefully this helps someone else.

Run this command in your console and see what it says :
/usr/local/cpanel/bin/autossl_check_cpstore_queue

At first mine said

Code:
Polling for “redacted”’s new certificate for “redacted.com.au” (order item ID “12411789”) …
The certificate is not available. (revoked)
The request for a certificate for the website “redacted.com.au” has taken more than the allowed time (8 days). The system will no longer track this request. at bin/autossl_check_cpstore_queue.pl line 246.
Cpanel::Exception/(XID zdr6ck) You do not have a document root for the domain “redacted.com”.
at /usr/local/cpanel/Cpanel/Market/Provider/cPStore.pm line 607.
        Cpanel::Market::Provider::cPStore::_get_preparation_for_csr("-----BEGIN CERTIFICATE REQUEST-----\x{a}MIIC3DCCAcQCAQAwHTEbMBkGA"...) called at /usr/local/cpanel/Cpanel/Market/Provider/cPStore.pm line 394
        Cpanel::Market::Provider::cPStore::undo_domain_control_validation_preparation("csr", "-----BEGIN CERTIFICATE REQUEST-----\x{a}MIIC3DCCAcQCAQAwHTEbMBkGA"...) called at bin/autossl_check_cpstore_queue.pl line 255
        bin::autossl_check_cpstore_queue::_process_user(bin::autossl_check_cpstore_queue=HASH(0x2ed8fa0), "redacted") called at bin/autossl_check_cpstore_queue.pl line 129
        bin::autossl_check_cpstore_queue::__ANON__() called at /usr/local/cpanel/3rdparty/perl/522/lib64/perl5/cpanel_lib/Try/Tiny.pm line 80
        eval {...} called at /usr/local/cpanel/3rdparty/perl/522/lib64/perl5/cpanel_lib/Try/Tiny.pm line 71
        Try::Tiny::try(CODE(0x31b63a0), Try::Tiny::Catch=REF(0x267d098)) called at bin/autossl_check_cpstore_queue.pl line 141
        bin::autossl_check_cpstore_queue::_run_maybe_captured(bin::autossl_check_cpstore_queue=HASH(0x2ed8fa0)) called at bin/autossl_check_cpstore_queue.pl line 80
        bin::autossl_check_cpstore_queue::__ANON__() called at /usr/local/cpanel/Cpanel/CaptureFH.pm line 50
        Cpanel::CaptureFH::do_with_output_captured_to_path_if_non_tty("/usr/local/cpanel/logs/error_log", CODE(0x2ed9000)) called at bin/autossl_check_cpstore_queue.pl line 81
        bin::autossl_check_cpstore_queue::run(bin::autossl_check_cpstore_queue=HASH(0x2ed8fa0)) called at bin/autossl_check_cpstore_queue.pl line 64
Which made me realise that I didn't have the .com domain parked on the cPanel account correctly

Once I re-added that in, I tried again and success!

/usr/local/cpanel/bin/autossl_check_cpstore_queue

Code:
Polling for “redacted”’s new certificate for “redacted.com.au” (order item ID “13533889”) …
The certificate is available. The system will now attempt to install it.
The certificate is now installed!
Auto SSL Log :
Code:
[SIZE=3][B]Log for the AutoSSL run for “redacted”: Saturday, September 10, 2016 8:22:05 AM GMT+1000 (cPanel (powered by Comodo))[/B][/SIZE]
10:22:05 PM This system has AutoSSL set to use “cPanel (powered by Comodo)”.
10:22:05 PM Checking websites for “redacted” …
10:22:05 PM The website “redacted.com.au”, owned by “redacted”, has no SSL certificate. AutoSSL will attempt to obtain a new certificate and install it.
10:22:06 PM The system will attempt to renew SSL certificates for the following websites:
10:22:06 PM redacted.com.au (redacted.com redacted.com.au [URL='http://www.redacted.com']www.redacted.com[/URL] [URL='http://www.redacted.com.au']www.redacted.com.au[/URL])
10:22:12 PM The system has completed the AutoSSL check for “redacted”.
10:22:12 PM The system has finished checking 1 user.
10:22:15 PM Polling for “redacted”’s new certificate for “redacted.com.au” (order item ID “13533889”) …
10:22:16 PM The certificate is not available. (processing)
10:22:23 PM Polling for “redacted”’s new certificate for “redacted.com.au” (order item ID “13533889”) …
10:22:24 PM The certificate is not available. (processing)
10:25:01 PM Polling for “redacted”’s new certificate for “redacted.com.au” (order item ID “13533889”) …
10:25:02 PM The certificate is not available. (processing)
10:27:30 PM Polling for “redacted”’s new certificate for “redacted.com.au” (order item ID “13533889”) …
10:27:31 PM The certificate is available. The system will now attempt to install it.
10:27:36 PM SUCCESS The certificate is now installed!
It would be nice if some of that log file feedback could flow back into the AutoSSL log guys !
My solution was right under my nose but I needed more log information to work it all out.

Hope this helps someone else!
 
Last edited by a moderator:
  • Love
Reactions: hoomanxx

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,254
463
It would be nice if some of that log file feedback could flow back into the AutoSSL log guys !
Hello,

Could you verify the specific log file location you are using, in addition to the specific event you would like added to this log file?

Thank you.
 

realtech

Registered
Mar 13, 2013
3
0
1
cPanel Access Level
Root Administrator
It finally worked! It took about 3 hours. I had to add Comodo's IPs to my Allow list in csf firewall and I had to uncheck the Enable HackRepair.com's blacklist feature in the iThemes Security plugin in Wordpress.

Now looking to find out how to get one of these installed where there is currently a paid SSL.....
 

realtech

Registered
Mar 13, 2013
3
0
1
cPanel Access Level
Root Administrator
It finally worked! It took about 3 hours. I had to add Comodo's IPs to my Allow list in csf firewall and I had to uncheck the Enable HackRepair.com's blacklist feature in the iThemes Security plugin in Wordpress.

Now looking to find out how to get one of these installed where there is currently a paid SSL.....
I deleted the SSL in Manage SSL Hosts area of WHM, then in Manage AutoSSL/Manage Users clicked the 'check' button and it worked great.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,254
463
New It finally worked! It took about 3 hours. I had to add Comodo's IPs to my Allow list in csf firewall and I had to uncheck the Enable HackRepair.com's blacklist feature in the iThemes Security plugin in Wordpress.
Hello,

I'm happy to see it's now working well. Thank you for updating us with the outcome.
 

Mario Franco

Registered
Oct 24, 2014
4
0
1
Mexico City, Mexico, Mexico
cPanel Access Level
Root Administrator
It finally worked! It took about 3 hours. I had to add Comodo's IPs to my Allow list in csf firewall and I had to uncheck the Enable HackRepair.com's blacklist feature in the iThemes Security plugin in Wordpress.

Now looking to find out how to get one of these installed where there is currently a paid SSL.....
I'm having the same problem. Could you please provide the COMODO's IPs?