Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

SOLVED AutoSSL: The certificate is not available. (processing)

Discussion in 'Security' started by JustAGuyUsingWHM, Feb 4, 2019.

Tags:
  1. JustAGuyUsingWHM

    JustAGuyUsingWHM Member

    Joined:
    Sep 6, 2018
    Messages:
    12
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    England
    cPanel Access Level:
    Root Administrator
    Hi.

    How long should it take for a cPanel(Comodo) certificate to automatically update and receive the new certificate? Should I be concerned the certificate is not being issued in a 'timely' fashion.

    The process seems to have kick started today correctly, and all the validation checks appear to have passed, but the certificate hasn't been issued.

    Some sample output below, the domain\account names have been anonymized:

    Log 1 - Shows automatic attempt to get certificate (appears to be polling every hour for the last ~12 hours):
    Code:
    11:10:01 AM The queue contains a request for a certificate for changedaccountname website example.com” (order item ID “565703513”). The system last polled for this certificate at Feb 4, 2019, 10:10:02 AM UTC. The next poll will be no earlier than Feb 4, 2019, 10:10:02 AM UTC.
     11:15:02 AM Polling for changedaccountname new certificate for example.com” (order item ID “565703513”) …
     11:15:03 AM The certificate is not available. (processing)
     Setting up for Comodo’s DCV (Domain Control Validation) for this certificate request …
     11:20:01 AM The queue contains a request for a certificate for changedaccountname website example.com” (order item ID “565703513”). The system last polled for this certificate at Feb 4, 2019, 11:15:02 AM UTC. The next poll will be no earlier than Feb 4, 2019, 11:15:02 AM UTC.
    Logs 2: Results of Check "changedaccountname" to try and encouragea certificate fetch.
    Code:
    11:44:48 AM Analyzing “example.com” …
     11:44:48 AM User-excluded domains: 7 (mail.example.com, webmail.example.com, cpanel.example.com, whm.example.com, webdisk.example.com, mail.example.net, www.mail.example.com)
     TLS Status: Ready for Renewal
     WARN Certificate expiry: 2/14/19, 12:00 AM UTC (9.51 days from now)
     11:44:48 AM Performing DCV (Domain Control Validation) …
     11:44:48 AM Local HTTP DCV OK: example.com
     Local HTTP DCV OK: example.net
     Local HTTP DCV OK: www.example.com (via example.com)
     Local HTTP DCV OK: www.example.net (via example.net)
     11:44:48 AM Analyzing “example.com”’s DCV results …
     11:44:48 AM AutoSSL will request a new certificate.
     11:44:48 AM The system will attempt to renew the SSL certificate for the website (example.com: example.com www.example.com example.net www.example.net).
     11:44:49 AM No CAA record added because there is no CAA record from another provider in the DNS for example.net.
     No CAA record added because there is no CAA record from another provider in the DNS for example.com.
     The provider “cPanel (powered by Comodo)”’s AutoSSL queue already contains a certificate request for “changedaccountname”’s website “example.com”. The request’s start time is Feb 4, 2019, 12:58:02 AM UTC, and its last poll time is Feb 4, 2019, 11:15:02 AM UTC.
     11:44:49 AM The system has completed the AutoSSL check for “changedaccountname”.
    Thanks.
     
    #1 JustAGuyUsingWHM, Feb 4, 2019
    Last edited by a moderator: Feb 4, 2019
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    46,968
    Likes Received:
    2,119
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @JustAGuyUsingWHM,

    Here's a section from the Manage AutoSSL document that answers this question:

    Can you confirm if the certificate is still processing at this time?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. JustAGuyUsingWHM

    JustAGuyUsingWHM Member

    Joined:
    Sep 6, 2018
    Messages:
    12
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    England
    cPanel Access Level:
    Root Administrator
    Hi cPanelMichael.

    Yeah it's still waiting...


    Sample of the most recent output:

    7:35:02 PM The queue contains a request for a certificate for changedaccountname website “example.com” (order item ID “565703513”). The system last polled for this certificate at Feb 4, 2019, 6:50:02 PM UTC. The next poll will be no earlier than Feb 4, 2019, 6:50:02 PM UTC.
    7:40:01 PM The queue contains a request for a certificate for changedaccountname website “example.com” (order item ID “565703513”). The system last polled for this certificate at Feb 4, 2019, 6:50:02 PM UTC. The next poll will be no earlier than Feb 4, 2019, 6:50:02 PM UTC.
    7:45:02 PM The queue contains a request for a certificate for changedaccountname website “example.com” (order item ID “565703513”). The system last polled for this certificate at Feb 4, 2019, 6:50:02 PM UTC. The next poll will be no earlier than Feb 4, 2019, 6:50:02 PM UTC.
    7:50:01 PM The queue contains a request for a certificate for changedaccountname website “example.com” (order item ID “565703513”). The system last polled for this certificate at Feb 4, 2019, 6:50:02 PM UTC. The next poll will be no earlier than Feb 4, 2019, 6:50:02 PM UTC.
    7:55:01 PM Polling for changedaccountname new certificate for “example.com” (order item ID “565703513”) …
    7:55:02 PM The certificate is not available. (processing)
    Setting up for Comodo’s DCV (Domain Control Validation) for this certificate request …
    8:00:01 PM The queue contains a request for a certificate for changedaccountname website “example.com” (order item ID “565703513”). The system last polled for this certificate at Feb 4, 2019, 7:55:02 PM UTC. The next poll will be no earlier than Feb 4, 2019, 7:55:02 PM UTC.
    8:05:01 PM The queue contains a request for a certificate for changedaccountname website “example.com” (order item ID “565703513”). The system last polled for this certificate at Feb 4, 2019, 7:55:02 PM UTC. The next poll will be no earlier than Feb 4, 2019, 7:55:02 PM UTC.
    8:10:01 PM The queue contains a request for a certificate for changedaccountname website “example.com” (order item ID “565703513”). The system last polled for this certificate at Feb 4, 2019, 7:55:02 PM UTC. The next poll will be no earlier than Feb 4, 2019, 7:55:02 PM UTC.
    8:15:01 PM The queue contains a request for a certificate for changedaccountname website “example.com” (order item ID “565703513”). The system last polled for this certificate at Feb 4, 2019, 7:55:02 PM UTC. The next poll will be no earlier than Feb 4, 2019, 7:55:02 PM UTC.
    8:20:02 PM The queue contains a request for a certificate for changedaccountname website “example.com” (order item ID “565703513”). The system last polled for this certificate at Feb 4, 2019, 7:55:02 PM UTC. The next poll will be no earlier than Feb 4, 2019, 7:55:02 PM UTC.
    8:25:02 PM The queue contains a request for a certificate for changedaccountname website “example.com” (order item ID “565703513”). The system last polled for this certificate at Feb 4, 2019, 7:55:02 PM UTC. The next poll will be no earlier than Feb 4, 2019, 7:55:02 PM UTC.
    8:30:01 PM The queue contains a request for a certificate for changedaccountname website “example.com” (order item ID “565703513”). The system last polled for this certificate at Feb 4, 2019, 7:55:02 PM UTC. The next poll will be no earlier than Feb 4, 2019, 7:55:02 PM UTC.
    8:35:02 PM The queue contains a request for a certificate for changedaccountname website “example.com” (order item ID “565703513”). The system last polled for this certificate at Feb 4, 2019, 7:55:02 PM UTC. The next poll will be no earlier than Feb 4, 2019, 7:55:02 PM UTC.
    8:40:01 PM The queue contains a request for a certificate for changedaccountname website “example.com” (order item ID “565703513”). The system last polled for this certificate at Feb 4, 2019, 7:55:02 PM UTC. The next poll will be no earlier than Feb 4, 2019, 7:55:02 PM UTC.
    8:45:01 PM The queue contains a request for a certificate for changedaccountname website “example.com” (order item ID “565703513”). The system last polled for this certificate at Feb 4, 2019, 7:55:02 PM UTC. The next poll will be no earlier than Feb 4, 2019, 7:55:02 PM UTC.
    8:50:02 PM The queue contains a request for a certificate for changedaccountname website “example.com” (order item ID “565703513”). The system last polled for this certificate at Feb 4, 2019, 7:55:02 PM UTC. The next poll will be no earlier than Feb 4, 2019, 7:55:02 PM UTC.
    8:55:01 PM The queue contains a request for a certificate for changedaccountname website “example.com” (order item ID “565703513”). The system last polled for this certificate at Feb 4, 2019, 7:55:02 PM UTC. The next poll will be no earlier than Feb 4, 2019, 7:55:02 PM UTC.


    Thanks for taking a look at this.​
     
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    46,968
    Likes Received:
    2,119
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hi @JustAGuyUsingWHM,

    Could you open a support ticket so we can take a closer look to see why the certificate was not issued? You can post the ticket number here and I'll link this thread to it.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. JustAGuyUsingWHM

    JustAGuyUsingWHM Member

    Joined:
    Sep 6, 2018
    Messages:
    12
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    England
    cPanel Access Level:
    Root Administrator
  6. Nathan Lord

    Nathan Lord Registered

    Joined:
    Feb 6, 2019
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Chesterfield, UK
    cPanel Access Level:
    Root Administrator
    Seem to be having a similar issue:
    - The system is waiting on the AutoSSL provider to validate and issue the certificate (in the pending queue been like this for a day / usually is something thats fairly quick)

    Below is the log.
    Code:
    Log for the AutoSSL run for “example”: Wednesday, February 6, 2019 10:18:40 AM GMT+0000 (cPanel (powered by Comodo))
    10:18:40 AM AutoSSL’s configured provider is “cPanel (powered by Comodo)”.
    This AutoSSL provider does not poll for certificate availability immediately after a certificate request submission. Instead, it submits certificate requests then periodically polls the cPanel Store for each requested certificate and installs it after a successful retrieval. The system will record all requests, retrievals, and installations for the current AutoSSL run in this log.
    Checking examples for “example” …
    10:18:40 AM Analyzing “example.com” …
    10:18:40 AM User-excluded domains: 4 (mail.example.com, webmail.example.com, cpanel.example.com, webdisk.example.com)
    ERROR TLS Status: Defective
    ERROR Certificate expiry: 2/5/19, 12:00 AM UTC (1.43 days ago)
    ERROR Defect: OPENSSL_VERIFY: The certificate chain failed OpenSSL’s verification (0:10:CERT_HAS_EXPIRED).
    10:18:40 AM Performing DCV (Domain Control Validation) …
    10:18:40 AM Local HTTP DCV OK: example.com
    Local HTTP DCV OK: www.example.com (via example.com)
    10:18:40 AM Analyzing “example.com”’s DCV results …
    10:18:40 AM AutoSSL will request a new certificate.
    10:18:40 AM The system will attempt to renew the SSL certificate for the example (example.com: example.com www.example.com).
    10:18:41 AM No CAA record added because there is no CAA record from another provider in the DNS for example.com.
    The provider “cPanel (powered by Comodo)”’s AutoSSL queue already contains a certificate request for “example”’s example “example.com”. The request’s start time is Feb 5, 2019, 11:52:37 AM UTC, and its last poll time is Feb 6, 2019, 10:11:03 AM UTC.
    10:18:41 AM The system has completed the AutoSSL check for “example”. 
    
     
    #6 Nathan Lord, Feb 6, 2019
    Last edited by a moderator: Feb 6, 2019
  7. JustAGuyUsingWHM

    JustAGuyUsingWHM Member

    Joined:
    Sep 6, 2018
    Messages:
    12
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    England
    cPanel Access Level:
    Root Administrator
    @Nathan Lord

    Support have come back to me. Its a DNS DCV error on the 2nd of the domains. I translate DNS DCV as Domain Name Server Domain Control Validation.

    It makes sense: when I originally tried to set-up the certificate with LetsEncrypt on AutoSSL it refused for the same reason - there's a malformed AAAA Ipv6 record on the 2nd domain. cPanel Comodo didn't check the AAAA record or fell back on plain old DCV (no DNS, just uploading a file to a directory and browsing to it) and worked; so I went with cPanel Comodo. It seems cPanel Comodo are now checking the AAAA record too.

    You can check your domain using the LetsEncrypt tool at Let's Debug to see if you have a similar issue.

    My solution is obviously to fix the AAAA record. Although it's worth noting that Support mentioned IPv6 isn't yet supported by AutoSSL.

    Best of luck.
     
    #7 JustAGuyUsingWHM, Feb 6, 2019
    Last edited by a moderator: Feb 6, 2019
    cPanelMichael likes this.
  8. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    46,968
    Likes Received:
    2,119
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    To follow-up on this topic, CPANEL-25209 was published as part of cPanel & WHM version 76.0.20:

    Fixed case CPANEL-25209: IPv6 Support for DCV.

    Here's a summary of the change from one of our Technical Analysts:

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice