The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

AutoSSL was successful and now failing

Discussion in 'Security' started by verdon, Nov 11, 2016.

Tags:
  1. verdon

    verdon Well-Known Member

    Joined:
    Nov 1, 2003
    Messages:
    841
    Likes Received:
    2
    Trophy Points:
    168
    Location:
    Northern Ontario, Canada
    cPanel Access Level:
    Root Administrator
    Hello,

    I hope I have these details correct. I am just starting with AutoSSL a couple days ago. When I started, I was on WHM 58. It seemed to go successfully for most domains, and I was able to puzzle out and resolve the couple errors that I got. After updating to WHM 60 (build 17) I am starting to get a lot for errors in my nightly run of AutoSSL.

    Basically, it seems to now to be picking up mail. sub-domains as as well as a couple more parked domains and related sub-domains for each account, and is now failing. The originally issued certs are ok for the moment.
    Code:
     2:25:36 AM Checking websites for “xxxyyyzzz” …
     2:25:36 AM The website “xxxyyyzzz.com”, owned by “xxxyyyzzz”, has a valid SSL certificate, but additional SSL coverage may be possible for the domains “mail.xxxyyyzzz.com”, “mail.xxxyyy.ca”, and “mail.xxx.com”. The system will attempt to replace this certificate with one that includes these additional domains.
     2:25:36 AM The system will attempt to renew SSL certificates for the following websites:
     2:25:36 AM xxxyyyzzz.com (xxxyyy.ca www.xxxyyy.ca xxxyyyzzz.com xxx.com www.xxxyyyzzz.com www.xxx.com mail.xxxyyy.ca mail.xxxyyyzzz.com mail.xxx.com)
     2:25:42 AM ERROR AutoSSL failed to request an SSL certificate for “xxxyyyzzz.com” because of an error: Cpanel::Exception::cPStoreError/(XID 6xra9b) The cPanel Store returned an error (X::Item::ActivationFailure) in response to the request “POST ssl/certificate/free”: Generic exception at /usr/local/cpanel/Cpanel/Exception/CORE.pm line 77. Cpanel::Exception::create("cPStoreError", HASH(0x5cca5c0)) called at /usr/local/cpanel/Cpanel/cPStore.pm line 231 Cpanel::cPStore::__ANON__(Cpanel::Exception::HTTP::Server=HASH(0x5ece300)) called at /usr/local/cpanel/3rdparty/perl/522/lib64/perl5/cpanel_lib/Try/Tiny.pm line 103 Try::Tiny::try(CODE(0x5f65bd0), Try::Tiny::Catch=REF(0x5f64f18)) called at /usr/local/cpanel/Cpanel/cPStore.pm line 239 Cpanel::cPStore::_request(Cpanel::cPStore::LicenseAuthn=HASH(0x5f20840), "post", "ssl/certificate/free", "item_params", HASH(0x4746850)) called at /usr/local/cpanel/Cpanel/cPStore.pm line 178 Cpanel::cPStore::post(Cpanel::cPStore::LicenseAuthn=HASH(0x5f20840), "ssl/certificate/free", "item_params", HASH(0x4746850)) called at /usr/local/cpanel/Cpanel/SSL/Auto/Provider/cPanel.pm line 169 Cpanel::SSL::Auto::Provider::cPanel::__ANON__() called at /usr/local/cpanel/3rdparty/perl/522/lib64/perl5/cpanel_lib/Try/Tiny.pm line 80 eval {...} called at /usr/local/cpanel/3rdparty/perl/522/lib64/perl5/cpanel_lib/Try/Tiny.pm line 71 Try::Tiny::try(CODE(0x5f3d758), Try::Tiny::Catch=REF(0x5ece120)) called at /usr/local/cpanel/Cpanel/SSL/Auto/Provider/cPanel.pm line 193 Cpanel::SSL::Auto::Provider::cPanel::renew_ssl_for_vhosts(Cpanel::SSL::Auto::Provider::cPanel=HASH(0x4408258), "xxxyyyzzz", "xxxyyyzzz.com", ARRAY(0x47088d0)) called at bin/autossl_check.pl line 259 bin::autossl_check::__ANON__() called at /usr/local/cpanel/3rdparty/perl/522/lib64/perl5/cpanel_lib/Try/Tiny.pm line 80 eval {...} called at /usr/local/cpanel/3rdparty/perl/522/lib64/perl5/cpanel_lib/Try/Tiny.pm line 71 Try::Tiny::try(CODE(0x5f698e8), Try::Tiny::Catch=REF(0x5ebbcf8)) called at bin/autossl_check.pl line 266 bin::autossl_check::__ANON__() called at /usr/local/cpanel/Cpanel/PIDFile.pm line 101 Cpanel::PIDFile::do("Cpanel::PIDFile", "/var/cpanel/autossl_check.pid", CODE(0x4408648)) called at bin/autossl_check.pl line 287 bin::autossl_check::_run_maybe_captured("--all") called at bin/autossl_check.pl line 109 bin::autossl_check::__ANON__() called at /usr/local/cpanel/Cpanel/CaptureFH.pm line 50 Cpanel::CaptureFH::do_with_output_captured_to_path_if_non_tty("/usr/local/cpanel/logs/error_log", CODE(0x43de590)) called at bin/autossl_check.pl line 110 bin::autossl_check::run("--all") called at bin/autossl_check.pl line 78
     2:25:42 AM The system has completed the AutoSSL check for “xxxyyyzzz”.
    
     
  2. verdon

    verdon Well-Known Member

    Joined:
    Nov 1, 2003
    Messages:
    841
    Likes Received:
    2
    Trophy Points:
    168
    Location:
    Northern Ontario, Canada
    cPanel Access Level:
    Root Administrator
    I should ask too, is there a list of Comodo IPs I should whitelist?
     
  3. verdon

    verdon Well-Known Member

    Joined:
    Nov 1, 2003
    Messages:
    841
    Likes Received:
    2
    Trophy Points:
    168
    Location:
    Northern Ontario, Canada
    cPanel Access Level:
    Root Administrator
    I realize now that the Comodo IPs (found in another post) are already in my allow file from CSF, so that's not the issue. My autossl log is still full of errors though, such as the one above. Any idea where to start?
     
  4. verdon

    verdon Well-Known Member

    Joined:
    Nov 1, 2003
    Messages:
    841
    Likes Received:
    2
    Trophy Points:
    168
    Location:
    Northern Ontario, Canada
    cPanel Access Level:
    Root Administrator
    I have looked through /usr/local/cpanel/logs/error_log to see what I can find in there. Interestingly enough, although I can find a lot of stuff along the lines of
    Code:
    [2016-11-13 21:43:09 -0500] warn [autossl_check_cpstore_queue] Refusing to chown() multiply-linked file “/etc/apache2/logs/domlogs/example.com-ssl_log” (2) at /usr/local/cpanel/Cpanel/Debug.pm line 30.
    
    I cannot always find entries at all relating to the clients getting the big red errors in the WHM AutoSSL log view.

    Is it possible that there is stuff not being logged, that the cPanel store thinks is being logged?
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,064
    Likes Received:
    1,287
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    The reason for this error message is answered on the following post:

    Errors from cPanel Store API when requesting autossl certs

    Thank you.
     
  6. verdon

    verdon Well-Known Member

    Joined:
    Nov 1, 2003
    Messages:
    841
    Likes Received:
    2
    Trophy Points:
    168
    Location:
    Northern Ontario, Canada
    cPanel Access Level:
    Root Administrator
    @cPanelMichael Thanks for the clarification. Much appreciated!

    Are these warnings about refusing to chown of any concern then? They don't seem to be related.
     
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,064
    Likes Received:
    1,287
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Here's the pertinent section from /usr/local/cpanel/CPANEL/Debug.pm referenced in that warning message:

    Code:
    sub log_warn {
        my $msg = shift;
        local $!;                   #prevent logger from overwriting $!
        return logger()->warn($msg);
    }
    This warning message related to hard links, and should not prevent the installation of the certificate via the AutoSSL feature. You can verify the Apache domlog exists with a command such as:

    Code:
    stat /etc/apache2/logs/domlogs/example.com-ssl_log
    Thank you.
     
    verdon likes this.
Loading...

Share This Page