JAB Creations

Active Member
Nov 21, 2009
28
2
53
I'm getting a pointlessly ambiguous error message when I run the following command:

Code:
/usr/local/cpanel/bin/autossl_check --user example
I then logged in as both root and the user PHP runs as. The root user is able to run the command fine while the (confirmed) user PHP runs as is getting the same ambiguous permission denied error.

The cPanel "Errors" page doesn't list anything relevant (just older errors I've cleaned up during this work session).

I have had this command run successfully many times before via PHP's shell_exec command (which I always filter for semi-colon injection attacks). What can I do to debug this issue?

Edit 1: my apologies, could a moderator please move this thread to the Developer Experience forum?
 
Last edited:

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,304
1,252
313
Houston
I went ahead and moved this but I did want to mention that you're getting the error because only the root user has the privilege to run this command.

For example if i run this as my own user:
Code:
[[email protected] /]$ /usr/local/cpanel/bin/autossl_check --user lauren
bash: /usr/local/cpanel/bin/autossl_check: Permission denied
[[email protected] /]$
This is because the autossl process can't be invoked by a user that is not root. The AutoSSL process is automatically started when a domain is added.
 

JAB Creations

Active Member
Nov 21, 2009
28
2
53
  • Is AutoSSL a third-party or native cPanel feature?
  • How often is AutoSSL executed?
  • Where can I change the frequency of it's execution?
  • What, if any, is the point in only allowing the root user to run AutoSSL?
  • When I am logged in as a user that is not root cPanel allows me to run AutoSSL, how can I emulate this?
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,304
1,252
313
Houston
  • Is AutoSSL a third-party or native cPanel feature?
AutoSSL itself is native, the provider if you're using Sectigo is as well, if you're using Let's Encrypt it's considered a 3rd party provider

  • How often is AutoSSL executed?
An AutoSSL run is initiated any time a new domain is added and every 24 hours via cron
Code:
[[email protected] cron.d]# cat /etc/cron.d/cpanel_autossl
57    1    *    *    *    root    /usr/local/cpanel/bin/autossl_check --all
  • Where can I change the frequency of it's execution?
If you were going to increase the frequency I'd suggest adding a separate cron in root's crontab otherwise you could modify the cron.d entry but I can't guarantee that it wouldn't be modified.

  • What, if any, is the point in only allowing the root user to run AutoSSL?
The process runs as the root user because it runs the process for all users on the system. I cannot disagree that it would be nice if the process was able to be initiated by the user. There is a feature request for this present here: https://features.cpanel.net/topic/autossl-cpanel-interface-for-end-user-control

  • When I am logged in as a user that is not root cPanel allows me to run AutoSSL, how can I emulate this?
The command you were running previously won't work for the user themself but this would I believe:

 
  • Like
Reactions: JAB Creations

JAB Creations

Active Member
Nov 21, 2009
28
2
53
AutoSSL itself is native, the provider if you're using Sectigo is as well, if you're using Let's Encrypt it's considered a 3rd party provider

...
Thank you Lauren for all of those clarifications. One last question for now: does AutoSSL automatically run when a subdomain is added?
 
  • Like
Reactions: cPanelLauren