Changed document root - AutoSSL

kamm

kamm

Well-Known Member
Jan 17, 2004
61
1
158
Spain
cPanel Access Level
Root Administrator
After changing the document root from public_html to public following the instructions here:
SOLVED - Changing document root for primary domain does not work

Is there anything I need to do to ensure that AutoSSL / Let's Encrypt will continue to run normally for that domain?

I just wondered because the .well-known/acme-challenge directory doesn't exist in the new document root.
 
cPanelLauren

cPanelLauren

Product Owner II
Staff member
Nov 14, 2017
13,272
1,296
363
Houston
kamm said:
After changing the document root from public_html to public following the instructions here:
SOLVED - Changing document root for primary domain does not work

Is there anything I need to do to ensure that AutoSSL / Let's Encrypt will continue to run normally for that domain?

I just wondered because the .well-known/acme-challenge directory doesn't exist in the new document root.
Click to expand...
I'm not 100% sure since this is a customization that we don't necessarily support. What happens when you run the following:

Code: 
/usr/local/cpanel/bin/autossl_check --user=$USER
 
kamm

kamm

Well-Known Member
Jan 17, 2004
61
1
158
Spain
cPanel Access Level
Root Administrator
That seems OK, I'm just a bit concerned what will happen when it expires.

Code: 
[[email protected]~]# /usr/local/cpanel/bin/autossl_check --user=example
AutoSSL’s configured provider is “Let’s Encrypt™”.
Checking websites for “example” …
        Analyzing “example.es” …
                TLS Status: OK
                Certificate expiry: 3/12/19, 1:10 AM UTC (33.8 days from now)
        Analyzing “es.example.es” …
                TLS Status: OK
                Certificate expiry: 3/12/19, 1:10 AM UTC (33.8 days from now)
        Analyzing “static.example.es” …
                TLS Status: OK
                Certificate expiry: 3/12/19, 1:10 AM UTC (33.8 days from now)
The system has completed the AutoSSL check for “example”.
 
cPanelLauren

cPanelLauren

Product Owner II
Staff member
Nov 14, 2017
13,272
1,296
363
Houston
Hi @kamm

The same process is run when the certificate expires, it's run automatically every day and it checks for expired certificates. Are you able to create a subdomain in the same documentroot? It isn't going to tell you much if the domain already has a certificate but you could create a test subdomain to see if it'll pick it up.
 
kamm

kamm

Well-Known Member
Jan 17, 2004
61
1
158
Spain
cPanel Access Level
Root Administrator
Hi @cPanelLauren,

Good idea. I've done that and I'll report back tomorrow to let you know whether it picks it up over night.

** I notice that creating the subdomain has created a .well-known/acme-challange directory in the public directory (I have all the subdomains pointed to public), so that seems like a good sign.
 
  • Like
Reactions: cPanelLauren
kamm

kamm

Well-Known Member
Jan 17, 2004
61
1
158
Spain
cPanel Access Level
Root Administrator
...so I see it created the certificate while creating the subdomain.

It's working OK, but shows a couple of errors - not sure how important they are - the certificate looks good in the browser (checked in Chrome and Firefox).

Code: 
Log for the AutoSSL run for “example”: Wednesday, February 6, 2019 3:22:58 PM GMT+0100 (Let’s Encrypt™)
3:22:58 PM AutoSSL’s configured provider is “Let’s Encrypt™”.
Checking websites for “example” …
3:22:58 PM Analyzing “example.es” …
3:22:58 PM SUCCESS TLS Status: OK
Certificate expiry: 3/12/19, 1:10 AM UTC (33.45 days from now)
3:22:58 PM Analyzing “es.example.es” …
3:22:58 PM SUCCESS TLS Status: OK
Certificate expiry: 3/12/19, 1:10 AM UTC (33.45 days from now)
3:22:58 PM Analyzing “static.example.es” …
3:22:58 PM SUCCESS TLS Status: OK
Certificate expiry: 3/12/19, 1:10 AM UTC (33.45 days from now)
*** 3:22:58 PM Analyzing “test.example.es” …
*** 3:22:58 PM ERROR TLS Status: Defective
Certificate expiry: 2/6/20, 2:22 PM UTC (365 days from now)
*** ERROR Defect: OPENSSL_VERIFY: The certificate chain failed OpenSSL’s verification (0:18:DEPTH_ZERO_SELF_SIGNED_CERT).
3:22:58 PM Performing DCV (Domain Control Validation) …
3:22:58 PM Local HTTP DCV OK: test.example.es
Local HTTP DCV OK: www.test.example.es
3:22:58 PM Analyzing “test.example.es”’s DCV results …
3:22:58 PM No CAA record added because there is no CAA record from another provider in the DNS for example.es.
3:23:01 PM “Let’s Encrypt™” HTTP DCV OK: www.test.example.es
“Let’s Encrypt™” HTTP DCV OK: test.example.es
AutoSSL will request a new certificate.
3:23:01 PM The system will attempt to renew the SSL certificate for the website (test.example.es: test.example.es www.test.example.es).
3:23:03 PM SUCCESS The system has installed a new certificate onto “example”’s website “test.example.es”.
3:23:03 PM The system has completed the AutoSSL check for “example”.
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
DennisMidjord Seriously, why was AutoSSL changed? Security 3
D Server Intrusion: The login shell has changed from '/usr/local/cpanel/bin/jailshell' to '/bin/bash' Security 13
F Shared Hosting, PHP Version Changed, Accidental or Malicious? Security 1
M All certificates changed to Let's encrypt Security 5
H Cpanel Password changed Automatically Security 3
Similar threads
Seriously, why was AutoSSL changed?
Server Intrusion: The login shell has changed from '/usr/local/cpanel/bin/jailshell' to '/bin/bash'
Shared Hosting, PHP Version Changed, Accidental or Malicious?
All certificates changed to Let's encrypt
Cpanel Password changed Automatically
Top Bottom