Changed document root - AutoSSL

kamm

Well-Known Member
Jan 17, 2004
59
1
158
Spain
cPanel Access Level
Root Administrator
After changing the document root from public_html to public following the instructions here:
SOLVED - Changing document root for primary domain does not work

Is there anything I need to do to ensure that AutoSSL / Let's Encrypt will continue to run normally for that domain?

I just wondered because the .well-known/acme-challenge directory doesn't exist in the new document root.
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,273
1,282
313
Houston
After changing the document root from public_html to public following the instructions here:
SOLVED - Changing document root for primary domain does not work

Is there anything I need to do to ensure that AutoSSL / Let's Encrypt will continue to run normally for that domain?

I just wondered because the .well-known/acme-challenge directory doesn't exist in the new document root.
I'm not 100% sure since this is a customization that we don't necessarily support. What happens when you run the following:

Code:
/usr/local/cpanel/bin/autossl_check --user=$USER
 

kamm

Well-Known Member
Jan 17, 2004
59
1
158
Spain
cPanel Access Level
Root Administrator
That seems OK, I'm just a bit concerned what will happen when it expires.

Code:
[[email protected]~]# /usr/local/cpanel/bin/autossl_check --user=example
AutoSSL’s configured provider is “Let’s Encrypt™”.
Checking websites for “example” …
        Analyzing “example.es” …
                TLS Status: OK
                Certificate expiry: 3/12/19, 1:10 AM UTC (33.8 days from now)
        Analyzing “es.example.es” …
                TLS Status: OK
                Certificate expiry: 3/12/19, 1:10 AM UTC (33.8 days from now)
        Analyzing “static.example.es” …
                TLS Status: OK
                Certificate expiry: 3/12/19, 1:10 AM UTC (33.8 days from now)
The system has completed the AutoSSL check for “example”.
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,273
1,282
313
Houston
Hi @kamm

The same process is run when the certificate expires, it's run automatically every day and it checks for expired certificates. Are you able to create a subdomain in the same documentroot? It isn't going to tell you much if the domain already has a certificate but you could create a test subdomain to see if it'll pick it up.
 

kamm

Well-Known Member
Jan 17, 2004
59
1
158
Spain
cPanel Access Level
Root Administrator
Hi @cPanelLauren,

Good idea. I've done that and I'll report back tomorrow to let you know whether it picks it up over night.

** I notice that creating the subdomain has created a .well-known/acme-challange directory in the public directory (I have all the subdomains pointed to public), so that seems like a good sign.
 
  • Like
Reactions: cPanelLauren

kamm

Well-Known Member
Jan 17, 2004
59
1
158
Spain
cPanel Access Level
Root Administrator
...so I see it created the certificate while creating the subdomain.

It's working OK, but shows a couple of errors - not sure how important they are - the certificate looks good in the browser (checked in Chrome and Firefox).

Code:
Log for the AutoSSL run for “example”: Wednesday, February 6, 2019 3:22:58 PM GMT+0100 (Let’s Encrypt™)
3:22:58 PM AutoSSL’s configured provider is “Let’s Encrypt™”.
Checking websites for “example” …
3:22:58 PM Analyzing “example.es” …
3:22:58 PM SUCCESS TLS Status: OK
Certificate expiry: 3/12/19, 1:10 AM UTC (33.45 days from now)
3:22:58 PM Analyzing “es.example.es” …
3:22:58 PM SUCCESS TLS Status: OK
Certificate expiry: 3/12/19, 1:10 AM UTC (33.45 days from now)
3:22:58 PM Analyzing “static.example.es” …
3:22:58 PM SUCCESS TLS Status: OK
Certificate expiry: 3/12/19, 1:10 AM UTC (33.45 days from now)
*** 3:22:58 PM Analyzing “test.example.es” …
*** 3:22:58 PM ERROR TLS Status: Defective
Certificate expiry: 2/6/20, 2:22 PM UTC (365 days from now)
*** ERROR Defect: OPENSSL_VERIFY: The certificate chain failed OpenSSL’s verification (0:18:DEPTH_ZERO_SELF_SIGNED_CERT).
3:22:58 PM Performing DCV (Domain Control Validation) …
3:22:58 PM Local HTTP DCV OK: test.example.es
Local HTTP DCV OK: www.test.example.es
3:22:58 PM Analyzing “test.example.es”’s DCV results …
3:22:58 PM No CAA record added because there is no CAA record from another provider in the DNS for example.es.
3:23:01 PM “Let’s Encrypt™” HTTP DCV OK: www.test.example.es
“Let’s Encrypt™” HTTP DCV OK: test.example.es
AutoSSL will request a new certificate.
3:23:01 PM The system will attempt to renew the SSL certificate for the website (test.example.es: test.example.es www.test.example.es).
3:23:03 PM SUCCESS The system has installed a new certificate onto “example”’s website “test.example.es”.
3:23:03 PM The system has completed the AutoSSL check for “example”.