The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

checkallsslcerts and WoSign CA Free SSL

Discussion in 'Security' started by Bdzzld, Jul 28, 2016.

  1. Bdzzld

    Bdzzld Well-Known Member

    Joined:
    Apr 3, 2004
    Messages:
    356
    Likes Received:
    1
    Trophy Points:
    18
    Hi,

    On one of our cPanel servers (running WHM 56.0 (build 28)) has a WoSign CA Free SSL certificate installed for the cPanel services and I noticed the following in the upcp (nightly update) logs :

    Code:
    ...
    [2016-07-28 05:05:23 +0200]  - Processing command `/usr/local/cpanel/bin/checkallsslcerts --allow-retry --verbose`
    [2016-07-28 05:05:27 +0200]  [22993] Cpanel::Exception/(XID gu2uay)
    [2016-07-28 05:05:27 +0200]  [22993]  at /usr/local/cpanel/Cpanel/OrDie.pm line 50.
    [2016-07-28 05:05:27 +0200]  [22993]  Cpanel::OrDie::multi_return(CODE(0x2546e20)) called at /usr/local/cpanel/Cpanel/SSL/OCSP.pm line 55
    [2016-07-28 05:05:27 +0200]  [22993]  Cpanel::SSL::OCSP::cert_is_revoked("-----BEGIN CERTIFICATE-----\x{a}*SNIP*"..., "http://ocsp1.wosign.com/ca6/server1/free") called at /usr/local/cpanel/Cpanel/SSL/Objects/Certificate.pm line 143
    [2016-07-28 05:05:27 +0200]  [22993]  Cpanel::SSL::Objects::Certificate::__ANON__() called at /usr/local/cpanel/3rdparty/perl/522/lib64/perl5/cpanel_lib/Try/Tiny.pm line 80
    [2016-07-28 05:05:27 +0200]  [22993]  eval {...} called at /usr/local/cpanel/3rdparty/perl/522/lib64/perl5/cpanel_lib/Try/Tiny.pm line 71
    [2016-07-28 05:05:27 +0200]  [22993]  Try::Tiny::try(CODE(0x2121898), Try::Tiny::Catch=REF(0x2121988)) called at /usr/local/cpanel/Cpanel/SSL/Objects/Certificate.pm line 148
    [2016-07-28 05:05:27 +0200]  [22993]  Cpanel::SSL::Objects::Certificate::revoked(Cpanel::SSL::Objects::Certificate=HASH(0x21eb7c8)) called at bin/checkallsslcerts.pl line 112
    [2016-07-28 05:05:27 +0200]  [22993]  bin::checkallsslcerts::_check_notify_and_auto_renew_cert_for_service(bin::checkallsslcerts=HASH(0x1f0ca10), "ftp") called at bin/checkallsslcerts.pl line 67
    [2016-07-28 05:05:27 +0200]  [22993]  bin::checkallsslcerts::run(bin::checkallsslcerts=HASH(0x1f0ca10)) called at bin/checkallsslcerts.pl line 36
    [2016-07-28 05:05:28 +0200]  [22993] Cpanel::Exception/(XID x2r8te)
    [2016-07-28 05:05:28 +0200]  [22993]  at /usr/local/cpanel/Cpanel/OrDie.pm line 50.
    [2016-07-28 05:05:28 +0200]  [22993]  Cpanel::OrDie::multi_return(CODE(0x21ec290)) called at /usr/local/cpanel/Cpanel/SSL/OCSP.pm line 55
    [2016-07-28 05:05:28 +0200]  [22993]  Cpanel::SSL::OCSP::cert_is_revoked("-----BEGIN CERTIFICATE-----\x{a}*snip*"..., "http://ocsp1.wosign.com/ca6/server1/free") called at /usr/local/cpanel/Cpanel/SSL/Objects/Certificate.pm line 143
    [2016-07-28 05:05:28 +0200]  [22993]  Cpanel::SSL::Objects::Certificate::__ANON__() called at /usr/local/cpanel/3rdparty/perl/522/lib64/perl5/cpanel_lib/Try/Tiny.pm line 80
    [2016-07-28 05:05:28 +0200]  [22993]  eval {...} called at /usr/local/cpanel/3rdparty/perl/522/lib64/perl5/cpanel_lib/Try/Tiny.pm line 71
    [2016-07-28 05:05:28 +0200]  [22993]  Try::Tiny::try(CODE(0x21218e0), Try::Tiny::Catch=REF(0x213b6d8)) called at /usr/local/cpanel/Cpanel/SSL/Objects/Certificate.pm line 148
    [2016-07-28 05:05:28 +0200]  [22993]  Cpanel::SSL::Objects::Certificate::revoked(Cpanel::SSL::Objects::Certificate=HASH(0x21eb7c8)) called at bin/checkallsslcerts.pl line 112
    [2016-07-28 05:05:28 +0200]  [22993]  bin::checkallsslcerts::_check_notify_and_auto_renew_cert_for_service(bin::checkallsslcerts=HASH(0x1f0ca10), "cpanel") called at bin/checkallsslcerts.pl line 67
    [2016-07-28 05:05:28 +0200]  [22993]  bin::checkallsslcerts::run(bin::checkallsslcerts=HASH(0x1f0ca10)) called at bin/checkallsslcerts.pl line 36
    [2016-07-28 05:05:28 +0200]  [22993] Cpanel::Exception/(XID d74zqz)  
    ...
    
    This is different from our other cPanel servers, which have other SSL certificates installed for the cPanel services.

    According to these logs the SSL certificate appears to be revoked, which is not the case at all. Can you please explain?

    Thanking you in advance.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    Have you contacted your SSL provider to verify the certificate is not revoked? If so, could you verify if it's set to expire soon?

    Thank you.
     
  3. Bdzzld

    Bdzzld Well-Known Member

    Joined:
    Apr 3, 2004
    Messages:
    356
    Likes Received:
    1
    Trophy Points:
    18
    @cPanelMichael: The SSL provider does not show the certificate as being revoked, WHM's SSL Manager does not show the SSL certificate as being revoked, nor does any external test. It's still valid untill November.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Could you open a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
  5. Bdzzld

    Bdzzld Well-Known Member

    Joined:
    Apr 3, 2004
    Messages:
    356
    Likes Received:
    1
    Trophy Points:
    18
    Support Request ID is: 7611827
     

Share This Page