[CPANEL-23825] AutoSSL trying to setup certificate for domain that no longer exists

DennisMidjord

Well-Known Member
Sep 27, 2016
227
27
28
Denmark
cPanel Access Level
Root Administrator
Every 5 minutes, we receive the following email:
“SSL Pending Queue” failed because of an error.

/usr/local/cpanel/bin/process_ssl_pending_queue encountered an error: The system retrieved the <abbr title="Secure Sockets Layer">SSL</abbr> certificate for “subdomain.domain.com”, but failed to install it because of an error: The certificate could not be installed on the domain “subdomain.domain.com”. Sorry, subdomain.domain.com is not one of the domains on your account.. The system will attempt to fetch the certificate and to install it again. at /usr/local/cpanel/Cpanel/SSL/PendingQueue/Run.pm line 157.
The subdomain.domain.com domain no longer exists. I'm guessing the user had 'subdomain.com' added as a addon domain, hence why subdomain.domainn.com was created.
I can't find any way to stop AutoSSL from trying to install the certificate.
 

DennisMidjord

Well-Known Member
Sep 27, 2016
227
27
28
Denmark
cPanel Access Level
Root Administrator
Issue has been fixed now. This was the reply:
Greetings,

The issue is that the database for pending SSLs still contains the domain:

===========================
[11:50:09 server13 [email protected] ~]cPs# cat /home/user/.cpanel/ssl/pending_queue.json | python -mjson.tool
<snip>
===========================

I've emptied this entry out and it should no longer send these emails. Likely a race condition happened where the AutoSSL was still pending, but the user removed the subdomain. I am going to file an internal case for this to prevent these emails from sending as they had in this scenario. This would have been from the user's AutoSSL tools, not that of root's.
 

cPanelMichael

Technical Support Community Manager
Staff member
Apr 11, 2011
47,911
2,233
363
cPanel Access Level
DataCenter Provider
Twitter
Hello @DennisMidjord,

Thanks for sharing the outcome!

To update, internal case CPANEL-23825 was opened to report an issue where the AutoSSL pending queue continues if domain was removed. I'll monitor this case and update this thread with more information on it's status as it becomes available.

Thank you.