[CPANEL-23825] AutoSSL trying to setup certificate for domain that no longer exists

[DennisMidjord]

Every 5 minutes, we receive the following email:

“SSL Pending Queue” failed because of an error.

/usr/local/cpanel/bin/process_ssl_pending_queue encountered an error: The system retrieved the <abbr title="Secure Sockets Layer">SSL</abbr> certificate for “subdomain.domain.com”, but failed to install it because of an error: The certificate could not be installed on the domain “subdomain.domain.com”. Sorry, subdomain.domain.com is not one of the domains on your account.. The system will attempt to fetch the certificate and to install it again. at /usr/local/cpanel/Cpanel/SSL/PendingQueue/Run.pm line 157.

The subdomain.domain.com domain no longer exists. I'm guessing the user had 'subdomain.com' added as a addon domain, hence why subdomain.domainn.com was created.
I can't find any way to stop AutoSSL from trying to install the certificate.

 

[GOT]

I would recreate the subdomain and give it an hour to install. Once it clears then delete it again.

 

[DennisMidjord]

I tried creating the subdomain and forcing the queue to run, but the error was still the same.

 

[cPanelMichael]

Hello @DennisMidjord,

Can you verify which version of cPanel & WHM is installed on this system? EX:

cat /usr/local/cpanel/version

Thank you.

 

[DennisMidjord]

Hello,

The server is running v. 11.76.0.4.

 

[cPanelMichael]

Hello @DennisMidjord,

Can you open a support ticket so we can take a closer look at the affected system? You can post the ticket number here and we'll update this thread with the outcome.

Thank you.

 

[DennisMidjord]

I've created the ticket now: ID 10674931

 

[DennisMidjord]

Issue has been fixed now. This was the reply:

Greetings,

The issue is that the database for pending SSLs still contains the domain:

===========================
[11:50:09 server13 [email protected] ~]cPs# cat /home/user/.cpanel/ssl/pending_queue.json | python -mjson.tool
<snip>
===========================

I've emptied this entry out and it should no longer send these emails. Likely a race condition happened where the AutoSSL was still pending, but the user removed the subdomain. I am going to file an internal case for this to prevent these emails from sending as they had in this scenario. This would have been from the user's AutoSSL tools, not that of root's.

 

[cPanelMichael]

Hello @DennisMidjord,

Thanks for sharing the outcome!

To update, internal case CPANEL-23825 was opened to report an issue where the AutoSSL pending queue continues if domain was removed. I'll monitor this case and update this thread with more information on it's status as it becomes available.

Thank you.