I think I will not sleep today,
Thanks cloudlinux even your own servers are expired !
--2021-10-01 01:56:41-- https://repo.cloudlinux.com/cloudlinux/sources/cln/cldeploy
Resolving repo.cloudlinux.com (repo.cloudlinux.com)... 23.111.175.211, 2604:4500:6:203f::5
Connecting to repo.cloudlinux.com (repo.cloudlinux.com)|23.111.175.211|:443... connected.
ERROR: cannot verify repo.cloudlinux.com's certificate, issued by ‘/C=US/O=Let's Encrypt/CN=R3’:
Issued certificate has expired.
To connect to repo.cloudlinux.com insecurely, use `--no-check-certificate'.
Thanks cloudlinux even your own servers are expired !
--2021-10-01 01:56:41-- https://repo.cloudlinux.com/cloudlinux/sources/cln/cldeploy
Resolving repo.cloudlinux.com (repo.cloudlinux.com)... 23.111.175.211, 2604:4500:6:203f::5
Connecting to repo.cloudlinux.com (repo.cloudlinux.com)|23.111.175.211|:443... connected.
ERROR: cannot verify repo.cloudlinux.com's certificate, issued by ‘/C=US/O=Let's Encrypt/CN=R3’:
Issued certificate has expired.
To connect to repo.cloudlinux.com insecurely, use `--no-check-certificate'.
My own experience - didnt go sectigo.
However WHM -> Install SSL Certificate and then choosing the account/domain you want to 'reinstall' , make sure you choose a previous letsencrypt thats valid. Select it.
Then delete/emtpy the CA box at the bottom so it will retireve the latest , click 'install' and it will update the SSL for the domain.
Doing this seems to have positive results for my case scenarios. Only users on apple devices (macOS / ios) are having problems it seems but after doing this, they're working and conencting without issues once again.
Some mac mail users did have to 'right click' and 'take account online' again to get it operational.
Obviously this is not a good solution for those of you with thousands of accounts, however I found this helpful to triage my larger clients to get them back online asap.
However WHM -> Install SSL Certificate and then choosing the account/domain you want to 'reinstall' , make sure you choose a previous letsencrypt thats valid. Select it.
Then delete/emtpy the CA box at the bottom so it will retireve the latest , click 'install' and it will update the SSL for the domain.
Doing this seems to have positive results for my case scenarios. Only users on apple devices (macOS / ios) are having problems it seems but after doing this, they're working and conencting without issues once again.
Some mac mail users did have to 'right click' and 'take account online' again to get it operational.
Obviously this is not a good solution for those of you with thousands of accounts, however I found this helpful to triage my larger clients to get them back online asap.
Should be noted - accounts with letsencrypt wildcard cannot be fixed with the above method that cpanel suggests. You will get an error.
The domain “*.XXXX.com.au” is not managed on this server. You must specify an IP address to install SSL for “*.XXXX.com.au” or set up this domain on a new account, or create it as parked domain, a subdomain, or an addon domain of an existing account, and try again.
The domain “*.XXXX.com.au” is not managed on this server. You must specify an IP address to install SSL for “*.XXXX.com.au” or set up this domain on a new account, or create it as parked domain, a subdomain, or an addon domain of an existing account, and try again.
This will happend if your domain is over cloudflare
just select the ip from the menu below
Yes, they had more than a year to check this and make a proper update in time....
Exactly... the increased prices definitely does not reflect the updates and work that cPanel has been made in the past two years, pure joke and makeup, there are so many interesting, useful and needed things on the feature requests FOR YEARS and they remain in discussions and ignored...but themes
Interesting and useful update, now everything is fixed with this update...
it was obvious that switch to another provider was going to cause more issues... where is the common sense and the "experience" cPanel have?This update just as the latest two years cPanel relases is a joke... we need a fix and real updates ASAP, this problem is very very annoying and every minute that passes is more desperate...
Hello - just adding that we are also experiencing the same issue - have searched everywhere and besides switching to the cPanel, Inc. issued Certificate there does not seem to be a resolution to the issue - which is a little unbelievable as the problem is the new Lets Encrypt intermediate certificate is not installed on cPanel replacing the old expired R3 certificate.
Surely with 10's maybe 100's of thousands of cPanel uses affected this issue would be a top priority for resolution? It just does not seem to be that way, which is most disappointing.
Surely with 10's maybe 100's of thousands of cPanel uses affected this issue would be a top priority for resolution? It just does not seem to be that way, which is most disappointing.
Switching AutoSSL selection to cPanel/Sectigo and running a check on all users seems to be fixing it for me. Tried on two WHM servers and I'm no longer getting cert warnings from my email program for the accounts hosted there. But I don't have any wildcard certs or anything else other than 'standard' cPanel cert setups.
Any useful update? We have almost 12hours with this issue (in my country laboral hours) and when i notice this 8am to 8pm...
It is very frustrating and annoying be infront on the computer and hit f5 on this thread every 10 minutes because I cannot receive email updates about this thread because my email DOES NOT WORK and NOT FIND A USEFUL UPDATE AND/OR THE PATCH WITH EVERY SITE REFRESH
It is very frustrating and annoying not to be able to use my phone because I am receiving a certificate identity error alert every 10 seconds as soon as I unlock it because the mail DOES NOT WORK
It is very frustrating and annoying not to be able to use my phone because I am receiving a certificate identity error alert every 10 seconds as soon as I unlock it because the mail DOES NOT WORK
Nope, i dont want to change my settings to use my hostname because if you change the incoming/outgoing server on email client it download everything again so you will end with thousands of duplicated emails and all emails are treated like new
I had logged into one of my customer's systems that has about 10 accounts, each running a Worppress Multisite setup with 25-75 domains on each account. For a particular email domain that was having issues, they were tied to a cert which was covering multiple domains. I didn't want to just UNinstall it and then hope to get AutoSSL to reinstall it without error / throttling.
so, I was playing around inside the actual cPanel interface, navigated to SSL/TLS, found the cert that had that domain on it and clicked on the option to Update Certificate. I clicked on that, then clicked Autofill by Domain, and noted that the new / proper CA bundle was in there already. I clicked on Install Certificate and it re-installed the cert and added all the email domains tied to that cert back into /var/cpanel/ssl/domain_tls and the incoming email SSL connections started working for those domains immediately. So I didn't even have to monkey around in WHM. Nice for this particular instance, where one hosting account has a bunch of certs, each with a bunch of domains on it.
Mike
so, I was playing around inside the actual cPanel interface, navigated to SSL/TLS, found the cert that had that domain on it and clicked on the option to Update Certificate. I clicked on that, then clicked Autofill by Domain, and noted that the new / proper CA bundle was in there already. I clicked on Install Certificate and it re-installed the cert and added all the email domains tied to that cert back into /var/cpanel/ssl/domain_tls and the incoming email SSL connections started working for those domains immediately. So I didn't even have to monkey around in WHM. Nice for this particular instance, where one hosting account has a bunch of certs, each with a bunch of domains on it.
Mike
+1 to the above work-around steps.
We've trialed this with a couple of accounts and it seems to be working well so far.
Here's a simpler breakdown of the steps you can follow:
1. Log into cPanel
2. Go to "SSL/TLS Status"
3. Click the "View Certificate" link next to any of the domain/host lines in the table
4. Select any domain from the dropdown
5. Erase/wipe the Certificate Authority Bundle (CABUNDLE) text area
6. Click "Install Certificate"
We've trialed this with a couple of accounts and it seems to be working well so far.
Here's a simpler breakdown of the steps you can follow:
1. Log into cPanel
2. Go to "SSL/TLS Status"
3. Click the "View Certificate" link next to any of the domain/host lines in the table
4. Select any domain from the dropdown
5. Erase/wipe the Certificate Authority Bundle (CABUNDLE) text area
6. Click "Install Certificate"
Update - the first patch we had in place didn't properly resolve the issue. A second patch has been created and is currently being reviewed by our QA team.
I have already set up a plan for one of the technicians working the overnight shift to post updates to this thread so anyone watching this can be kept informed.
We completely understand this is a frustrating experience for everyone, and I plan to post a full post-mortem tomorrow if one of the overnight techs doesn't do that first.
I have already set up a plan for one of the technicians working the overnight shift to post updates to this thread so anyone watching this can be kept informed.
We completely understand this is a frustrating experience for everyone, and I plan to post a full post-mortem tomorrow if one of the overnight techs doesn't do that first.
