SOLVED [CPANEL-39321] Service SSL Certificates expire in 11 days, but not auto renewing

Operating System & Version
CentOS v7.9.2009
cPanel & WHM Version
v100.0.3

qcomber

Active Member
Nov 10, 2015
25
5
53
London
cPanel Access Level
Root Administrator
So I'm back to square 1 – either:
  • another 'seat of the pants palaver bricking it to a last minute crescendo' on 10th Feb; or
  • run the manual workaround which may or may not be successful and will definitely result in a period of service certificate outage.
Rex, pls can you confirm whether the date comparison issues in checksslcerts have been resolved in 10.0.7 as reported in my previous posts in this thread? Should I start a new thread for these issues to save confusion with COBRA-13510?
 
  • Like
Reactions: horizon2021

qcomber

Active Member
Nov 10, 2015
25
5
53
London
cPanel Access Level
Root Administrator
Just to say that my last experience of waiting until 3 days before was highly stressful as it didn't happen until about 3 hours before expiry, as per my previous posts.
But - Good news!
Since Rex's last post I have continued to receive the dreaded 'The SSL certificate for “cpanel” on host.domain.com” will expire in less than 30 days.' emails on each daily upcp cron execution. Service ssl certs are due to expire on the 9th Feb i.e. in 6 days.
However, today I was given a new yellow box in WHM at the top right 'click here to update to 10.0.8' - which I duly did.
Part of this update runs checkallsslcerts which has now installed the service ssl certs without issue *more than* 3 days before expiry - confirmed in the logs. Also confirmed on another server which was experiencing the same issue, but with expiry in 23 days.
Phew, no more seat of the pants last minute crescendo stress.
For me, this thread is now solved.
Thanks Rex & Anthony.
 
Last edited:
  • Like
Reactions: cPRex

horizon2021

Active Member
Jan 31, 2021
41
2
8
USA
cPanel Access Level
Root Administrator
Thanks for the post -- have also been getting stressed by this issue.

I've been getting emails now for a few weeks that one of my server's free cpanel/whm hostname certificates would expire in under 30 days.

This one was already a 90-day hostname certificate.

At midnight last night, by my watch it was within the 3-day timeframe; however running checkallsslcerts again returned only the same message today, on February 6th, at 3:20 PM EDT that:
The "cpanel" service's certificate will expire soon (February 9, 2022). If this certificate remains installed on Feb 6, 2022, the system will attempt to replace it.
That is the message I get on February 6th, server time Eastern, but I can't see anything else happening even with the --verbose option. Unsure if the script is using a date other than the server's Eastern Time?
 

Reado

Well-Known Member
Sep 8, 2009
237
12
68
United Kingdom
cPanel Access Level
Root Administrator
AutoSSL is failing and some of our SSL certificates have now expired as a result!

This error appears in the AutoSSL logs for the domains that have expired:

"The response to the HTTP (Hypertext Transfer Protocol) “POST” request from “https://store.cpanel.net/json-api/ssl/certificate/free” indicated an error (500, Internal Server Error): <!DOCTYPE HTML PUBLIC "-//IETF/…"

EDIT: Now getting "9:41:41 AM The “cPanel (powered by Sectigo)” provider cannot currently accept incoming requests. The system will try again later."
 
Last edited:

horizon2021

Active Member
Jan 31, 2021
41
2
8
USA
cPanel Access Level
Root Administrator
That is the message I get on February 6th, server time Eastern, but I can't see anything else happening even with the --verbose option. Unsure if the script is using a date other than the server's Eastern Time?
On the 7th running checkallsslcerts would try to renew and fail (whereas before the 7th it was not even trying saying it would wait until 3 days before the 9th, although the hostname cert was set to expire at 11:59 on the 8th.) I ran the checkallsslcerts script manually about 10 times and then it grabbed the hostname cert successfully finally.
 
  • Like
Reactions: cPRex

kingsburyweb

Registered
Aug 13, 2021
4
0
1
Massachusetts
cPanel Access Level
Root Administrator
This is so annoying. I have clients complaining that their website is showing an SSL error. I keep getting the following email alerts almost daily with the subject line containing, "Potential reduced AutoSSL coverage". After 3 or so days, the website cert will expire and I have to go into WHM and select "Manage Auto SSL" and then choose 'Run AutoSSL for all users'. That solves the problem for now.., but I have to keep doing this..

Should I enable, 'Allow AutoSSL to replace invalid or expiring non-AutoSSL certificates.'??? This is getting very annoying..