You don't need to do anything to get that working - since the SSL expires on the 10th, the system will query for a replacement on the 7th and it will be installed automatically.
So I'm back to square 1 – either:
- another 'seat of the pants palaver bricking it to a last minute crescendo' on 10th Feb; or
- run the manual workaround which may or may not be successful and will definitely result in a period of service certificate outage.
At this time they haven't been resolved, but with your situation you'll get the SSL renewed on the 7th as expected. If for some unlikely reason that doesn't happen, a ticket to our support team then will resolve the issue.
Just to say that my last experience of waiting until 3 days before was highly stressful as it didn't happen until about 3 hours before expiry, as per my previous posts.
But - Good news!
Since Rex's last post I have continued to receive the dreaded 'The SSL certificate for “cpanel” on host.domain.com” will expire in less than 30 days.' emails on each daily upcp cron execution. Service ssl certs are due to expire on the 9th Feb i.e. in 6 days.
However, today I was given a new yellow box in WHM at the top right 'click here to update to 10.0.8' - which I duly did.
Part of this update runs checkallsslcerts which has now installed the service ssl certs without issue *more than* 3 days before expiry - confirmed in the logs. Also confirmed on another server which was experiencing the same issue, but with expiry in 23 days.
Phew, no more seat of the pants last minute crescendo stress.
For me, this thread is now solved.
Thanks Rex & Anthony.
But - Good news!
Since Rex's last post I have continued to receive the dreaded 'The SSL certificate for “cpanel” on host.domain.com” will expire in less than 30 days.' emails on each daily upcp cron execution. Service ssl certs are due to expire on the 9th Feb i.e. in 6 days.
However, today I was given a new yellow box in WHM at the top right 'click here to update to 10.0.8' - which I duly did.
Part of this update runs checkallsslcerts which has now installed the service ssl certs without issue *more than* 3 days before expiry - confirmed in the logs. Also confirmed on another server which was experiencing the same issue, but with expiry in 23 days.
Phew, no more seat of the pants last minute crescendo stress.
For me, this thread is now solved.
Thanks Rex & Anthony.
Last edited:
Thanks for the post -- have also been getting stressed by this issue.
I've been getting emails now for a few weeks that one of my server's free cpanel/whm hostname certificates would expire in under 30 days.
This one was already a 90-day hostname certificate.
At midnight last night, by my watch it was within the 3-day timeframe; however running checkallsslcerts again returned only the same message today, on February 6th, at 3:20 PM EDT that:
I've been getting emails now for a few weeks that one of my server's free cpanel/whm hostname certificates would expire in under 30 days.
This one was already a 90-day hostname certificate.
At midnight last night, by my watch it was within the 3-day timeframe; however running checkallsslcerts again returned only the same message today, on February 6th, at 3:20 PM EDT that:
That is the message I get on February 6th, server time Eastern, but I can't see anything else happening even with the --verbose option. Unsure if the script is using a date other than the server's Eastern Time?
AutoSSL is failing and some of our SSL certificates have now expired as a result!
This error appears in the AutoSSL logs for the domains that have expired:
"The response to the HTTP (Hypertext Transfer Protocol) “POST” request from “https://store.cpanel.net/json-api/ssl/certificate/free” indicated an error (500, Internal Server Error): <!DOCTYPE HTML PUBLIC "-//IETF/…"
EDIT: Now getting "9:41:41 AM The “cPanel (powered by Sectigo)” provider cannot currently accept incoming requests. The system will try again later."
This error appears in the AutoSSL logs for the domains that have expired:
"The response to the HTTP (Hypertext Transfer Protocol) “POST” request from “https://store.cpanel.net/json-api/ssl/certificate/free” indicated an error (500, Internal Server Error): <!DOCTYPE HTML PUBLIC "-//IETF/…"
EDIT: Now getting "9:41:41 AM The “cPanel (powered by Sectigo)” provider cannot currently accept incoming requests. The system will try again later."
Last edited:
@Reado - if these are domain SSLs for websites, switch to the Let's Encrypt provider.
@horizon2021 - if you can't get the hostname SSL to issue, please submit a ticket to our team and we'll see if we can get that working for you.
@horizon2021 - if you can't get the hostname SSL to issue, please submit a ticket to our team and we'll see if we can get that working for you.
On the 7th running checkallsslcerts would try to renew and fail (whereas before the 7th it was not even trying saying it would wait until 3 days before the 9th, although the hostname cert was set to expire at 11:59 on the 8th.) I ran the checkallsslcerts script manually about 10 times and then it grabbed the hostname cert successfully finally.
This is so annoying. I have clients complaining that their website is showing an SSL error. I keep getting the following email alerts almost daily with the subject line containing, "Potential reduced AutoSSL coverage". After 3 or so days, the website cert will expire and I have to go into WHM and select "Manage Auto SSL" and then choose 'Run AutoSSL for all users'. That solves the problem for now.., but I have to keep doing this..
Should I enable, 'Allow AutoSSL to replace invalid or expiring non-AutoSSL certificates.'??? This is getting very annoying..
Should I enable, 'Allow AutoSSL to replace invalid or expiring non-AutoSSL certificates.'??? This is getting very annoying..
@kingsburyweb - yes, if you choose that option that may help with this issue.
You can find more specifics about that warning message here: Potential reduced AutoSSL coverage notification
You can find more specifics about that warning message here: Potential reduced AutoSSL coverage notification
few months ago, an issue with LE, temporal fix was swtiching to sectigo.... not temporal fix is to switch to LE... what a mess.