Does AutoSSL renew service certificates?

Cameron Brennan

Registered
Oct 24, 2017
4
0
1
Sydney, Australia
cPanel Access Level
Root Administrator
Hi All,

cPanel/Whm N00B here and my first post haha.

I have recently started as the IT manager for a small company and walked into a gigantic mess. My background is in infrastructure, so I don't have much experience in web stuff alas and the previous IT guy has recently left. I got an email stating that the service certificates were expiring in 4 days so I thought I would get in there and make sure they were sorted before the weekend came.

I made my first small mistake by resetting the certificate for dovecot mail server with a self-signed certificate. I incorrectly assumed that the cert showing cPanel inc was a self-signed cert.

Anyway, I didn't progress as I didn't want to break anything further. That's when I saw the autossl section. My question is, will autossl renew these service certs or does it only do the website ones? The service certs (other than the one I reset) expire in 4 days.

Thanks very much!
 

sktest123

Well-Known Member
Jan 31, 2017
99
6
8
kochin
cPanel Access Level
Root Administrator
  • When a certificate expires, your server installs a self-signed certificate. If your server meets the requirements to obtain a free cPanel-signed certificate, the server automatically orders one the next time that the upcp maintenance script runs. When the signed certificate becomes available, the server downloads and installs it.
Manage Service SSL Certificates - Documentation - cPanel Documentation
 

Cameron Brennan

Registered
Oct 24, 2017
4
0
1
Sydney, Australia
cPanel Access Level
Root Administrator
Thanks for the reply sktest123...so I can see that the upcp job has run but nothing has updated as yet. The autossl log seems to have a lot of errors in there but nothing about the service ssl certs as yet. I'm guessing that tomorrow might be different possibly as it will fall within the 3 days expiration.
 

Cameron Brennan

Registered
Oct 24, 2017
4
0
1
Sydney, Australia
cPanel Access Level
Root Administrator
Hi Michael,

The ...well-known\pki etc folder is empty.

In the autossl section it shows the following:

upload_2017-10-26_11-6-13.png
The log shows things like this too:
Code:
The domain “xxx.xxx.com” failed domain control validation: The system queried for a temporary file at “<a href="http://xxx.xxxx.com/.well-known/pki-validation/9DAB0B4774E5AAB0038A956369F80D19.txt">http://xxx.xxxx.com/.well-known/pki-validation/9DAB0B4774E5AAB0038A956369F80D19.txt</a>”, but the web server responded with the following error: 404 (Not Found). A <abbr title="Domain Name System">DNS</abbr> or web server misconfiguration may exist.
Thanks
 

Attachments

Last edited by a moderator:

Cameron Brennan

Registered
Oct 24, 2017
4
0
1
Sydney, Australia
cPanel Access Level
Root Administrator
I have also tried running the checkallsslcerts manually too and got the following:

The system will check for the certificate for the “cpanel” service.
The system will attempt to verify that the certificate for the “cpanel” service is still valid using OCSP (Online Certificate Status Protocol).
The system will attempt to replace the certificate for the “cpanel” service with a signed certificate from the cPanel Store because the current certificate expi res in less than “25” days.
The system will attempt to install a certificate for the “cpanel” service from t he system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for th e “cpanel” service.
The system will attempt to install a certificate for the “cpanel” service from t he cPanel store.
The system will check for the certificate for the “dovecot” service.
The system will attempt to replace the self-signed certificate for the “dovecot” service with a signed certificate from the cPanel Store.
The system will attempt to install a certificate for the “dovecot” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for th e “dovecot” service.
The system will check for the certificate for the “exim” service.
The system will attempt to verify that the certificate for the “exim” service is still valid using OCSP (Online Certificate Status Protocol).
The system will attempt to replace the certificate for the “exim” service with a signed certificate from the cPanel Store because the current certificate expire s in less than “25” days.
The system will attempt to install a certificate for the “exim” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for th e “exim” service.
The system will check for the certificate for the “ftp” service.
The system will attempt to verify that the certificate for the “ftp” service is still valid using OCSP (Online Certificate Status Protocol).
The system will attempt to replace the certificate for the “ftp” service with a signed certificate from the cPanel Store because the current certificate expires in less than “25” days.
The system will attempt to install a certificate for the “ftp” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for th e “ftp” service.
The cPanel Store is processing the hostname certificate request.
The system will check the cPanel Store again the next time that “./checkallsslce rts” runs.


I've submitted a ticket #8981383 as this is now urgent :(