Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Does AutoSSL renew service certificates?

Discussion in 'Security' started by Cameron Brennan, Oct 24, 2017.

Tags:
  1. Cameron Brennan

    Cameron Brennan Registered

    Joined:
    Oct 24, 2017
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Sydney, Australia
    cPanel Access Level:
    Root Administrator
    Hi All,

    cPanel/Whm N00B here and my first post haha.

    I have recently started as the IT manager for a small company and walked into a gigantic mess. My background is in infrastructure, so I don't have much experience in web stuff alas and the previous IT guy has recently left. I got an email stating that the service certificates were expiring in 4 days so I thought I would get in there and make sure they were sorted before the weekend came.

    I made my first small mistake by resetting the certificate for dovecot mail server with a self-signed certificate. I incorrectly assumed that the cert showing cPanel inc was a self-signed cert.

    Anyway, I didn't progress as I didn't want to break anything further. That's when I saw the autossl section. My question is, will autossl renew these service certs or does it only do the website ones? The service certs (other than the one I reset) expire in 4 days.

    Thanks very much!
     
  2. sktest123

    sktest123 Well-Known Member

    Joined:
    Jan 31, 2017
    Messages:
    99
    Likes Received:
    6
    Trophy Points:
    8
    Location:
    kochin
    cPanel Access Level:
    Root Administrator
    • When a certificate expires, your server installs a self-signed certificate. If your server meets the requirements to obtain a free cPanel-signed certificate, the server automatically orders one the next time that the upcp maintenance script runs. When the signed certificate becomes available, the server downloads and installs it.
    Manage Service SSL Certificates - Documentation - cPanel Documentation
     
  3. Cameron Brennan

    Cameron Brennan Registered

    Joined:
    Oct 24, 2017
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Sydney, Australia
    cPanel Access Level:
    Root Administrator
    Thanks for the reply sktest123...so I can see that the upcp job has run but nothing has updated as yet. The autossl log seems to have a lot of errors in there but nothing about the service ssl certs as yet. I'm guessing that tomorrow might be different possibly as it will fall within the 3 days expiration.
     
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,749
    Likes Received:
    1,885
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. Cameron Brennan

    Cameron Brennan Registered

    Joined:
    Oct 24, 2017
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Sydney, Australia
    cPanel Access Level:
    Root Administrator
    Hi Michael,

    The ...well-known\pki etc folder is empty.

    In the autossl section it shows the following:

    upload_2017-10-26_11-6-13.png
    The log shows things like this too:
    Code:
    The domain “xxx.xxx.com” failed domain control validation: The system queried for a temporary file at “<a href="http://xxx.xxxx.com/.well-known/pki-validation/9DAB0B4774E5AAB0038A956369F80D19.txt">http://xxx.xxxx.com/.well-known/pki-validation/9DAB0B4774E5AAB0038A956369F80D19.txt</a>”, but the web server responded with the following error: 404 (Not Found). A <abbr title="Domain Name System">DNS</abbr> or web server misconfiguration may exist.
    
    Thanks
     

    Attached Files:

    #5 Cameron Brennan, Oct 25, 2017
    Last edited by a moderator: Oct 25, 2017
  6. Cameron Brennan

    Cameron Brennan Registered

    Joined:
    Oct 24, 2017
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Sydney, Australia
    cPanel Access Level:
    Root Administrator
    I have also tried running the checkallsslcerts manually too and got the following:

    The system will check for the certificate for the “cpanel” service.
    The system will attempt to verify that the certificate for the “cpanel” service is still valid using OCSP (Online Certificate Status Protocol).
    The system will attempt to replace the certificate for the “cpanel” service with a signed certificate from the cPanel Store because the current certificate expi res in less than “25” days.
    The system will attempt to install a certificate for the “cpanel” service from t he system ssl storage.
    None of the certificates in the system ssl storage were acceptable to use for th e “cpanel” service.
    The system will attempt to install a certificate for the “cpanel” service from t he cPanel store.
    The system will check for the certificate for the “dovecot” service.
    The system will attempt to replace the self-signed certificate for the “dovecot” service with a signed certificate from the cPanel Store.
    The system will attempt to install a certificate for the “dovecot” service from the system ssl storage.
    None of the certificates in the system ssl storage were acceptable to use for th e “dovecot” service.
    The system will check for the certificate for the “exim” service.
    The system will attempt to verify that the certificate for the “exim” service is still valid using OCSP (Online Certificate Status Protocol).
    The system will attempt to replace the certificate for the “exim” service with a signed certificate from the cPanel Store because the current certificate expire s in less than “25” days.
    The system will attempt to install a certificate for the “exim” service from the system ssl storage.
    None of the certificates in the system ssl storage were acceptable to use for th e “exim” service.
    The system will check for the certificate for the “ftp” service.
    The system will attempt to verify that the certificate for the “ftp” service is still valid using OCSP (Online Certificate Status Protocol).
    The system will attempt to replace the certificate for the “ftp” service with a signed certificate from the cPanel Store because the current certificate expires in less than “25” days.
    The system will attempt to install a certificate for the “ftp” service from the system ssl storage.
    None of the certificates in the system ssl storage were acceptable to use for th e “ftp” service.
    The cPanel Store is processing the hostname certificate request.
    The system will check the cPanel Store again the next time that “./checkallsslce rts” runs.


    I've submitted a ticket #8981383 as this is now urgent :(
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice