ERROR Defect: CERT_HAS_EXPIRED, but AutoSSL is not creating a new cert.

[Hardcoremike]

Log for the AutoSSL run for “domain”: Wednesday, February 26, 2020 10:08:33 AM GMT-0500 (cPanel (powered by Sectigo))
10:08:33 AM AutoSSL’s configured provider is “cPanel (powered by Sectigo)”.
This AutoSSL provider does not poll for certificate availability immediately after a certificate request submission. Instead, it submits certificate requests then periodically polls the cPanel Store for each requested certificate and installs it after a successful retrieval. The system will record all requests, retrievals, and installations for the current AutoSSL run in this log.
Analyzing “domain”’s domains …
10:08:33 AM Analyzing “domain.com” …
10:08:33 AM ERROR TLS Status: Defective
ERROR Certificate expiry: 5/28/19, 12:00 AM UTC (274.63 days ago)
ERROR Defect: OPENSSL_VERIFY: The certificate chain failed OpenSSL’s verification (0:10:CERT_HAS_EXPIRED).
10:08:34 AM Attempting to ensure the existence of necessary CAA records …
10:08:34 AM No CAA records were created.
10:08:34 AM Verifying 8 domains’ DNS management …
Verifying “cPanel (powered by Sectigo)”’s authorization on 8 domains via DNS CAA records …
10:08:34 AM DNS manages “www.domain.com”.
CA authorized: “domain.com”
CA authorized: “cpanel.domain.com”
CA authorized: “mail.domain.com”
CA authorized: “webmail.domain.com”
CA authorized: “cpcontacts.domain.com”
CA authorized: “webdisk.domain.com”
CA authorized: “cpcalendars.domain.com”
CA authorized: “www.domain.com”
“cPanel (powered by Sectigo)” is authorized to issue certificates for 8 of this user’s 8 domains.
DNS manages “domain.com”.
DNS manages “mail.domain.com”.
DNS manages “cpanel.domain.com”.
DNS manages “webdisk.domain.com”.
DNS manages “webmail.domain.com”.
DNS manages “cpcontacts.domain.com”.
DNS manages “cpcalendars.domain.com”.
DNS manages 8 of this user’s 8 domains.
10:08:34 AM Performing HTTP DCV (Domain Control Validation) on 8 domains …

 

[cPanelLauren]

Hello,

It looks like it goes on to complete the HTTP DCV check - does this complete successfully? What is the final log output for this transaction? This doesn't show any errors related to the DNS or HTTP DCV checks.

 

[Hardcoremike]

Log for the AutoSSL run for “stratalawllc”: Wednesday, February 26, 2020 12:50:37 PM GMT-0500 (cPanel (powered by Sectigo))
12:50:37 PM AutoSSL’s configured provider is “cPanel (powered by Sectigo)”.
This AutoSSL provider does not poll for certificate availability immediately after a certificate request submission. Instead, it submits certificate requests then periodically polls the cPanel Store for each requested certificate and installs it after a successful retrieval. The system will record all requests, retrievals, and installations for the current
<REMOVED BY MODERATOR see In Progress - Guide To Opening An Effective Forums Thread>
“cPanel (powered by Sectigo)” is authorized to issue certificates for 8 of this user’s 8 domains.
12:50:37 PM Performing HTTP DCV (Domain Control Validation) on 8 domains …
12:50:42 PM Redirection #1 (domain.com): Ridgway Law Group, LLC | → Ridgway Law Group, LLC |
ERROR “cPanel (powered by Sectigo)” forbids DCV HTTP redirections.
WARN Local HTTP DCV error (domain.com): The system failed to fetch the DCV (Domain Control Validation) file at “Ridgway Law Group, LLC | because of an error: The system failed to send an HTTP (Hypertext Transfer Protocol) “GET” request to “Ridgway Law Group, LLC | because of an error: Could not connect to 'ridgwaydomain.com:443': Connection timed out.
12:50:47 PM Redirection #1 (www.domain.com): Ridgway Law Group, LLC | → Ridgway Law Group, LLC |
ERROR “cPanel (powered by Sectigo)” forbids DCV HTTP redirections.
<REMOVED>

 

[cPanelLauren]

The problem with the AutoSSL check is in the error:

12:50:42 PM Redirection #1 (domain.com): Ridgway Law Group, LLC | → Ridgway Law Group, LLC |
ERROR “cPanel (powered by Sectigo)” forbids DCV HTTP redirections.

You're redirecting from the domain -> another domain and Sectigo will not follow redirects.