ERROR Defect: CERT_HAS_EXPIRED, but AutoSSL is not creating a new cert.

Hardcoremike

Registered
Feb 26, 2020
2
0
1
United States
cPanel Access Level
Root Administrator
Log for the AutoSSL run for “domain”: Wednesday, February 26, 2020 10:08:33 AM GMT-0500 (cPanel (powered by Sectigo))
10:08:33 AM AutoSSL’s configured provider is “cPanel (powered by Sectigo)”.
This AutoSSL provider does not poll for certificate availability immediately after a certificate request submission. Instead, it submits certificate requests then periodically polls the cPanel Store for each requested certificate and installs it after a successful retrieval. The system will record all requests, retrievals, and installations for the current AutoSSL run in this log.
Analyzing “domain”’s domains …
10:08:33 AM Analyzing “domain.com” …
10:08:33 AM ERROR TLS Status: Defective
ERROR Certificate expiry: 5/28/19, 12:00 AM UTC (274.63 days ago)
ERROR Defect: OPENSSL_VERIFY: The certificate chain failed OpenSSL’s verification (0:10:CERT_HAS_EXPIRED).

10:08:34 AM Attempting to ensure the existence of necessary CAA records …
10:08:34 AM No CAA records were created.
10:08:34 AM Verifying 8 domains’ DNS management …
Verifying “cPanel (powered by Sectigo)”’s authorization on 8 domains via DNS CAA records …
10:08:34 AM DNS manages “www.domain.com”.
CA authorized: “domain.com”
CA authorized: “cpanel.domain.com”
CA authorized: “mail.domain.com”
CA authorized: “webmail.domain.com”
CA authorized: “cpcontacts.domain.com”
CA authorized: “webdisk.domain.com”
CA authorized: “cpcalendars.domain.com”
CA authorized: “www.domain.com”
“cPanel (powered by Sectigo)” is authorized to issue certificates for 8 of this user’s 8 domains.
DNS manages “domain.com”.
DNS manages “mail.domain.com”.
DNS manages “cpanel.domain.com”.
DNS manages “webdisk.domain.com”.
DNS manages “webmail.domain.com”.
DNS manages “cpcontacts.domain.com”.
DNS manages “cpcalendars.domain.com”.
DNS manages 8 of this user’s 8 domains.
10:08:34 AM Performing HTTP DCV (Domain Control Validation) on 8 domains …
 
Last edited by a moderator:

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,252
313
Houston
Hello,

It looks like it goes on to complete the HTTP DCV check - does this complete successfully? What is the final log output for this transaction? This doesn't show any errors related to the DNS or HTTP DCV checks.
 

Hardcoremike

Registered
Feb 26, 2020
2
0
1
United States
cPanel Access Level
Root Administrator
Log for the AutoSSL run for “stratalawllc”: Wednesday, February 26, 2020 12:50:37 PM GMT-0500 (cPanel (powered by Sectigo))
12:50:37 PM AutoSSL’s configured provider is “cPanel (powered by Sectigo)”.
This AutoSSL provider does not poll for certificate availability immediately after a certificate request submission. Instead, it submits certificate requests then periodically polls the cPanel Store for each requested certificate and installs it after a successful retrieval. The system will record all requests, retrievals, and installations for the current
<REMOVED BY MODERATOR see In Progress - Guide To Opening An Effective Forums Thread>
“cPanel (powered by Sectigo)” is authorized to issue certificates for 8 of this user’s 8 domains.
12:50:37 PM Performing HTTP DCV (Domain Control Validation) on 8 domains …
12:50:42 PM Redirection #1 (domain.com): Ridgway Law Group, LLC | → Ridgway Law Group, LLC |
ERROR “cPanel (powered by Sectigo)” forbids DCV HTTP redirections.
WARN Local HTTP DCV error (domain.com): The system failed to fetch the DCV (Domain Control Validation) file at “Ridgway Law Group, LLC | because of an error: The system failed to send an HTTP (Hypertext Transfer Protocol) “GET” request to “Ridgway Law Group, LLC | because of an error: Could not connect to 'ridgwaydomain.com:443': Connection timed out.
12:50:47 PM Redirection #1 (www.domain.com): Ridgway Law Group, LLC | → Ridgway Law Group, LLC |
ERROR “cPanel (powered by Sectigo)” forbids DCV HTTP redirections.
<REMOVED>
 
Last edited by a moderator:

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,252
313
Houston
The problem with the AutoSSL check is in the error:

Code:
12:50:42 PM Redirection #1 (domain.com): Ridgway Law Group, LLC | → Ridgway Law Group, LLC |
ERROR “cPanel (powered by Sectigo)” forbids DCV HTTP redirections.
You're redirecting from the domain -> another domain and Sectigo will not follow redirects.