Fix CERT_HAS_EXPIRED error on cPanel

pedgarc

Member
Jun 11, 2020
10
1
3
Mexico
cPanel Access Level
Root Administrator
Hello there!

I have having this trouble since few weeks, I know is because a root cert expired.

The error: Certificate #4 (CN=DST Root CA X3,O=Digital Signature Trust Co.) has 1 validation error: CERT_HAS_EXPIRED.

Also I know that running the following commands get fix:

Code:
rpm -q ca-certificates
rpm -q ca-certificates --changelog | head
yum -y update ca-certificates
/scripts/autorepair update_lets_encrypt_cabundles
The problem is, when I execute the " /scripts/autorepair update_lets_encrypt_cabundles" script, the problem get fix, but next day the error appears again and I have to execute the command again.

Any idea about how to fix it permanently? Or do you think I need to create a daily cronjob which execute the command?

Thanks in advance.
 

cPanelAnthony

Administrator
Staff member
Oct 18, 2021
583
54
103
Houston, TX
cPanel Access Level
Root Administrator
Hello! I checked with our analyst team and we are not aware of a known issue where you have to apply this fix daily. Would you be able to open a ticket using the link in my signature so we can investigate the problem as it happens on your host? Please let me know the incident ID number once done.

Thanks!
 
  • Like
Reactions: pedgarc

pedgarc

Member
Jun 11, 2020
10
1
3
Mexico
cPanel Access Level
Root Administrator
Hello! I checked with our analyst team and we are not aware of a known issue where you have to apply this fix daily. Would you be able to open a ticket using the link in my signature so we can investigate the problem as it happens on your host? Please let me know the incident ID number once done.

Thanks!
Hello Anthony,

Before open a support ticket, just a question, the following post: https://support.cpanel.net/hc/en-us...es-showing-error-ERR-CERT-COMMON-NAME-INVALID

Says that the command "/scripts/autorepair update_lets_encrypt_cabundles2" will also run automatically during the servers next /scripts/upcp cronjob.

I run manually the /scripts/upcp, then I use:

Code:
grep "lets_encrypt" /var/cpanel/updatelogs/update.911187.3105297716.1603780355.log
Just to view if the "autorepair update_lets_encrypt_cabundles2" was executed, but is not in the log.

And by using:
Code:
grep "autorepair" /var/cpanel/updatelogs/update.911187.3105297716.1603780355.log
I get:

Code:
[2021-10-21 11:24:54 -0500]    - Processing command `/usr/local/cpanel/scripts/autorepair autorepair`
[2021-10-21 11:24:54 -0500]      [/usr/local/cpanel/scripts/autorepair] Requesting script ... Done
[2021-10-21 11:24:54 -0500]      [/usr/local/cpanel/scripts/autorepair] Auto Repair is running...Running Auto Repair routines
[2021-10-21 11:24:54 -0500]      [/usr/local/cpanel/scripts/autorepair] Running autorepair on update_gatherer_permissions
[2021-10-21 11:24:55 -0500]      [/usr/local/cpanel/scripts/autorepair] Running autorepair on exim_cve_workaround
[2021-10-21 11:24:55 -0500]      [/usr/local/cpanel/scripts/autorepair] Finished running Auto Repair routines
[2021-10-21 11:24:55 -0500]      [/usr/local/cpanel/scripts/autorepair] ...Auto Repair is done.
[2021-10-21 11:24:55 -0500]    - Finished command `/usr/local/cpanel/scripts/autorepair autorepair` in 1.088 seconds
Thanks!