Force autoSSL for service SSL

[turbo2ltr]

Every day I get 9 emails telling me the service SSL will expire in less than 30 days.. I googled up and down and can't seem to find out how to force WHM to run autoSSL on the service SSL cert. I really don't want to get 9 emails a day for the next 29 days. The server domain is a subdomain of one of the other domains on the server. But the host subdomain is not listed in the "Manage Auto SSL Hosts" for that domain so I assume it's separate. But the host is not listed anywhere on that page.

 

[andrew.n]

If you are getting these emails it means that for some reason your certificates were not able to be renewed automatically. You can run this command manually to see the error why the hostname SSL certs are failing:

/usr/local/cpanel/bin/checkallsslcerts

 

[turbo2ltr]

There does not appear to be an error. Just a notice saying they will expire.
I ran that command, here are the results.

host3 root [~] # /usr/local/cpanel/bin/checkallsslcerts
The system will check for the certificate for the “cpanel” service.
The system will attempt to verify that the certificate for the “cpanel” service is still valid using OCSP (Online Certificate Status Protocol).
The “cpanel” service’s current certificate comes with the server’s cPanel license. This certificate expires in less than 25 days. The system will attempt to renew and install a new certificate to the “cpanel” service and any other services that use the old certificate.
The system will attempt to install a certificate for the “cpanel” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “cpanel” service.
The system will attempt to install a certificate for the “cpanel” service from the cPanel store.
The system will check for the certificate for the “dovecot” service.
The system will attempt to verify that the certificate for the “dovecot” service is still valid using OCSP (Online Certificate Status Protocol).
The “dovecot” service’s current certificate comes with the server’s cPanel license. This certificate expires in less than 25 days. The system will attempt to renew and install a new certificate to the “dovecot” service and any other services that use the old certificate.
The system will attempt to install a certificate for the “dovecot” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “dovecot” service.
The system will check for the certificate for the “exim” service.
The system will attempt to verify that the certificate for the “exim” service is still valid using OCSP (Online Certificate Status Protocol).
The “exim” service’s current certificate comes with the server’s cPanel license. This certificate expires in less than 25 days. The system will attempt to renew and install a new certificate to the “exim” service and any other services that use the old certificate.
The system will attempt to install a certificate for the “exim” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “exim” service.
The system will check for the certificate for the “ftp” service.
The system will attempt to verify that the certificate for the “ftp” service is still valid using OCSP (Online Certificate Status Protocol).
The “ftp” service’s current certificate comes with the server’s cPanel license. This certificate expires in less than 25 days. The system will attempt to renew and install a new certificate to the “ftp” service and any other services that use the old certificate.
The system will attempt to install a certificate for the “ftp” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “ftp” service.
The cPanel Store is processing the hostname certificate request.
The system will check the cPanel Store again the next time that “/usr/local/cpanel/bin/checkallsslcerts” runs.

I see the end says the cpanel store is processing the cert request. Not sure if there is a place to check that. If I got the autoSSL Queue and log, there's nothing relevant in there.

 

[cPanelAnthony]

Hello! Could you open a ticket using the link in my signature and update me once done? Your web hosting provider may be able to do so on your behalf.

 

[turbo2ltr]

Now I see this in the log

[WARN] The system failed to acquire a signed certificate from the cPanel Store because of the following error: The system failed to acquire a signed certificate from the cPanel Store. at bin/checkallsslcerts.pl line 607.

I saw there was a cpanel update and pending reboot so I did both of those. Now I get

[WARN] The system failed to acquire a signed certificate from the cPanel Store because of the following error: The system failed to acquire a signed certificate from the cPanel Store. at bin/checkallsslcerts.pl line 654.

I then found this thread with the answer. Stale CSRs.

Failed update of services SSL certificates.

Hi! I manage a VPS. CentOS v7.9.2009, cPanel v100.0.5 Lately I receive error warnings after update retry of SSL Certificates of Exim, Dovecot and WHM. I have 15 more days to solve the problem, or else I assume mail accounts will stop working. The system failed to acquire a signed certificate...

forums.cpanel.net

Ran the command to move the old csr you posted in that thread

mv /var/cpanel/hostname_cert_csrs{,.cpbkp} -v

And ran checkallsslcerts again and it worked!
Thanks

 

[andrew.n]

wow nice solution, well done!