Force AutoSSL to renew when not all domains pass DCV

M

mvandemar

Well-Known Member
Jun 17, 2006
171
47
178
I have a domain that I have added to a client's account but the domain is pointed at another server. The cpanel server is being used as the primary and secondary dns, and another dns server that his host controls as the tertiary dns. The issue is twofold apparently in that none of the auto-generated subdomains (eg. cpanel.domain.com, cpcalendars.domain.com, etc) exist within the tertiary dns server, and for some reason LetsEncrypt is only checking that one during DCV (which seems really weird to me, but obviously not something we can control).

The offshoot of this is that now every 2 hours I am getting these emails:

AutoSSL would normally renew this certificate now, but 1 of the website’s secured domains just failed DCV. To provide you with more time to resolve this problem, AutoSSL will defer the renewal until Apr 22, 2022 at 12:00:00 AM UTC. After that time, AutoSSL will request a replacement certificate that excludes any domains that fail DCV. At the time of this notice, the certificate will expire in 6 days, 9 hours, 28 minutes, and 39 seconds.
Click to expand...
Is there a way to force AutoSSL to just go ahead and skip all of the domains that are failing DCV now, instead of having to wait? Thanks.

-Michael
 
Spirogg

Spirogg

Well-Known Member
Feb 21, 2018
700
161
43
chicago
cPanel Access Level
Root Administrator
mvandemar said:
I have a domain that I have added to a client's account but the domain is pointed at another server. The cpanel server is being used as the primary and secondary dns, and another dns server that his host controls as the tertiary dns. The issue is twofold apparently in that none of the auto-generated subdomains (eg. cpanel.domain.com, cpcalendars.domain.com, etc) exist within the tertiary dns server, and for some reason LetsEncrypt is only checking that one during DCV (which seems really weird to me, but obviously not something we can control).

The offshoot of this is that now every 2 hours I am getting these emails:



Is there a way to force AutoSSL to just go ahead and skip all of the domains that are failing DCV now, instead of having to wait? Thanks.

-Michael
Click to expand...
 
Spirogg

Spirogg

Well-Known Member
Feb 21, 2018
700
161
43
chicago
cPanel Access Level
Root Administrator
mvandemar said:
No, that did not solve the problem. It's still emailing me saying it is deferring until Apr 22, 2022 at 12:00:00 AM UTC.

-Michael
Click to expand...
When will it expire. It should do it just before 3 days of expiration
 
Spirogg

Spirogg

Well-Known Member
Feb 21, 2018
700
161
43
chicago
cPanel Access Level
Root Administrator
mvandemar said:
That's both in the original post, and irrelevant to the question I am asking.

-Michael
Click to expand...
Read this.
forums.cpanel.net

Failed update of services SSL certificates.

Hi! I manage a VPS. CentOS v7.9.2009, cPanel v100.0.5 Lately I receive error warnings after update retry of SSL Certificates of Exim, Dovecot and WHM. I have 15 more days to solve the problem, or else I assume mail accounts will stop working. The system failed to acquire a signed certificate...
forums.cpanel.net forums.cpanel.net

from what I was told and have read. The a ssl certs will be renewed within 3 days of expiration. So it might not be ready to renew. So the next section I have link to here is where you can move it over and try again to renew. There have been issues if you have not read in this forum. That for some it has not renewed fast enough or not at all. So these are just some suggestions to see if it will work.
 
M

mvandemar

Well-Known Member
Jun 17, 2006
171
47
178
Spirogg said:
from what I was told and have read. The a ssl certs will be renewed within 3 days of expiration. So it might not be ready to renew.
Click to expand...
Spirogg, no offense but you are not understanding the issue, and are just adding noise to the thread. I appreciate the attempt to help though. The system is trying to renew, failing due to some of the DCV failing, and saying it will keep trying every couple of hours until it gives up and does a partial renew. I am asking how to force that partial renew now. Thank you.

-Michael
 
Spirogg

Spirogg

Well-Known Member
Feb 21, 2018
700
161
43
chicago
cPanel Access Level
Root Administrator
mvandemar said:
Spirogg, no offense but you are not understanding the issue, and are just adding noise to the thread. I appreciate the attempt to help though. The system is trying to renew, failing due to some of the DCV failing, and saying it will keep trying every couple of hours until it gives up and does a partial renew. I am asking how to force that partial renew now. Thank you.

-Michael
Click to expand...
Sorry man it’s late and I can’t see well at night. By what I read again in original post. Do You want to exclude those sub domains from AutoSSL and just give the main domain an update.
can’t you go here
Go to ‘Home >> Security >> SSL/TLS Status’.
And exclude the sub domains ?
If not I will stop
Bothering you just trying to help ;)
 
Spirogg

Spirogg

Well-Known Member
Feb 21, 2018
700
161
43
chicago
cPanel Access Level
Root Administrator
Last edited:
M

mvandemar

Well-Known Member
Jun 17, 2006
171
47
178
I have no idea what screen you are on, or how you have "Tools" as the only thing in the left bar. There is no "Home >> Security >> SSL/TLS Status" in mine and my search box says "Search Tools and Accounts". We're obviously on different versions of WHM.

Also, what I would *really* like is for it to just work. All of those subdomains are secured currently, because it just worked fine when I was using cpanel as the provider. However, since they still haven't fixed the issue with Sectigo yet I am stuck using Let's Encrypt, which appears to be why I am having this problem.

-Michael
 
Spirogg

Spirogg

Well-Known Member
Feb 21, 2018
700
161
43
chicago
cPanel Access Level
Root Administrator
mvandemar said:
I have no idea what screen you are on, or how you have "Tools" as the only thing in the left bar. There is no "Home >> Security >> SSL/TLS Status" in mine and my search box says "Search Tools and Accounts". We're obviously on different versions of WHM.

Also, what I would *really* like is for it to just work. All of those subdomains are secured currently, because it just worked fine when I was using cpanel as the provider. However, since they still haven't fixed the issue with Sectigo yet I am stuck using Let's Encrypt, which appears to be why I am having this problem.

-Michael
Click to expand...
Sorry thats in version 102.011 in cPanel for the account (domain.com) not WHM

well ill stop making noise and hopefully @cPRex or someone else might give you the answer. was just a suggestion .

sorry and good luck Michael. :)
 
  • Like
Reactions: mvandemar
Spirogg

Spirogg

Well-Known Member
Feb 21, 2018
700
161
43
chicago
cPanel Access Level
Root Administrator
mvandemar said:
skip all of the domains that are failing DCV now, instead of having to wait
Click to expand...
on last read. for you

community.letsencrypt.org

AutoSSL DCV ERROR

Looks like this is a special limitation of using AutoSSL in WHM: AutoSSL will not work with a forced redirection to https at CloudFlare. The DCV check needs to be able to complete over http. from November 2017. Letsencrypt accepts such redirects, so it’s not a Letsencrypt - limitation.
community.letsencrypt.org community.letsencrypt.org

maybe this thread might help ?

goodnight I'm going to bed its 4am
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
T Force autoSSL for service SSL Server Management 5
S Forceful Restart Server Management 5
H Show limits but not force them Server Management 1
A Forced Update Eating up Ram + crashed cPanel. Server Management 5
U run log forcefully Server Management 0
Similar threads
Force autoSSL for service SSL
Forceful Restart
Show limits but not force them
Forced Update Eating up Ram + crashed cPanel.
run log forcefully
Top Bottom