Force AutoSSL to renew when not all domains pass DCV

mvandemar

Well-Known Member
Jun 17, 2006
161
43
178
I have a domain that I have added to a client's account but the domain is pointed at another server. The cpanel server is being used as the primary and secondary dns, and another dns server that his host controls as the tertiary dns. The issue is twofold apparently in that none of the auto-generated subdomains (eg. cpanel.domain.com, cpcalendars.domain.com, etc) exist within the tertiary dns server, and for some reason LetsEncrypt is only checking that one during DCV (which seems really weird to me, but obviously not something we can control).

The offshoot of this is that now every 2 hours I am getting these emails:

AutoSSL would normally renew this certificate now, but 1 of the website’s secured domains just failed DCV. To provide you with more time to resolve this problem, AutoSSL will defer the renewal until Apr 22, 2022 at 12:00:00 AM UTC. After that time, AutoSSL will request a replacement certificate that excludes any domains that fail DCV. At the time of this notice, the certificate will expire in 6 days, 9 hours, 28 minutes, and 39 seconds.
Is there a way to force AutoSSL to just go ahead and skip all of the domains that are failing DCV now, instead of having to wait? Thanks.

-Michael
 

Spirogg

Well-Known Member
Feb 21, 2018
695
151
43
chicago
cPanel Access Level
Root Administrator
I have a domain that I have added to a client's account but the domain is pointed at another server. The cpanel server is being used as the primary and secondary dns, and another dns server that his host controls as the tertiary dns. The issue is twofold apparently in that none of the auto-generated subdomains (eg. cpanel.domain.com, cpcalendars.domain.com, etc) exist within the tertiary dns server, and for some reason LetsEncrypt is only checking that one during DCV (which seems really weird to me, but obviously not something we can control).

The offshoot of this is that now every 2 hours I am getting these emails:



Is there a way to force AutoSSL to just go ahead and skip all of the domains that are failing DCV now, instead of having to wait? Thanks.

-Michael
 

Spirogg

Well-Known Member
Feb 21, 2018
695
151
43
chicago
cPanel Access Level
Root Administrator
No, that did not solve the problem. It's still emailing me saying it is deferring until Apr 22, 2022 at 12:00:00 AM UTC.

-Michael
When will it expire. It should do it just before 3 days of expiration
 

Spirogg

Well-Known Member
Feb 21, 2018
695
151
43
chicago
cPanel Access Level
Root Administrator
That's both in the original post, and irrelevant to the question I am asking.

-Michael
Read this.

from what I was told and have read. The a ssl certs will be renewed within 3 days of expiration. So it might not be ready to renew. So the next section I have link to here is where you can move it over and try again to renew. There have been issues if you have not read in this forum. That for some it has not renewed fast enough or not at all. So these are just some suggestions to see if it will work.
 

mvandemar

Well-Known Member
Jun 17, 2006
161
43
178
from what I was told and have read. The a ssl certs will be renewed within 3 days of expiration. So it might not be ready to renew.
Spirogg, no offense but you are not understanding the issue, and are just adding noise to the thread. I appreciate the attempt to help though. The system is trying to renew, failing due to some of the DCV failing, and saying it will keep trying every couple of hours until it gives up and does a partial renew. I am asking how to force that partial renew now. Thank you.

-Michael
 

Spirogg

Well-Known Member
Feb 21, 2018
695
151
43
chicago
cPanel Access Level
Root Administrator
Spirogg, no offense but you are not understanding the issue, and are just adding noise to the thread. I appreciate the attempt to help though. The system is trying to renew, failing due to some of the DCV failing, and saying it will keep trying every couple of hours until it gives up and does a partial renew. I am asking how to force that partial renew now. Thank you.

-Michael
Sorry man it’s late and I can’t see well at night. By what I read again in original post. Do You want to exclude those sub domains from AutoSSL and just give the main domain an update.
can’t you go here
Go to ‘Home >> Security >> SSL/TLS Status’.
And exclude the sub domains ?
If not I will stop
Bothering you just trying to help ;)
 

Spirogg

Well-Known Member
Feb 21, 2018
695
151
43
chicago
cPanel Access Level
Root Administrator
Last edited:

mvandemar

Well-Known Member
Jun 17, 2006
161
43
178
I have no idea what screen you are on, or how you have "Tools" as the only thing in the left bar. There is no "Home >> Security >> SSL/TLS Status" in mine and my search box says "Search Tools and Accounts". We're obviously on different versions of WHM.

Also, what I would *really* like is for it to just work. All of those subdomains are secured currently, because it just worked fine when I was using cpanel as the provider. However, since they still haven't fixed the issue with Sectigo yet I am stuck using Let's Encrypt, which appears to be why I am having this problem.

-Michael
 

Spirogg

Well-Known Member
Feb 21, 2018
695
151
43
chicago
cPanel Access Level
Root Administrator
I have no idea what screen you are on, or how you have "Tools" as the only thing in the left bar. There is no "Home >> Security >> SSL/TLS Status" in mine and my search box says "Search Tools and Accounts". We're obviously on different versions of WHM.

Also, what I would *really* like is for it to just work. All of those subdomains are secured currently, because it just worked fine when I was using cpanel as the provider. However, since they still haven't fixed the issue with Sectigo yet I am stuck using Let's Encrypt, which appears to be why I am having this problem.

-Michael
Sorry thats in version 102.011 in cPanel for the account (domain.com) not WHM

well ill stop making noise and hopefully @cPRex or someone else might give you the answer. was just a suggestion .

sorry and good luck Michael. :)
 
  • Like
Reactions: mvandemar

Spirogg

Well-Known Member
Feb 21, 2018
695
151
43
chicago
cPanel Access Level
Root Administrator
skip all of the domains that are failing DCV now, instead of having to wait
on last read. for you


maybe this thread might help ?

goodnight I'm going to bed its 4am