Force SSL certificate install

John Schmerold

Well-Known Member
Apr 21, 2004
81
6
158
st. louis
cPanel Access Level
Root Administrator
I use /usr/local/cpanel/bin/autossl_check --user $account to install certificates.

We have a number of certificates expiring in three weeks, we are switching from Let's Encrypt to cPanel's certificates, so I'd like to get the certificates replaced now. When I run "autossl_check --user $account" it sees the active certificate and takes no action.

Is there an option to force the certificate update?

I have removed all existing certificates, but that causes other problems.
 

John Schmerold

Well-Known Member
Apr 21, 2004
81
6
158
st. louis
cPanel Access Level
Root Administrator
I was using FleetSSL, I uninstalled that plugin and am using the cPanel (powered by Sectigo) AutoSSL script. Fleet worked well, however I have come to rely on your excellent support, so I am working to reduce third party apps on our server.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,227
463
I have removed all existing certificates, but that causes other problems.
AutoSSL should install the new certificates as long as the existing certificates were removed. Can you open a support ticket so we can take a closer look to see why it's not issuing the certificates? You can post the ticket number here and I'll link this thread to it.

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,227
463

John Schmerold

Well-Known Member
Apr 21, 2004
81
6
158
st. louis
cPanel Access Level
Root Administrator
That's better than using the gui, but, the problem we then have is if we remove the SSL, then CloudFlare doesn't serve the page. So to get Sectigo to serve a certificate, we have to bypass CloudFlare, remove the old certs, order a Sectigo cert, then enable CloudFlare.

That's a lot of work. I guess I don't mind if this is the only time we have to do this, will we have to go through this every 60 days on every domain?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,227
463
Hello @John Schmerold,

AutoSSL will automatically attempt renew the cPanel (Powered by Sectigo) certificates before the existing (Powered by Sectigo) certificate expires. Thus, the website will remain accessible via HTTPS throughout the renewal process (assuming that's the CloudFlare requirement you are referring to). If AutoSSL is unable to renew the certificate (e.g. domain validation fails for some reason) you will receive an alert before the certificate expires to let you know about the renewal failure.

You can manage the AutoSSL notifications under the Options tab in WHM >> Manage AutoSSL.

Thank you.