How to change an expired SSL certificate to AutoSSL

nickwuk

Active Member
Jul 18, 2009
27
2
53
How do I change an expired GlobalSign SSL certificate to use AutoSSL (other domains are already using AutoSSL on the same server)?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,237
463
Hello,

You can browse to "WHM >> Manage AutoSSL" and use the "Manage Users" tab to verify AutoSSL is enabled for the account. If the existing certificate is expired, you may want to remove it via "WHM >> Manage SSL Hosts", or consider enabling the "Allow AutoSSL to replace invalid or expiring non-AutoSSL certificates" option under the "Options" tab in "WHM >> Manage AutoSSL".

Thank you.
 
  • Like
Reactions: linux4me2

nickwuk

Active Member
Jul 18, 2009
27
2
53
Thank you for these instructions. In "WHM >> Manage AutoSSL" and use the "Manage Users" all domains are set to "Reset to Feature List Setting" (rather than "Enable AutoSSL") and AutoSSL is working for the other domains. I have now ticked the box for "Allow AutoSSL to replace invalid or expiring non-AutoSSL certificates" option under the "Options" tab in "WHM >> Manage AutoSSL", but that's not made any change to the particular domain which still show a not secure warning

If I delete the SSL Host for the one domain in "WHM >> Manage SSL Hosts" do I then need to recreate the SSLHost manually?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,237
463
If I delete the SSL Host for the one domain in "WHM >> Manage SSL Hosts" do I then need to recreate the SSLHost manually?
Hello,

No, AutoSSL will automatically do this when it generates the new certificate. It's possible the domain validation is failing. Check the "Logs" tab in "WHM >> Manage AutoSSL" to see if the most recent log references the domain name with the expired certificate.

Thank you.
 
  • Like
Reactions: linux4me2

nickwuk

Active Member
Jul 18, 2009
27
2
53
Yes the log in Manage AutoSSL > Logs tab does reference the account name in the last action, and it IS now showing as secure in Firefox (Chrome is refusing to update it's cache - maybe tomorrow!).

What triggers AutoSSL to generate the new certificate?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,237
463
What triggers AutoSSL to generate the new certificate?
This happens via the "/usr/local/cpanel/bin/checkallsslcerts" script during the nightly upcp maintenance, or when manually running the following command:

Code:
/usr/local/cpanel/bin/autossl_check --user $username
Note that Comodo can sometimes take a few hours to validate the domain name and issue the certificate.

Thank you.
 
  • Like
Reactions: linux4me2