SOLVED How to disable "AutoSSL certificate installed!" emails?

Benjamin D.

Well-Known Member
Jan 28, 2016
173
32
78
Canada
cPanel Access Level
Root Administrator
(Hi, not sure I'm posting in the correct forum, please feel free to move me to another forum if necessary.)

How to disable "AutoSSL certificate installed!" emails coming from WHM? Sometimes I wake up, I have 40 of those, just over night. I went in WHM > Contact Manager > Notifications and I see an alert list for "AutoSSL has installed a certificate successfully." and so I'd like to disable that, but it's the only entry in there that's completely grayed out. According to WHM it's already disabled and from what I understand I should not have any of those "AutoSSL certificate installed!" emails. See screenshot attached. What's up with that?

...And is there a way to ONLY receive an email when there is an error, such as a coverage reduction and/or when the cert issuing is delayed/failed?
 

Attachments

HostNoc

Well-Known Member
Feb 20, 2020
157
39
28
Ontario
cPanel Access Level
Root Administrator
In WHM's Contact Manager interface (WHM >> Home >> Server Contacts >> Contact Manager):


  • AutoSSL certificates expiring — An account's AutoSSL certificate expires soon.
  • Installation of AutoSSL certificates — AutoSSL installed an SSL certificate.
  • Installation of purchased SSL certificates — The system installed SSL certificates that a user purchased through the cPanel Market.
  • SSL Certificate Expiration — A service-level SSL certificate has expired.
  • SSL Certificate Expires Soon — An account's SSL certificate expires soon.
  • SSL certificates expiring — An account's SSL certificate expires soon.
In cPanel's Contact Information interface (cPanel >> Home >> Preferences >> Contact Information):


  • AutoSSL has renewed a certificate — AutoSSL successfully completed a certificate renewal.
  • AutoSSL certificate expiry — An AutoSSL certificate will expire soon.
  • SSL certificate expiry — A non-AutoSSL certificate will expire soon.

In cPanel, under "Contact Information", you'd need to disable the AutoSSL notifications. The particular notification referenced in that screenshot is:

"AutoSSL cannot renew a certificate because domains that fail validation exist on the current certificate."

Regards
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
12,499
1,971
363
cPanel Access Level
Root Administrator
I believe the option you'll want is in WHM >> Manage AutoSSL under the "Options" area. I would guess both options there are set to "Notify the user for all AutoSSL events and normal successes" instead of just issues. Can you check that page?
 

Benjamin D.

Well-Known Member
Jan 28, 2016
173
32
78
Canada
cPanel Access Level
Root Administrator
This is what I'm seeing under WHM >> Manage AutoSSL under the "Options". See attached. I've noticed even though all the emails I'm getting over night are named "AutoSSL certificate installed!" I'm seeing this in each email I'm getting: There is no recorded error on the system for “mail.whatever.com”. This might mean that this domain failed DCV (Domain Control Validation) when the system requested the new certificate, but the domain has since passed DCV.

So perhaps WHM counts this success as a failure or something like that. I get TONS of those emails and there is absolutely nothing wrong with the current SSL coverage of any of those domains. Which option should I check so that WHM notification system shuts the F up? :)

Thx
 

Attachments

Benjamin D.

Well-Known Member
Jan 28, 2016
173
32
78
Canada
cPanel Access Level
Root Administrator
cPRex, I've got to say that I'm impressed with your forum replies lately. You have helped me a couple times on here this year and I find it very refreshing to read replies from a cPanel staff member who actually seems to genuinely care about cPanel quality of service and customer service. You seem to be everywhere at once, you reply very quickly and you're helpful. Thanks for doing what you do, I appreciate your help.

I've set it to "Notify the administrator for AutoSSL certificate request failures only." so we'll see how it goes in 3 days.

BTW, is there a way for Let's Encrypt to issue SSL certs that last longer than 3 months? Before the Sectigo fiasco last year, and unless I don't recall correctly, both providers issued certs that lasted a year. I may be wrong, but I don't recall them being so short before.
 
  • Like
Reactions: ejsolutions

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
12,499
1,971
363
cPanel Access Level
Root Administrator
Thanks for the kind words!

There was some drama a couple years back about longer SSL certificates - you can read a bit about that here:


Sectigo a Let's Encrypt use 90-day certificates because that seems to be a good amount of time to refresh the information. If the site is still online, it gets a new cert - if not, they didn't secure something that only had a short life for longer than they needed to. But no, there's not a way to change or adjust the 90-day timeline for our certs.
 

Benjamin D.

Well-Known Member
Jan 28, 2016
173
32
78
Canada
cPanel Access Level
Root Administrator
Yes, but the thing is that Sectigo failed to renew many of my server's certs last year. There apparently was a massive problem and many people, including me, reported it. I lost 3 customers who went elsewhere because of that. I'm now strictly using Let's Encrypt instead of Sectigo because of that horrible issue. Sectigo caused me PTSD. Remember this? UGH! WTF IS GOING ON WITH AUTOSSL? I'M LOSING CUSTOMERS NOW WHILE PAYING CPANEL PREMIUM PRICE.

You now understand that the longer AutoSSL certs remain valid, the less stress it causes me.
 
Last edited:

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
12,499
1,971
363
cPanel Access Level
Root Administrator
That makes sense and I get that frustration for sure. There are paid options where you could purchase a one-year certificate, but for any of the automatically installed ones, the 90-day standard isn't something that is up to cPanel: