Hi,
Following on from what Go4 asked about the primary domain not being the common name on the certificate.
Using cPanel & WHM 64.0 (build 18). I believe this had recently been upgraded around 6 Apr 2017.
I have a hosting account called subdomaindeptpub with a primary domain of subdomain.dept.state.gov.au which is pointing to my hosting account via an A record. I converted this website over to use https on the 23/3/2017 and all seemed to be working fine.
Then a couple of days ago I noticed that the website was displaying "subdomain.dept.state.gov.au uses an invalid security certificate. The certificate is only valid for
www.subdomain.dept.state.gov.au Error code: SSL_ERROR_BAD_CERT_DOMAIN".
I checked the Manage AutoSSL log file as follows:
Code:
Log for the AutoSSL run for all users: Monday, April 28, 2017 5:43:02 AM GMT+1000 (Let’s Encrypt™)
5:43:02 AM This system has AutoSSL set to use “Let’s Encrypt™”.
5:44:04 AM Checking websites for “subdomaindeptpub” …
5:44:04 AM The website “subdomain.dept.state.gov.au”, owned by “subdomaindeptpub”, has a faulty SSL certificate (NOT_ALL_DOMAINS AUTOSSL_READY_FOR_RENEWAL). AutoSSL will attempt to replace this certificate.
5:44:04 AM WARN The domain “subdomain.dept.state.gov.au” failed domain control validation: “subdomain.dept.state.gov.au” does not resolve to any IPv4 addresses on the internet.
5:44:18 AM WARN The domain “mail.subdomain.dept.state.gov.au” failed domain control validation: The system failed to fetch the <abbr title="Domain Control Validation">DCV</abbr> file at “<a href="[URL]http://mail.subdomain.dept.state.gov.au/.well-known/acme-challenge/VFRY5KCBG5C9WE-BYYES_L_3R7YLONHM[/URL]">[URL]http://mail.subdomain.dept.state.gov.au/.well-known/acme-challenge/VFRY5KCBG5C9WE-BYYES_L_3R7YLONHM[/URL]</a>” because of an error: The system failed to send an <abbr title="Hypertext Transfer Protocol">HTTP</abbr> “GET” request to “[URL]http://mail.subdomain.dept.state.gov.au/.well-known/acme-challenge/VFRY5KCBG5C9WE-BYYES_L_3R7YLONHM[/URL][URL='http://mail.subdomain.dept.state.gov.au/.well-known/acme-challenge/VFRY5KCBG5C9WE-BYYES_L_3R7YLONHM”']”[/URL] because of an error: Could not connect to 'mail.subdomain.dept.state.gov.au:80': Connection timed out . The domain “mail.subdomain.dept.state.gov.au” resolved to an IP address “203.21.194.92” that does not exist on this server.
5:44:19 AM WARN The domain “cpanel.subdomain.dept.state.gov.au” failed domain control validation: “cpanel.subdomain.dept.state.gov.au” does not resolve to any IPv4 addresses on the internet.
5:44:19 AM WARN The domain “webdisk.subdomain.dept.state.gov.au” failed domain control validation: “webdisk.subdomain.dept.state.gov.au” does not resolve to any IPv4 addresses on the internet.
5:44:19 AM WARN The domain “webmail.subdomain.dept.state.gov.au” failed domain control validation: “webmail.subdomain.dept.state.gov.au” does not resolve to any IPv4 addresses on the internet.
5:44:19 AM The system will attempt to renew SSL certificates for the following websites:
5:44:19 AM subdomain.dept.state.gov.au ([URL='http://www.subdomain.dept.state.gov.au']www.subdomain.dept.state.gov.au[/URL])
5:44:24 AM SUCCESS The system has installed a new certificate onto “subdomaindeptpub”’s website “subdomain.dept.state.gov.au”.
5:44:24 AM The system has completed the AutoSSL check for “subdomaindeptpub”.
It seems that AutoSSL is creating a new SSL Certificate for my domain because its 29 days from expiring. It appears to check the expiry status each day. In my case the new certificate only applied to the
www.subdomain.dept.state.gov.au domain not the primary subdomain.dept.state.gov.au unlike what it had previously done and consequently created the browser error.
The only way to temporarily solve the issue was to delete the new certificate and re-instate the previous one which covered both domains subdomain.dept.state.gov.au and
www.subdomain.dept.state.gov.au .
How do I make sure that the FQDNs appear on the certificate or at the very least the primary domain (subdomain.dept.state.gov.au) appears so I don't get the same issue again?
Thanks