Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Potential reduced AutoSSL coverage for subdomain that doesn't exist?

Discussion in 'Security' started by Benjamin D., Sep 16, 2018.

Tags:
  1. Benjamin D.

    Benjamin D. Well-Known Member

    Joined:
    Jan 28, 2016
    Messages:
    126
    Likes Received:
    17
    Trophy Points:
    18
    Location:
    Canada
    cPanel Access Level:
    Root Administrator
    AutoSSL keeps emailing me: "Potential reduced AutoSSL coverage" for a subdomain that doesn't even exist. Where does it take this subdomain? We removed it months ago. I double checked in:

    - cPanel account by logging in as the user.
    - DNS entries in the WHM as root.
    - I deleted the SSL HOST and re-run the AutoSSL check which issued a new cert...

    Still, the SSL Host table shows that stupid subdomain which is nowhere to be found, having a red lock and AutoSSL keeps sending me an email about reduced coverage. Where the heck is this subdomain entry and how do I completely wipe it off so that AutoSSL shuts the F up?

    Thanks >.<
     
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,002
    Likes Received:
    2,123
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @Benjamin D.,

    Can you confirm if the subdomain is one of the default proxy subdomains? If not, check to see if you notice any entries for that subdomain in the userdata files associated with the account. There's a post here with information about where to look:

    Warning on AutoSSL after upgrading cPanel

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. Benjamin D.

    Benjamin D. Well-Known Member

    Joined:
    Jan 28, 2016
    Messages:
    126
    Likes Received:
    17
    Trophy Points:
    18
    Location:
    Canada
    cPanel Access Level:
    Root Administrator
    No they're not proxy subdomains, just regular subdomains. Tough most of them were auto-generated by cPanel when I created this user's account and/or some subdomains. e.g.: www.sub.domain.com / The client did not want www.sub.domain.com only sub.domain.com so they removed the www sub-sub-domain but it stuck on AutoSSL and it kept emailing for days that this subdomain did not point to any ipv4 address, altough www.sub.domain.com did not seem to exist anywhere in cPanel nor WHM at all (DNS entries, cPanel subdomains tab, etc..) so the question is where the heck is AutoSSL looking to pick up that non-existent www.sub.domain.com.

    This morning, AutoSSL emailed me that one of those subdomains is finally dropped! So I guess AutoSSL finally figured out that this domain does not exist anymore. Why did it take months tough?

    Also, as per the link you provided, I have no "Skipping duplicate domains" warnings at all, only the one warning email that I mentioned in first post ("This subdomain does not resolve to any IPv4 addresses on the internet". Thanks for the link tough, I'll look into rebuilding httpd.conf but I may not go that route, since I am afraid of breaking something. It's a production server, so I can't afford losing any more clients than this server migration already cost me.
     
    #3 Benjamin D., Sep 18, 2018
    Last edited: Sep 18, 2018
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,002
    Likes Received:
    2,123
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @Benjamin D.,

    I believe the implementation of the change referenced in the comments section of the following feature request would help address the issue you reported:

    Auto ssl reset failed request (ie: when verification servers offline)

    The change would expire the pending request after 4 days instead of 8 days. Additionally, I believe you should be able to run the following commands in the future should you need to manually clear the pending request after deleting a subdomain:

    Code:
    /usr/local/cpanel/bin/autossl_check --user=username
    /usr/local/cpanel/bin/autossl_check_cpstore_queue --force
    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. Benjamin D.

    Benjamin D. Well-Known Member

    Joined:
    Jan 28, 2016
    Messages:
    126
    Likes Received:
    17
    Trophy Points:
    18
    Location:
    Canada
    cPanel Access Level:
    Root Administrator
    Very interesting, thanks. If this happens again, I'll try and remember to come back here, your solutions looks promising indeed.
     
    cPanelMichael likes this.
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice