Potential reduced AutoSSL coverage for subdomain that doesn't exist?

Benjamin D.

Well-Known Member
Jan 28, 2016
128
17
18
Canada
cPanel Access Level
Root Administrator
AutoSSL keeps emailing me: "Potential reduced AutoSSL coverage" for a subdomain that doesn't even exist. Where does it take this subdomain? We removed it months ago. I double checked in:

- cPanel account by logging in as the user.
- DNS entries in the WHM as root.
- I deleted the SSL HOST and re-run the AutoSSL check which issued a new cert...

Still, the SSL Host table shows that stupid subdomain which is nowhere to be found, having a red lock and AutoSSL keeps sending me an email about reduced coverage. Where the heck is this subdomain entry and how do I completely wipe it off so that AutoSSL shuts the F up?

Thanks >.<
 

Benjamin D.

Well-Known Member
Jan 28, 2016
128
17
18
Canada
cPanel Access Level
Root Administrator
No they're not proxy subdomains, just regular subdomains. Tough most of them were auto-generated by cPanel when I created this user's account and/or some subdomains. e.g.: www.sub.domain.com / The client did not want www.sub.domain.com only sub.domain.com so they removed the www sub-sub-domain but it stuck on AutoSSL and it kept emailing for days that this subdomain did not point to any ipv4 address, altough www.sub.domain.com did not seem to exist anywhere in cPanel nor WHM at all (DNS entries, cPanel subdomains tab, etc..) so the question is where the heck is AutoSSL looking to pick up that non-existent www.sub.domain.com.

This morning, AutoSSL emailed me that one of those subdomains is finally dropped! So I guess AutoSSL finally figured out that this domain does not exist anymore. Why did it take months tough?

Also, as per the link you provided, I have no "Skipping duplicate domains" warnings at all, only the one warning email that I mentioned in first post ("This subdomain does not resolve to any IPv4 addresses on the internet". Thanks for the link tough, I'll look into rebuilding httpd.conf but I may not go that route, since I am afraid of breaking something. It's a production server, so I can't afford losing any more clients than this server migration already cost me.
 
Last edited:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,203
363
Hello @Benjamin D.,

I believe the implementation of the change referenced in the comments section of the following feature request would help address the issue you reported:

Auto ssl reset failed request (ie: when verification servers offline)

The change would expire the pending request after 4 days instead of 8 days. Additionally, I believe you should be able to run the following commands in the future should you need to manually clear the pending request after deleting a subdomain:

Code:
/usr/local/cpanel/bin/autossl_check --user=username
/usr/local/cpanel/bin/autossl_check_cpstore_queue --force
Thank you.