AutoSSL has always been working great. It has had a few minor issues, but ever since October/November, we've had issues with AutoSSL almost daily.
Most of these issues are related to AutoSSL not being able to issue a certificate for a domain/subdomain that doesn't exist. This makes sense, but it has worked for years before October/November. I don't know whether AutoSSL automatically excluded the domain or if it was just ignored, but it worked without problems.
In one case, a client was trying to run AutoSSL for an addon domain that had a subdomain: subdomain.example.com
This subdomain had a valid A record that pointed to the cPanel server.
Because this subdomain was added through cPanel, cPanel also added www.subdomain.example.com - this does not have any DNS records whatsoever.
AutoSSL has been failing to renew the certificate since January 7th 2022 (52 days ago) and kept failing.
As you can see, AutoSSL included www.subdomain.example.com. It would keep looking and get back to "The certificate is not available". The certificate has always been able to be renewed, up until October/November - even though no DNS record has ever existed for www.subdomain.example.com.
As soon as I excluded www.subdomain.example.com from AutoSSL, the certificate was installed in first try.
I would guess this is the problem of 99% of the cases we have where AutoSSL is failing to renew/install a certificate.
What has happened?
Most of these issues are related to AutoSSL not being able to issue a certificate for a domain/subdomain that doesn't exist. This makes sense, but it has worked for years before October/November. I don't know whether AutoSSL automatically excluded the domain or if it was just ignored, but it worked without problems.
In one case, a client was trying to run AutoSSL for an addon domain that had a subdomain: subdomain.example.com
This subdomain had a valid A record that pointed to the cPanel server.
Because this subdomain was added through cPanel, cPanel also added www.subdomain.example.com - this does not have any DNS records whatsoever.
AutoSSL has been failing to renew the certificate since January 7th 2022 (52 days ago) and kept failing.
Code:
9:12:16 PM Analyzing “subdomain.example.com” (website) …
9:12:16 PM ERROR TLS Status: Defective
ERROR Certificate expiry: 1/7/22, 12:00 AM UTC (52.84 days ago)
ERROR Defect: OPENSSL_VERIFY: The certificate chain failed OpenSSL’s verification (0:10:CERT_HAS_EXPIRED).
...
...
9:12:44 PM Analyzing “subdomain.example.com”’s DCV results …
9:12:44 PM AutoSSL will request a new certificate.
9:12:44 PM The system will attempt to renew the SSL certificate for (subdomain.example.com: subdomain.example.com www.subdomain.example.com).
9:12:47 PM The cPanel Store received “subdomain.example.com”’s certificate order. (Order Item ID: 1523412849) The system will periodically poll the cPanel Store for the issued certificate and then install it after a successful retrieval.
The system has completed “username”’s AutoSSL check.
9:14:02 PM Polling for “username”’s new certificate for “subdomain.example.com” (order item ID “1523412849”) …
9:14:03 PM The certificate is not available. (processing)As soon as I excluded www.subdomain.example.com from AutoSSL, the certificate was installed in first try.
I would guess this is the problem of 99% of the cases we have where AutoSSL is failing to renew/install a certificate.
What has happened?
Last edited by a moderator:
