Something weird with auto SSLs

rinkleton

Well-Known Member
Jul 16, 2015
107
4
18
Cleveland
cPanel Access Level
Root Administrator
I have two accounts that had auto-ssls (cpanel) that expired a few days ago. It looks like auto ssl renewed them successfully, but I'm intermittently getting failures. Sometimes it will act like there is no ssl installed, sometimes it will say the cert is expired (shows the old cert when you view info), and sometimes it pulls the new cert and works.

At first I thought it was something in my anti-virus (eset). Disabling it sometimes helped, but not always. Then I tried deleting and re-issuing the certs. That only worked sometimes and strangely the issue date on the cert is showing as yesterday?. Then I tried issuing Let's Encrypt certs.... those seem to work most of the time that the anti-virus is off.

I tried to check them with online ssl checkers and they seem to be showing random failures too. But they are hard to test because it looks like they cache the results.

Anyone else having weirdness?
 

24x7server

Well-Known Member
Apr 17, 2013
1,911
96
78
India
cPanel Access Level
Root Administrator
Twitter
Hi,

Random failures mostly occurs when you have a load balancer or some other proxy in front of main web server that shapes the traffic from one server to another.

However, to go about this issue, I would like you to remove the SSL completely for the account from this server and then reissue is again...
 

rinkleton

Well-Known Member
Jul 16, 2015
107
4
18
Cleveland
cPanel Access Level
Root Administrator
According to the logs a new cert was successfully installed for one of the affected accounts june 20th. We could see the cert in the store.

We don't have any proxies or load balances. This is 2 accounts among over 100 that are working fine on the same server.

We did try to uninstall the certs with the results listed above
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,910
2,215
363
Sometimes it will act like there is no ssl installed, sometimes it will say the cert is expired (shows the old cert when you view info), and sometimes it pulls the new cert and works.
Hello,

Feel free to open a support ticket using the link in my signature so we can take a closer look and see why the certificates are failing.

Thanks!