SOLVED SSL certificate not renewing since this morning

PvDUk

Registered
Jan 16, 2022
2
0
1
United Kingdom
cPanel Access Level
Root Administrator
Hi all,

Since this morning there seem to be a problem on my server with the SSL certificate renew.
A few of my domains no longer have a valid SSL as for some reason the renew seems to fail.

Here is the error log of one of them:

Code:
Log for the AutoSSL run for “mydomain”: Sunday, January 16, 2022 8:59:39 AM GMT+0000 (cPanel (powered by Sectigo))
8:59:39 AM AutoSSL’s configured provider is “cPanel (powered by Sectigo)”.
This AutoSSL provider does not poll for certificate availability immediately after a certificate request submission. Instead, it submits certificate requests then periodically polls the cPanel Store for each requested certificate and installs it after a successful retrieval. The system will record all requests, retrievals, and installations for the current AutoSSL run in this log.
Analyzing “mydomain”’s domains …
8:59:39 AM Analyzing “mydomain.nl” …
8:59:39 AM ERROR TLS Status: Defective
ERROR Certificate expiry: 1/16/22, 12:00 AM UTC (0.37 days ago)
ERROR Defect: OPENSSL_VERIFY: The certificate chain failed OpenSSL’s verification (0:10:CERT_HAS_EXPIRED).
8:59:39 AM Attempting to ensure the existence of necessary CAA records …
8:59:39 AM No CAA records were created.
8:59:39 AM Verifying 8 domains’ DNS management …
Verifying “cPanel (powered by Sectigo)”’s authorization on 8 domains via DNS CAA records …
8:59:40 AM CA authorized: “mydomain.nl”
CA authorized: “mail.mydomain.nl”
CA authorized: “cpanel.mydomain.nl”
DNS manages “mail.mydomain.nl”.
CA authorized: “webmail.mydomain.nl”
CA authorized: “webdisk.mydomain.nl”
DNS manages “www.mydomain.nl”.
CA authorized: “cpcalendars.mydomain.nl”
CA authorized: “cpcontacts.mydomain.nl”
CA authorized: “www.mydomain.nl”
“cPanel (powered by Sectigo)” is authorized to issue certificates for 8 of this user’s 8 domains.
DNS manages “mydomain.nl”.
DNS manages “cpanel.mydomain.nl”.
DNS manages “webdisk.mydomain.nl”.
DNS manages “webmail.mydomain.nl”.
DNS manages “cpcontacts.mydomain.nl”.
DNS manages “cpcalendars.mydomain.nl”.
DNS manages 8 of this user’s 8 domains.
8:59:40 AM Performing HTTP DCV (Domain Control Validation) on 8 domains …
8:59:40 AM Local HTTP DCV OK: mydomain.nl
Local HTTP DCV OK: www.mydomain.nl (via mydomain.nl)
Local HTTP DCV OK: mail.mydomain.nl (via mydomain.nl)
Local HTTP DCV OK: cpanel.mydomain.nl (via mydomain.nl)
Local HTTP DCV OK: webdisk.mydomain.nl (via mydomain.nl)
Local HTTP DCV OK: webmail.mydomain.nl (via mydomain.nl)
Local HTTP DCV OK: cpcontacts.mydomain.nl (via mydomain.nl)
Local HTTP DCV OK: cpcalendars.mydomain.nl (via mydomain.nl)
8:59:40 AM No local DNS DCV is necessary.
8:59:40 AM Processing “mydomain”’s local DCV results …
8:59:40 AM Analyzing “mydomain.nl”’s DCV results …
8:59:40 AM AutoSSL will request a new certificate.
8:59:40 AM The system will attempt to renew the SSL certificate for the website (mydomain.nl: mydomain.nl www.mydomain.nl mail.mydomain.nl webmail.mydomain.nl cpanel.mydomain.nl webdisk.mydomain.nl cpcontacts.mydomain.nl cpcalendars.mydomain.nl).
The provider “cPanel (powered by Sectigo)”’s AutoSSL queue already contains a certificate request for “mydomain”’s website “mydomain.nl”. The request’s start time is Jan 13, 2022, 4:01:01 AM UTC.
The system has completed “mydomain”’s AutoSSL check.

For another domain which also does not work anymore I deleted the SSL certificate (under Manage SSL host) and then I rerun the SSL certificate installation (under Manage Auto SSL), but now it does not get a new SSL and itshows errors in the log:

Code:
Log for the AutoSSL run for “mydomain”: Sunday, January 16, 2022 10:07:58 AM GMT+0000 (cPanel (powered by Sectigo))
10:07:58 AM AutoSSL’s configured provider is “cPanel (powered by Sectigo)”.
This AutoSSL provider does not poll for certificate availability immediately after a certificate request submission. Instead, it submits certificate requests then periodically polls the cPanel Store for each requested certificate and installs it after a successful retrieval. The system will record all requests, retrievals, and installations for the current AutoSSL run in this log.
Analyzing “mydomain”’s domains …
10:07:58 AM Analyzing “mydomain.nl” …
10:07:58 AM ERROR TLS Status: Defective
ERROR Defect: NO_SSL: No SSL certificate is installed.
10:07:58 AM Attempting to ensure the existence of necessary CAA records …
10:07:58 AM No CAA records were created.
10:07:58 AM Verifying 8 domains’ DNS management …
Verifying “cPanel (powered by Sectigo)”’s authorization on 8 domains via DNS CAA records …
10:07:58 AM CA authorized: “mydomain.nl”
DNS manages “mydomain.nl”.
DNS manages “www.mydomain.nl”.
DNS manages “mail.mydomain.nl”.
DNS manages “cpanel.mydomain.nl”.
DNS manages “webdisk.mydomain.nl”.
DNS manages “webmail.mydomain.nl”.
DNS manages “cpcontacts.mydomain.nl”.
DNS manages “cpcalendars.mydomain.nl”.
DNS manages 8 of this user’s 8 domains.
CA authorized: “cpanel.mydomain.nl”
CA authorized: “www.mydomain.nl”
CA authorized: “mail.mydomain.nl”
CA authorized: “cpcontacts.mydomain.nl”
CA authorized: “cpcalendars.mydomain.nl”
CA authorized: “webmail.mydomain.nl”
CA authorized: “webdisk.mydomain.nl”
“cPanel (powered by Sectigo)” is authorized to issue certificates for 8 of this user’s 8 domains.
10:07:58 AM Performing HTTP DCV (Domain Control Validation) on 8 domains …
10:07:58 AM Local HTTP DCV OK: mydomain.nl
Local HTTP DCV OK: www.mydomain.nl (via mydomain.nl)
Local HTTP DCV OK: mail.mydomain.nl (via mydomain.nl)
Local HTTP DCV OK: cpanel.mydomain.nl (via mydomain.nl)
Local HTTP DCV OK: webdisk.mydomain.nl (via mydomain.nl)
Local HTTP DCV OK: webmail.mydomain.nl (via mydomain.nl)
Local HTTP DCV OK: cpcontacts.mydomain.nl (via mydomain.nl)
Local HTTP DCV OK: cpcalendars.mydomain.nl (via mydomain.nl)
10:07:58 AM No local DNS DCV is necessary.
10:07:58 AM Processing “mydomain”’s local DCV results …
10:07:58 AM Analyzing “mydomain.nl”’s DCV results …
10:07:59 AM AutoSSL will request a new certificate.
10:07:59 AM The system will attempt to renew the SSL certificate for the website (mydomain.nl: mydomain.nl www.mydomain.nl mail.mydomain.nl webmail.mydomain.nl cpanel.mydomain.nl webdisk.mydomain.nl cpcontacts.mydomain.nl cpcalendars.mydomain.nl).
The provider “cPanel (powered by Sectigo)”’s AutoSSL queue already contains a certificate request for “mydomain”’s website “mydomain.nl”. The request’s start time is Jan 16, 2022, 8:21:50 AM UTC.
The system has completed “mydomain”’s AutoSSL check.

Can anyone please provide me with some help regarding this?

I still have other domains on the same server, those SSL is working just fine (but those were not renewed this morning as they are still valid). In the past there were no issues and all domains did get their SSL certificates. Just out of nothing this came up this morning so I am at a loss as to what the problem is.


[add on]
Since it takes a long time to approve this topic and my client is getting impatient I have been trying to resolve this myself. There were some other domains still in the pending queue to get their ssl updated and I have deleted those (using the solution here: https://support.cpanel.net/hc/en-us/articles/360053896153-How-can-I-clear-the-AutoSSL-Queue- )
After that I have requested a new SSL certificate for one of the domains having the issue and now that is in the pending queue (at time of writing been there for around 30 minutes).
 
Last edited:

PvDUk

Registered
Jan 16, 2022
2
0
1
United Kingdom
cPanel Access Level
Root Administrator
Not sure why a topic like this is not approved quicker. I am a client with Cpanel, I would assume if I as a Cpanel client get into trouble I would get a quicker response time. Specially with your amazing price increases I would assume you would try a bit better ..... but hé, its sunday? Who works then. If only your sundays reflected on what I am paying you monthly o_O


Anyway, I resolved the issues at the end of my sunday after many tries and changes. Thanks for uhm, approving the topic on monday. Please remove this as it serves no purpose at all.
 

cPanelAnthony

Administrator
Staff member
Oct 18, 2021
1,046
111
118
Houston, TX
cPanel Access Level
Root Administrator
Not sure why a topic like this is not approved quicker. I am a client with Cpanel, I would assume if I as a Cpanel client get into trouble I would get a quicker response time. Specially with your amazing price increases I would assume you would try a bit better ..... but hé, its sunday? Who works then. If only your sundays reflected on what I am paying you monthly o_O


Anyway, I resolved the issues at the end of my sunday after many tries and changes. Thanks for uhm, approving the topic on monday. Please remove this as it serves no purpose at all.
I'm happy to hear you found a solution!

While the cPanel team will always chime in on the forums and offer assistance, (I have regularly been approving up to twenty threads a day during this busy season and responding to dozens of threads) please keep in mind that the forums are a free community resource and aren't intended to be enterprise-level support. The intention is that these forums serve as a collaborative environment where various cPanel users can come together and share their knowledge. If you want faster support, you can always submit a support ticket to cPanel directly using the link in my signature. Or, if you're unable to do so, your web hosting provider would be able to do so on your behalf. If you pay for cPanel, at some level, someone should be able to open a ticket with us directly.
 

vinnie6669

Member
Nov 24, 2021
5
1
3
Indian
cPanel Access Level
Root Administrator
If anyone else facing this issue I am posting how I made it work. There is recently issue with Sectigo and we have to try multiple times autossl renewal from cpanel or whm and keep checking the logs. After 2-3 tries you will get the certs. Cheers and hope Sectigo will fix it soon.