SOLVED SSL certificate not renewing since this morning

[PvDUk]

Hi all,

Since this morning there seem to be a problem on my server with the SSL certificate renew.
A few of my domains no longer have a valid SSL as for some reason the renew seems to fail.

Here is the error log of one of them:

Log for the AutoSSL run for “mydomain”: Sunday, January 16, 2022 8:59:39 AM GMT+0000 (cPanel (powered by Sectigo))
8:59:39 AM AutoSSL’s configured provider is “cPanel (powered by Sectigo)”.
This AutoSSL provider does not poll for certificate availability immediately after a certificate request submission. Instead, it submits certificate requests then periodically polls the cPanel Store for each requested certificate and installs it after a successful retrieval. The system will record all requests, retrievals, and installations for the current AutoSSL run in this log.
Analyzing “mydomain”’s domains …
8:59:39 AM Analyzing “mydomain.nl” …
8:59:39 AM ERROR TLS Status: Defective
ERROR Certificate expiry: 1/16/22, 12:00 AM UTC (0.37 days ago)
ERROR Defect: OPENSSL_VERIFY: The certificate chain failed OpenSSL’s verification (0:10:CERT_HAS_EXPIRED).
8:59:39 AM Attempting to ensure the existence of necessary CAA records …
8:59:39 AM No CAA records were created.
8:59:39 AM Verifying 8 domains’ DNS management …
Verifying “cPanel (powered by Sectigo)”’s authorization on 8 domains via DNS CAA records …
8:59:40 AM CA authorized: “mydomain.nl”
CA authorized: “mail.mydomain.nl”
CA authorized: “cpanel.mydomain.nl”
DNS manages “mail.mydomain.nl”.
CA authorized: “webmail.mydomain.nl”
CA authorized: “webdisk.mydomain.nl”
DNS manages “www.mydomain.nl”.
CA authorized: “cpcalendars.mydomain.nl”
CA authorized: “cpcontacts.mydomain.nl”
CA authorized: “www.mydomain.nl”
“cPanel (powered by Sectigo)” is authorized to issue certificates for 8 of this user’s 8 domains.
DNS manages “mydomain.nl”.
DNS manages “cpanel.mydomain.nl”.
DNS manages “webdisk.mydomain.nl”.
DNS manages “webmail.mydomain.nl”.
DNS manages “cpcontacts.mydomain.nl”.
DNS manages “cpcalendars.mydomain.nl”.
DNS manages 8 of this user’s 8 domains.
8:59:40 AM Performing HTTP DCV (Domain Control Validation) on 8 domains …
8:59:40 AM Local HTTP DCV OK: mydomain.nl
Local HTTP DCV OK: www.mydomain.nl (via mydomain.nl)
Local HTTP DCV OK: mail.mydomain.nl (via mydomain.nl)
Local HTTP DCV OK: cpanel.mydomain.nl (via mydomain.nl)
Local HTTP DCV OK: webdisk.mydomain.nl (via mydomain.nl)
Local HTTP DCV OK: webmail.mydomain.nl (via mydomain.nl)
Local HTTP DCV OK: cpcontacts.mydomain.nl (via mydomain.nl)
Local HTTP DCV OK: cpcalendars.mydomain.nl (via mydomain.nl)
8:59:40 AM No local DNS DCV is necessary.
8:59:40 AM Processing “mydomain”’s local DCV results …
8:59:40 AM Analyzing “mydomain.nl”’s DCV results …
8:59:40 AM AutoSSL will request a new certificate.
8:59:40 AM The system will attempt to renew the SSL certificate for the website (mydomain.nl: mydomain.nl www.mydomain.nl mail.mydomain.nl webmail.mydomain.nl cpanel.mydomain.nl webdisk.mydomain.nl cpcontacts.mydomain.nl cpcalendars.mydomain.nl).
The provider “cPanel (powered by Sectigo)”’s AutoSSL queue already contains a certificate request for “mydomain”’s website “mydomain.nl”. The request’s start time is Jan 13, 2022, 4:01:01 AM UTC.
The system has completed “mydomain”’s AutoSSL check.

For another domain which also does not work anymore I deleted the SSL certificate (under Manage SSL host) and then I rerun the SSL certificate installation (under Manage Auto SSL), but now it does not get a new SSL and itshows errors in the log:

Log for the AutoSSL run for “mydomain”: Sunday, January 16, 2022 10:07:58 AM GMT+0000 (cPanel (powered by Sectigo))
10:07:58 AM AutoSSL’s configured provider is “cPanel (powered by Sectigo)”.
This AutoSSL provider does not poll for certificate availability immediately after a certificate request submission. Instead, it submits certificate requests then periodically polls the cPanel Store for each requested certificate and installs it after a successful retrieval. The system will record all requests, retrievals, and installations for the current AutoSSL run in this log.
Analyzing “mydomain”’s domains …
10:07:58 AM Analyzing “mydomain.nl” …
10:07:58 AM ERROR TLS Status: Defective
ERROR Defect: NO_SSL: No SSL certificate is installed.
10:07:58 AM Attempting to ensure the existence of necessary CAA records …
10:07:58 AM No CAA records were created.
10:07:58 AM Verifying 8 domains’ DNS management …
Verifying “cPanel (powered by Sectigo)”’s authorization on 8 domains via DNS CAA records …
10:07:58 AM CA authorized: “mydomain.nl”
DNS manages “mydomain.nl”.
DNS manages “www.mydomain.nl”.
DNS manages “mail.mydomain.nl”.
DNS manages “cpanel.mydomain.nl”.
DNS manages “webdisk.mydomain.nl”.
DNS manages “webmail.mydomain.nl”.
DNS manages “cpcontacts.mydomain.nl”.
DNS manages “cpcalendars.mydomain.nl”.
DNS manages 8 of this user’s 8 domains.
CA authorized: “cpanel.mydomain.nl”
CA authorized: “www.mydomain.nl”
CA authorized: “mail.mydomain.nl”
CA authorized: “cpcontacts.mydomain.nl”
CA authorized: “cpcalendars.mydomain.nl”
CA authorized: “webmail.mydomain.nl”
CA authorized: “webdisk.mydomain.nl”
“cPanel (powered by Sectigo)” is authorized to issue certificates for 8 of this user’s 8 domains.
10:07:58 AM Performing HTTP DCV (Domain Control Validation) on 8 domains …
10:07:58 AM Local HTTP DCV OK: mydomain.nl
Local HTTP DCV OK: www.mydomain.nl (via mydomain.nl)
Local HTTP DCV OK: mail.mydomain.nl (via mydomain.nl)
Local HTTP DCV OK: cpanel.mydomain.nl (via mydomain.nl)
Local HTTP DCV OK: webdisk.mydomain.nl (via mydomain.nl)
Local HTTP DCV OK: webmail.mydomain.nl (via mydomain.nl)
Local HTTP DCV OK: cpcontacts.mydomain.nl (via mydomain.nl)
Local HTTP DCV OK: cpcalendars.mydomain.nl (via mydomain.nl)
10:07:58 AM No local DNS DCV is necessary.
10:07:58 AM Processing “mydomain”’s local DCV results …
10:07:58 AM Analyzing “mydomain.nl”’s DCV results …
10:07:59 AM AutoSSL will request a new certificate.
10:07:59 AM The system will attempt to renew the SSL certificate for the website (mydomain.nl: mydomain.nl www.mydomain.nl mail.mydomain.nl webmail.mydomain.nl cpanel.mydomain.nl webdisk.mydomain.nl cpcontacts.mydomain.nl cpcalendars.mydomain.nl).
The provider “cPanel (powered by Sectigo)”’s AutoSSL queue already contains a certificate request for “mydomain”’s website “mydomain.nl”. The request’s start time is Jan 16, 2022, 8:21:50 AM UTC.
The system has completed “mydomain”’s AutoSSL check.

Can anyone please provide me with some help regarding this?

I still have other domains on the same server, those SSL is working just fine (but those were not renewed this morning as they are still valid). In the past there were no issues and all domains did get their SSL certificates. Just out of nothing this came up this morning so I am at a loss as to what the problem is.


[add on]
Since it takes a long time to approve this topic and my client is getting impatient I have been trying to resolve this myself. There were some other domains still in the pending queue to get their ssl updated and I have deleted those (using the solution here: https://support.cpanel.net/hc/en-us/articles/360053896153-How-can-I-clear-the-AutoSSL-Queue- )
After that I have requested a new SSL certificate for one of the domains having the issue and now that is in the pending queue (at time of writing been there for around 30 minutes).

 

[cPanelAnthony]

Hello! As there have been various AutoSSL issues recently, would you be able to open a ticket with the link in my signature so we can investigate? If you do so, please provide the ticket ID here.

 

[PvDUk]

Not sure why a topic like this is not approved quicker. I am a client with Cpanel, I would assume if I as a Cpanel client get into trouble I would get a quicker response time. Specially with your amazing price increases I would assume you would try a bit better ..... but hé, its sunday? Who works then. If only your sundays reflected on what I am paying you monthly


Anyway, I resolved the issues at the end of my sunday after many tries and changes. Thanks for uhm, approving the topic on monday. Please remove this as it serves no purpose at all.

 

[cPanelAnthony]

Not sure why a topic like this is not approved quicker. I am a client with Cpanel, I would assume if I as a Cpanel client get into trouble I would get a quicker response time. Specially with your amazing price increases I would assume you would try a bit better ..... but hé, its sunday? Who works then. If only your sundays reflected on what I am paying you monthly


Anyway, I resolved the issues at the end of my sunday after many tries and changes. Thanks for uhm, approving the topic on monday. Please remove this as it serves no purpose at all.

I'm happy to hear you found a solution!

While the cPanel team will always chime in on the forums and offer assistance, (I have regularly been approving up to twenty threads a day during this busy season and responding to dozens of threads) please keep in mind that the forums are a free community resource and aren't intended to be enterprise-level support. The intention is that these forums serve as a collaborative environment where various cPanel users can come together and share their knowledge. If you want faster support, you can always submit a support ticket to cPanel directly using the link in my signature. Or, if you're unable to do so, your web hosting provider would be able to do so on your behalf. If you pay for cPanel, at some level, someone should be able to open a ticket with us directly.

 

[Mr.Novo]

Well opening a ticket is not fast either. I'm waiting for a reply, again "reply" not solution for 24 hours.

 

[cPRex]

@Mr.Novo - can you let me know the ticket number so I can look into the delay?

 

[Mr.Novo]

@cPRex I bought a SSL certificate and solved my problem marked ticket as solved. Thanks for the offer though.

 

[Mr.Novo]

Also Autossl is working now and i've done nothing to fix that.

 

[cPRex]

There wouldn't be anything you could do on your end to fix the recent issues as the problem is on the Sectigo side of things.

 

[vinnie6669]

If anyone else facing this issue I am posting how I made it work. There is recently issue with Sectigo and we have to try multiple times autossl renewal from cpanel or whm and keep checking the logs. After 2-3 tries you will get the certs. Cheers and hope Sectigo will fix it soon.

 

[cPRex]

@vinnie6669 - unfortunately there is no guarantee that this will work properly after a few checks, as the issues are all on the Sectigo side with their network. It could work well, or a user could continue to have issues after a few tries.

 

[PPNSteve]

Also seeing renewal issues with Sectigo.
Its quite hit or miss right now.. i have had a couple domains get their renewed certs and others stuck in pending hell. No rhyme or reason here.. we do need a fix ASAP though.

 

[cPRex]

Its quite hit or miss right now

So much. I wish Sectigo would fix their stuff. I really wish I had more details to post, but they aren't saying much on our side either at this time.

 

[Ali Poonawala]

I am having the same issue. SSL for domains that expired today are not renewing. Is there anything we can do to force an ssl to renew?

 

[cPRex]

@Ali Poonawala - I see you switched to Let's Encrypt in another thread.