Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

The certificate chain failed OpenSSL verification

Discussion in 'Security' started by jtgroup, May 24, 2018.

Tags:
  1. jtgroup

    jtgroup Member

    Joined:
    Nov 21, 2017
    Messages:
    19
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    UK
    cPanel Access Level:
    Root Administrator
    Hello,

    I was wondering if someone could help me with this please.

    One of our customers had their SSL certificate yesterday. A new one couldn't be installed. Error message from the 'Auto SSL' log is:

    Code:
    Log for the AutoSSL run for “account-name”: Thursday, May 24, 2018 9:45:36 AM GMT+0100 (cPanel (powered by Comodo))
     9:45:36 AM AutoSSL’s configured provider is “cPanel (powered by Comodo)”.
     Checking websites for “account-name” …
     9:45:36 AM Checking “account-domain.co.uk” …
     9:45:36 AM ERROR TLS Status: Defective
     ERROR Certificate expiry: 5/24/18, 12:00 AM UTC (0.36 days ago)
     ERROR Defect: OPENSSL_VERIFY: The certificate chain failed OpenSSL’s verification (0:10:CERT_HAS_EXPIRED).
     AutoSSL will request a new certificate.
     9:45:36 AM The system will attempt to renew the SSL certificate for the website (example.co.uk: example.co.uk www.account-domain.co.uk mail.account-domain.co.uk webmail.account-domain.co.uk cpanel.account-domain.co.uk webdisk.account-domain.co.uk).
     9:45:39 AM The system has completed the AutoSSL check for “account-name”.
    
    
    
    I'm worried because the new certificate will not install until tonight so we have a whole day with errors popping up on the web site. Is there anyway we can prevent this from happening again such as trying to get the certificate to renew a week before it is due to expire so that the old certificate remains in place until a new, valid one is installed?

    Kind regards


    James
     
    #1 jtgroup, May 24, 2018
    Last edited by a moderator: May 24, 2018
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,423
    Likes Received:
    1,957
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello James,

    Was the previously installed certificate issued by the AutoSSL feature, or was it a third-party SSL certificate? If it was a third-party SSL certificate, the following option is available under the Options tab in WHM >> Manage AutoSSL:

    Allow AutoSSL to replace invalid or expiring non-AutoSSL certificates.


    Per it's description:

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. prakashnplink

    prakashnplink Active Member

    Joined:
    Apr 8, 2014
    Messages:
    32
    Likes Received:
    1
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Got same error. The option "Allow autossl to replace..." also didn't helped. Here is the error I got.

    Code:
    Log for the AutoSSL run for “username”: Monday, May 28, 2018 12:04:09 PM GMT+05-45 (cPanel (powered by Comodo))
    12:04:09 PM AutoSSL’s configured provider is “cPanel (powered by Comodo)”.
    Checking websites for “username” …
    12:04:09 PM Checking “username.com” …
    12:04:09 PM ERROR TLS Status: Defective
    Certificate expiry: 5/21/19, 12:21 PM UTC (358.25 days from now)
    ERROR Defect: OPENSSL_VERIFY: The certificate chain failed OpenSSL’s verification (0:18:DEPTH_ZERO_SELF_SIGNED_CERT).
    12:04:11 PM AutoSSL will request a new certificate.
    12:04:11 PM The system will attempt to renew the SSL certificate for the website (username.com: username.com www.username.com mail.username.com webmail.username.com cpanel.username.com webdisk.username.com).
    The provider “cPanel (powered by Comodo)”’s AutoSSL queue already contains a request for a certificate for “username”’s website “username.com”. The request’s start time is May 21, 2018, 12:21:51 PM UTC and its last poll time is May 28, 2018, 12:24:30 AM UTC.
    12:04:11 PM The system has completed the AutoSSL check for “username”.
    
     
  4. jtgroup

    jtgroup Member

    Joined:
    Nov 21, 2017
    Messages:
    19
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    UK
    cPanel Access Level:
    Root Administrator
    Hello Michael,

    The previous certificate was an AutoSSL issued one and 'Allow AutoSSL to replace invalid or expiring non-AutoSSL certificates' is selected.

    Kind regards


    James
     
  5. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,423
    Likes Received:
    1,957
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    Can you open a support ticket so we can take a closer look to see why AutoSSL is not issuing a new certificate for this domain name? You can post the ticket number here and we will link this thread to the ticket.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice