What in the Ever-Loving Hell is Wrong with AutoSSL?

swbrains

Well-Known Member
Sep 13, 2006
240
33
178
I'd be curious to know specifically what issue(s) you are experiencing. I just posted the topic below a few minutes ago:
Just wondering if your experience is similar or something different.
 

GeekOnTheHill

Active Member
Feb 16, 2015
29
6
53
cPanel Access Level
Root Administrator
I'd be curious to know specifically what issue(s) you are experiencing. I just posted the topic below a few minutes ago:
Just wondering if your experience is similar or something different.
Hostname certificate doesn't renew, subdomain certificates don't renew, "The “cPanel (powered by Sectigo)” provider cannot currently accept incoming requests. The system will try again later," certificate requests failing because validation fails for non-existent subdomains, real subdomains disappear from the "Manage SSSL Hosts" page with no way to manually add them... I think that pretty much covers the problems, although I may find more as I continue trying to fix it.

An hour or two spent by a support tech last week failed to resolve the hostname issue, but I really don't care about that because I'm the only one who accesses it anyway. The subdomain is a much more important problem that I'm trying to solve myself.

If cPanel doesn't fix this crap, I'm outta here. I pay a fraction of the license fee for Virtualmin and it works flawlessly.
 
Last edited:

GeekOnTheHill

Active Member
Feb 16, 2015
29
6
53
cPanel Access Level
Root Administrator
The problems turned out to be:

1. cPanel decided to request certificates for the www.sub.example.com variants of the subdomains without checking whether the entries actually existed in the zone files.
2. Attempting to add A entries for the www's using the DNS zone manager gave a success message, but did nothing, because:
3. There was a bunch of useless gibberish related to the two www.subs in the zone file. I suppose they were errors of some sort; and:
4. The DNS Zone Manager inserted the new entries after the gibberish, which resulted in their being ignored.
5. The legit sub's SSL somehow got uninstalled, possibly because of the failed requests on the non-existent www? That also:
6. Caused it not to appear in Manage SSL Hosts.
7. The support guy I dealt with last time actually did obtain a renewed hostname certificate, but didn't use it to replace the expired one. I guess he assumed I would, and I assumed he would.
8. The previous failed SSL cert requests got stuck in the queue; so:
9. The new requests were ignored because there were requests pending.

What I did:

1. Backed up and cleaned up all the crap from the zone file.
2. Manually put the A entries for the www.sub's where they belonged.
3. Reloaded the zone, restarted DNS, and all that jazz.
4. Manually assigned the renewed hostname certificate to the hostname.
5. Reassigned the expired certificate to the sub that had been missing from Manage SSL Hosts.
6. Cleared the AutoSSL queue ( mv /var/cpanel/autossl_queue_cpanel.sqlite /var/cpanel/autossl_queue_cpanel.sqlite.old ).
7. Ran AutoSSL.

And it's fixed.