I'd be curious to know specifically what issue(s) you are experiencing. I just posted the topic below a few minutes ago:
forums.cpanel.net
Just wondering if your experience is similar or something different.
In Progress - [COBRA-13435] AutoSSL not renewing domain certificate when some hosts fail DCV
I have created a private cPanel ticket for this issue but wanted to post it here so other customers with similar issues could track its progress in case they experience something similar: https://support.cpanel.net/hc/en-us/requests/94401480 I have an account with a domain that the customer has...
Hostname certificate doesn't renew, subdomain certificates don't renew, "The “cPanel (powered by Sectigo)” provider cannot currently accept incoming requests. The system will try again later," certificate requests failing because validation fails for non-existent subdomains, real subdomains disappear from the "Manage SSSL Hosts" page with no way to manually add them... I think that pretty much covers the problems, although I may find more as I continue trying to fix it.I'd be curious to know specifically what issue(s) you are experiencing. I just posted the topic below a few minutes ago:
Just wondering if your experience is similar or something different.In Progress - [COBRA-13435] AutoSSL not renewing domain certificate when some hosts fail DCV
I have created a private cPanel ticket for this issue but wanted to post it here so other customers with similar issues could track its progress in case they experience something similar: https://support.cpanel.net/hc/en-us/requests/94401480 I have an account with a domain that the customer has...
An hour or two spent by a support tech last week failed to resolve the hostname issue, but I really don't care about that because I'm the only one who accesses it anyway. The subdomain is a much more important problem that I'm trying to solve myself.
If cPanel doesn't fix this crap, I'm outta here. I pay a fraction of the license fee for Virtualmin and it works flawlessly.
Last edited:
The problems turned out to be:
1. cPanel decided to request certificates for the www.sub.example.com variants of the subdomains without checking whether the entries actually existed in the zone files.
2. Attempting to add A entries for the www's using the DNS zone manager gave a success message, but did nothing, because:
3. There was a bunch of useless gibberish related to the two www.subs in the zone file. I suppose they were errors of some sort; and:
4. The DNS Zone Manager inserted the new entries after the gibberish, which resulted in their being ignored.
5. The legit sub's SSL somehow got uninstalled, possibly because of the failed requests on the non-existent www? That also:
6. Caused it not to appear in Manage SSL Hosts.
7. The support guy I dealt with last time actually did obtain a renewed hostname certificate, but didn't use it to replace the expired one. I guess he assumed I would, and I assumed he would.
8. The previous failed SSL cert requests got stuck in the queue; so:
9. The new requests were ignored because there were requests pending.
What I did:
1. Backed up and cleaned up all the crap from the zone file.
2. Manually put the A entries for the www.sub's where they belonged.
3. Reloaded the zone, restarted DNS, and all that jazz.
4. Manually assigned the renewed hostname certificate to the hostname.
5. Reassigned the expired certificate to the sub that had been missing from Manage SSL Hosts.
6. Cleared the AutoSSL queue ( mv /var/cpanel/autossl_queue_cpanel.sqlite /var/cpanel/autossl_queue_cpanel.sqlite.old ).
7. Ran AutoSSL.
And it's fixed.
1. cPanel decided to request certificates for the www.sub.example.com variants of the subdomains without checking whether the entries actually existed in the zone files.
2. Attempting to add A entries for the www's using the DNS zone manager gave a success message, but did nothing, because:
3. There was a bunch of useless gibberish related to the two www.subs in the zone file. I suppose they were errors of some sort; and:
4. The DNS Zone Manager inserted the new entries after the gibberish, which resulted in their being ignored.
5. The legit sub's SSL somehow got uninstalled, possibly because of the failed requests on the non-existent www? That also:
6. Caused it not to appear in Manage SSL Hosts.
7. The support guy I dealt with last time actually did obtain a renewed hostname certificate, but didn't use it to replace the expired one. I guess he assumed I would, and I assumed he would.
8. The previous failed SSL cert requests got stuck in the queue; so:
9. The new requests were ignored because there were requests pending.
What I did:
1. Backed up and cleaned up all the crap from the zone file.
2. Manually put the A entries for the www.sub's where they belonged.
3. Reloaded the zone, restarted DNS, and all that jazz.
4. Manually assigned the renewed hostname certificate to the hostname.
5. Reassigned the expired certificate to the sub that had been missing from Manage SSL Hosts.
6. Cleared the AutoSSL queue ( mv /var/cpanel/autossl_queue_cpanel.sqlite /var/cpanel/autossl_queue_cpanel.sqlite.old ).
7. Ran AutoSSL.
And it's fixed.
I'm happy to hear this has been resolved! Yes, there have indeed been various AutoSSL issues as of late. Never hesitate to open a support ticket if needed so we can verify the specific problem.
