Hostname history can prevent the current hostname's SSL certificate from being obtained when the previously used hostname's domain is rate-limited.

Symptoms

When attempting to issue and install a new hostname SSL certificate we see our previous old hostname being rate-limited by Let's Encrypt which is preventing the issuance of a new SSL certificate.

Description

When attempting to issue and install a SSL certificate the server’s previous hostname can prevent the SSL certificate for the new hostname from being properly issued and installed. This occurs when the previous hostname has reached a rate-limit with Let’s Encrypt.

We've opened an internal case for our development team to investigate this further. For reference, the case number is CPANEL-47072. Follow this article to receive an email notification when a solution is published in the product. 

Workaround

Rename the hostname history file and re-running the "checkallsslcerts" script, shown below:

1. mv /var/cpanel/hostname_history.json{,.bak}

2. /usr/local/cpanel/bin/checkallsslcerts