AutoSSL failure on all domains on the server
Posting this to help others with this issue...
PROBLEM: AutoSSL failed to update all domains
This is a dedicated server with 15 domains currently, one of which has two subdomains.
WHM is v72.0.10 running under CENTOS 7.5.
I have never had a problem with AutoSSL previously, but I received this tonight - one for each domain on the server.
[QUOTE]
domain.com: AutoSSL would normally renew this certificate now, but 0 of the website"s secured domains just failed DCV. To provide you with more time to resolve these problems, AutoSSL will defer the renewal until Jul 22, 2018 at 12:00:00 AM UTC. After that time, AutoSSL will request a replacement certificate that excludes any domains that fail DCV. At the time of this notice, the certificate will expire in 6 days, 22 hours, 40 minutes, and 16 seconds.
AutoSSL did not renew the certificate for "domain.com". You must take action to keep this site secure.
The certificate that is installed on this website contains the following properties:
Expiration: Wednesday, July 25, 2018 at 12:00:00 AM UTC
Domain Names: domain.com
autodiscover.domain.com
cpanel.domain.com
mail.domain.com
webdisk.domain.com
webmail.domain.com
whm.domain.com
www.domain.com
Subject: commonName domain.com
Issuer: countryName US
stateOrProvinceName TX
localityName Houston
organizationName cPanel, Inc.
commonName cPanel, Inc. Certification Authority
To upgrade to an EV or OV certificate, navigate to the "SSL/TLS Wizard" interface.
The system generated this notice on Wednesday, July 18, 2018 at 1:19:43 AM UTC.
RESOLVED: A short time ago, I was checking server settings and to see what would happen I enabled Allow AutoSSL to replace invalid or expiring non-AutoSSL certificates. This option comes with a warning: [QUOTE] This option will allow AutoSSL to replace certificates that the AutoSSL system did not issue. When you enable this option, AutoSSL will install certificates that replace users" CA-issued certificates if they are invalid or expire within 3 days. Unless you fully understand this option, do not select it, because the system could unexpectedly replace an expiring or invalid EV or OV certificate with a DV certificate.
The certificates do not expire for 6 days (see above) and evidently enabling this prevented the AutoSSL updates. I disabled (unchecked) that option, re-ran AutoSSL, and it completed normally.
RESOLVED: A short time ago, I was checking server settings and to see what would happen I enabled Allow AutoSSL to replace invalid or expiring non-AutoSSL certificates. This option comes with a warning: [QUOTE] This option will allow AutoSSL to replace certificates that the AutoSSL system did not issue. When you enable this option, AutoSSL will install certificates that replace users" CA-issued certificates if they are invalid or expire within 3 days. Unless you fully understand this option, do not select it, because the system could unexpectedly replace an expiring or invalid EV or OV certificate with a DV certificate.
The certificates do not expire for 6 days (see above) and evidently enabling this prevented the AutoSSL updates. I disabled (unchecked) that option, re-ran AutoSSL, and it completed normally.
Please sign in to leave a comment.
Comments
0 comments