AutoSSL Not Renewing
I am running cPanel 74.0.6 on a dedicated server, and have root level access.
I only have a few accounts on the server (~5), but one of the accounts has a large number of domains that live on it (~175). They are setup as "Addon Domains", they each get their own DNS entry, and then also live as a subdomain under the main account domain.
I have AutoSSL enabled with the cPanel/Comodo provider. The check runs successfully every night, and have been renewing certificate successfully for over a year. However, it recently stopped requesting new certificates. Looking at the logs, I can tell WHM knows the certificates are either expired or close to expiring, but does not actually request the new certificate.
Attached is an example of some of the log.
I've found there is an option is "Tweak Settings" called "Allow cPanel users to install SSL Hosts." Does this need to be enabled for AutoSSL to run? The way I read it was this was only to allow cPanel users to add their own certificates.
I was getting a lot of warnings and errors about "duplicate domains" because of all the proxy subdomains. I turned those off, which got rid of a lot of the errors, and I don't really need them anyway.
I have toggled the AutoSSL on and off. I have manually run AutoSSL about 10 times. I'm a little at a loss at this point and looking for some help.
-
Hello @kennedyc, I have toggled the AutoSSL on and off. I have manually run AutoSSL about 10 times. I'm a little at a loss at this point and looking for some help.
Do you see any additional output for this account under the Logs tab in WHM >> Manage AutoSSL? Can you also browse to cPanel >> SSL TLS Status for the account and verify none of the domain names are excluded from AutoSSL?I've found there is an option is "Tweak Settings" called "Allow cPanel users to install SSL Hosts." Does this need to be enabled for AutoSSL to run? The way I read it was this was only to allow cPanel users to add their own certificates.
Your assertion of that feature's purpose is correct. That option does not need to be enabled for AutoSSL to process the domains on the account. Thank you.0 -
There are a lot of domains on this account, so there are decent number of warnings, including "cPanel forbids DCV HTTP redirections" and "domain does not resolve to any IPV4 address on the internet". Some of these pertain to "cpanel" and "webdisk" proxy subdomains, even though I turned those off. We've had these errors before, and in the past it just skips over those, and only issues the ones it can verify. Under "SSL TLS Status" all the domains were enabled. I have started disabling a few that I know we do not need certs for. I'd be happy to attach the full log if that would help. Is there any private information in those I would have to scrub first? 0 -
Ticket #10199211 0
Please sign in to leave a comment.
Comments
4 comments