AutoSSL: The certificate is not available. (processing)

JustAGuyUsingWHM

February 04, 2019 06:18

Hi. How long should it take for a cPanel(Comodo) certificate to automatically update and receive the new certificate? Should I be concerned the certificate is not being issued in a 'timely' fashion. The process seems to have kick started today correctly, and all the validation checks appear to have passed, but the certificate hasn't been issued. Some sample output below, the domain\account names have been anonymized: Log 1 - Shows automatic attempt to get certificate (appears to be polling every hour for the last ~12 hours):

11:10:01 AM The queue contains a request for a certificate for changedaccountname website example.com" (order item ID "565703513"). The system last polled for this certificate at Feb 4, 2019, 10:10:02 AM UTC. The next poll will be no earlier than Feb 4, 2019, 10:10:02 AM UTC.
 11:15:02 AM Polling for changedaccountname new certificate for example.com" (order item ID "565703513") "
 11:15:03 AM The certificate is not available. (processing)
 Setting up for Comodo"s DCV (Domain Control Validation) for this certificate request "
 11:20:01 AM The queue contains a request for a certificate for changedaccountname website example.com" (order item ID "565703513"). The system last polled for this certificate at Feb 4, 2019, 11:15:02 AM UTC. The next poll will be no earlier than Feb 4, 2019, 11:15:02 AM UTC.

Logs 2: Results of Check "changedaccountname" to try and encouragea certificate fetch.

11:44:48 AM Analyzing "example.com" "
 11:44:48 AM User-excluded domains: 7 (mail.example.com, webmail.example.com, cpanel.example.com, whm.example.com, webdisk.example.com, mail.example.net, www.mail.example.com)
 TLS Status: Ready for Renewal
 WARN Certificate expiry: 2/14/19, 12:00 AM UTC (9.51 days from now)
 11:44:48 AM Performing DCV (Domain Control Validation) "
 11:44:48 AM Local HTTP DCV OK: example.com
 Local HTTP DCV OK: example.net
 Local HTTP DCV OK: www.example.com (via example.com)
 Local HTTP DCV OK: www.example.net (via example.net)
 11:44:48 AM Analyzing "example.com""s DCV results "
 11:44:48 AM AutoSSL will request a new certificate.
 11:44:48 AM The system will attempt to renew the SSL certificate for the website (example.com: example.com www.example.com example.net www.example.net).
 11:44:49 AM No CAA record added because there is no CAA record from another provider in the DNS for example.net.
 No CAA record added because there is no CAA record from another provider in the DNS for example.com.
 The provider "cPanel (powered by Comodo)""s AutoSSL queue already contains a certificate request for "changedaccountname""s website "example.com". The request"s start time is Feb 4, 2019, 12:58:02 AM UTC, and its last poll time is Feb 4, 2019, 11:15:02 AM UTC.
 11:44:49 AM The system has completed the AutoSSL check for "changedaccountname".

Thanks.

Comments

7 comments

cPanelMichael

February 04, 2019 19:02
Hello @JustAGuyUsingWHM, Here's a section from the
0
JustAGuyUsingWHM

February 04, 2019 20:03
Hi cPanelMichael. Yeah it's still waiting... Sample of the most recent output: 7:35:02 PM The queue contains a request for a certificate for changedaccountname website "example.com" (order item ID "565703513"). The system last polled for this certificate at Feb 4, 2019, 6:50:02 PM UTC. The next poll will be no earlier than Feb 4, 2019, 6:50:02 PM UTC. 7:40:01 PM The queue contains a request for a certificate for changedaccountname website "example.com" (order item ID "565703513"). The system last polled for this certificate at Feb 4, 2019, 6:50:02 PM UTC. The next poll will be no earlier than Feb 4, 2019, 6:50:02 PM UTC. 7:45:02 PM The queue contains a request for a certificate for changedaccountname website "example.com" (order item ID "565703513"). The system last polled for this certificate at Feb 4, 2019, 6:50:02 PM UTC. The next poll will be no earlier than Feb 4, 2019, 6:50:02 PM UTC. 7:50:01 PM The queue contains a request for a certificate for changedaccountname website "example.com" (order item ID "565703513"). The system last polled for this certificate at Feb 4, 2019, 6:50:02 PM UTC. The next poll will be no earlier than Feb 4, 2019, 6:50:02 PM UTC. 7:55:01 PM Polling for changedaccountname new certificate for "example.com" (order item ID "565703513") " 7:55:02 PM The certificate is not available. (processing) Setting up for Comodo"s DCV (Domain Control Validation) for this certificate request " 8:00:01 PM The queue contains a request for a certificate for changedaccountname website "example.com" (order item ID "565703513"). The system last polled for this certificate at Feb 4, 2019, 7:55:02 PM UTC. The next poll will be no earlier than Feb 4, 2019, 7:55:02 PM UTC. 8:05:01 PM The queue contains a request for a certificate for changedaccountname website "example.com" (order item ID "565703513"). The system last polled for this certificate at Feb 4, 2019, 7:55:02 PM UTC. The next poll will be no earlier than Feb 4, 2019, 7:55:02 PM UTC. 8:10:01 PM The queue contains a request for a certificate for changedaccountname website "example.com" (order item ID "565703513"). The system last polled for this certificate at Feb 4, 2019, 7:55:02 PM UTC. The next poll will be no earlier than Feb 4, 2019, 7:55:02 PM UTC. 8:15:01 PM The queue contains a request for a certificate for changedaccountname website "example.com" (order item ID "565703513"). The system last polled for this certificate at Feb 4, 2019, 7:55:02 PM UTC. The next poll will be no earlier than Feb 4, 2019, 7:55:02 PM UTC. 8:20:02 PM The queue contains a request for a certificate for changedaccountname website "example.com" (order item ID "565703513"). The system last polled for this certificate at Feb 4, 2019, 7:55:02 PM UTC. The next poll will be no earlier than Feb 4, 2019, 7:55:02 PM UTC. 8:25:02 PM The queue contains a request for a certificate for changedaccountname website "example.com" (order item ID "565703513"). The system last polled for this certificate at Feb 4, 2019, 7:55:02 PM UTC. The next poll will be no earlier than Feb 4, 2019, 7:55:02 PM UTC. 8:30:01 PM The queue contains a request for a certificate for changedaccountname website "example.com" (order item ID "565703513"). The system last polled for this certificate at Feb 4, 2019, 7:55:02 PM UTC. The next poll will be no earlier than Feb 4, 2019, 7:55:02 PM UTC. 8:35:02 PM The queue contains a request for a certificate for changedaccountname website "example.com" (order item ID "565703513"). The system last polled for this certificate at Feb 4, 2019, 7:55:02 PM UTC. The next poll will be no earlier than Feb 4, 2019, 7:55:02 PM UTC. 8:40:01 PM The queue contains a request for a certificate for changedaccountname website "example.com" (order item ID "565703513"). The system last polled for this certificate at Feb 4, 2019, 7:55:02 PM UTC. The next poll will be no earlier than Feb 4, 2019, 7:55:02 PM UTC. 8:45:01 PM The queue contains a request for a certificate for changedaccountname website "example.com" (order item ID "565703513"). The system last polled for this certificate at Feb 4, 2019, 7:55:02 PM UTC. The next poll will be no earlier than Feb 4, 2019, 7:55:02 PM UTC. 8:50:02 PM The queue contains a request for a certificate for changedaccountname website "example.com" (order item ID "565703513"). The system last polled for this certificate at Feb 4, 2019, 7:55:02 PM UTC. The next poll will be no earlier than Feb 4, 2019, 7:55:02 PM UTC. 8:55:01 PM The queue contains a request for a certificate for changedaccountname website "example.com" (order item ID "565703513"). The system last polled for this certificate at Feb 4, 2019, 7:55:02 PM UTC. The next poll will be no earlier than Feb 4, 2019, 7:55:02 PM UTC. Thanks for taking a look at this.
0
cPanelMichael

February 05, 2019 15:52
Hi @JustAGuyUsingWHM, Could you open a
0
JustAGuyUsingWHM

February 06, 2019 10:01
Hi @cPanelMichael. Thanks again. The support ticket is 11373793.
0
Nathan Lord

February 06, 2019 10:12
Seem to be having a similar issue: - The system is waiting on the AutoSSL provider to validate and issue the certificate (in the pending queue been like this for a day / usually is something thats fairly quick) Below is the log. Log for the AutoSSL run for "example": Wednesday, February 6, 2019 10:18:40 AM GMT+0000 (cPanel (powered by Comodo)) 10:18:40 AM AutoSSL"s configured provider is "cPanel (powered by Comodo)". This AutoSSL provider does not poll for certificate availability immediately after a certificate request submission. Instead, it submits certificate requests then periodically polls the cPanel Store for each requested certificate and installs it after a successful retrieval. The system will record all requests, retrievals, and installations for the current AutoSSL run in this log. Checking examples for "example" " 10:18:40 AM Analyzing "example.com" " 10:18:40 AM User-excluded domains: 4 (mail.example.com, webmail.example.com, cpanel.example.com, webdisk.example.com) ERROR TLS Status: Defective ERROR Certificate expiry: 2/5/19, 12:00 AM UTC (1.43 days ago) ERROR Defect: OPENSSL_VERIFY: The certificate chain failed OpenSSL"s verification (0:10:CERT_HAS_EXPIRED). 10:18:40 AM Performing DCV (Domain Control Validation) " 10:18:40 AM Local HTTP DCV OK: example.com Local HTTP DCV OK: www.example.com (via example.com) 10:18:40 AM Analyzing "example.com""s DCV results " 10:18:40 AM AutoSSL will request a new certificate. 10:18:40 AM The system will attempt to renew the SSL certificate for the example (example.com: example.com www.example.com). 10:18:41 AM No CAA record added because there is no CAA record from another provider in the DNS for example.com. The provider "cPanel (powered by Comodo)""s AutoSSL queue already contains a certificate request for "example""s example "example.com". The request"s start time is Feb 5, 2019, 11:52:37 AM UTC, and its last poll time is Feb 6, 2019, 10:11:03 AM UTC. 10:18:41 AM The system has completed the AutoSSL check for "example".
0
JustAGuyUsingWHM

February 06, 2019 16:24
@Nathan Lord Support have come back to me. Its a DNS DCV error on the 2nd of the domains. I translate DNS DCV as Domain Name Server Domain Control Validation. It makes sense: when I originally tried to set-up the certificate with LetsEncrypt on AutoSSL it refused for the same reason - there's a malformed AAAA Ipv6 record on the 2nd domain. cPanel Comodo didn't check the AAAA record or fell back on plain old DCV (no DNS, just uploading a file to a directory and browsing to it) and worked; so I went with cPanel Comodo. It seems cPanel Comodo are now checking the AAAA record too. You can check your domain using the LetsEncrypt tool at
0
cPanelMichael

February 13, 2019 15:52
Hello, To follow-up on this topic, CPANEL-25209 was published as part of cPanel & WHM version 76.0.20: Fixed case CPANEL-25209: IPv6 Support for DCV. Here's a summary of the change from one of our Technical Analysts: [QUOTE] IPv6 is now supported by AutoSSL, which means that AutoSSL will do DCV checks on IPv6 if a AAAA record exists, and then fail if the check using IPv6 fails. Fallback will go to DNS DCV instead of IPv4. So, if IPv6 fails at AutoSSL, the requests won"t be sent to Comodo. This is the intention of the case. If AutoSSL is failing and a domain has a AAAA record, we should determine why it's failing (e.g. IPv6 routing isn't enabled, IPv6 isn't enabled on the account account, or the AAAA record points to a different server entirely).
Thank you.
0

Please sign in to leave a comment.

Comments

Didn't find what you were looking for?