Force SSL certificate install

John Schmerold

• April 27, 2019 11:34

I use /usr/local/cpanel/bin/autossl_check --user $account to install certificates. We have a number of certificates expiring in three weeks, we are switching from Let's Encrypt to cPanel's certificates, so I'd like to get the certificates replaced now. When I run "autossl_check --user $account" it sees the active certificate and takes no action. Is there an option to force the certificate update? I have removed all existing certificates, but that causes other problems.

• 

  cPanelMichael

  • April 30, 2019 20:59

  Hello @John Schmerold, Can you verify if you were using the official

  0
• 

  John Schmerold

  • April 30, 2019 21:04

  I was using FleetSSL, I uninstalled that plugin and am using the cPanel (powered by Sectigo) AutoSSL script. Fleet worked well, however I have come to rely on your excellent support, so I am working to reduce third party apps on our server.

  0
• 

  cPanelMichael

  • May 02, 2019 18:32

  I have removed all existing certificates, but that causes other problems.

  
  AutoSSL should install the new certificates as long as the existing certificates were removed. Can you open a

  0
• 

  John Schmerold

  • May 02, 2019 19:20

  If I remove the old certificates, AutoSSL works. Is there a command line to remove a user's certificates?

  0
• 

  cPanelMichael

  • May 02, 2019 19:25

  If I remove the old certificates, AutoSSL works. Is there a command line to remove a user's certificates?

  
  Yes, here's the cPanel UAPI function to use via the command line: UAPI Functions - SSL::delete_ssl - Developer Documentation - cPanel Documentation Thank you.

  0
• 

  John Schmerold

  • May 02, 2019 19:41

  That's better than using the gui, but, the problem we then have is if we remove the SSL, then CloudFlare doesn't serve the page. So to get Sectigo to serve a certificate, we have to bypass CloudFlare, remove the old certs, order a Sectigo cert, then enable CloudFlare. That's a lot of work. I guess I don't mind if this is the only time we have to do this, will we have to go through this every 60 days on every domain?

  0
• 

  cPanelMichael

  • May 02, 2019 20:25

  Hello @John Schmerold, AutoSSL will automatically attempt renew the cPanel (Powered by Sectigo) certificates before the existing (Powered by Sectigo) certificate expires. Thus, the website will remain accessible via HTTPS throughout the renewal process (assuming that's the CloudFlare requirement you are referring to). If AutoSSL is unable to renew the certificate (e.g. domain validation fails for some reason) you will receive an alert before the certificate expires to let you know about the renewal failure. You can manage the AutoSSL notifications under the Options tab in WHM >> Manage AutoSSL. Thank you.

  0

Please sign in to leave a comment.