Skip to main content

AutoSSL is very slow and missing certificates

Comments

10 comments

  • cPanelAnthony
    Hello! What errors do you see in the AutoSSL log regarding these AutoSSL issues?
    0
  • sunmacet
    There is not much. Of course there is errors for the domains that are expired or do not point to our server but they are not relevant. These are produces when run in command line: [1637951124] libunbound[2391132:0] error: event_add failed. in cpsl. [1637951124] libunbound[2391132:0] error: could not event_del on close [1637951126] libunbound[2391132:0] error: event_add failed. in cpsl. [1637951126] libunbound[2391132:0] error: could not event_del on close This user was missing certificate after one night and only this was in the log of the previous AutoSSL run: 10:06:24 PM Analyzing "XXX""s domains " 10:06:24 PM Analyzing "XXX" (website) " 10:06:24 PM ERROR TLS Status: Defective ERROR Certificate expiry: 11/25/21, 12:00 AM UTC (0.12 days from now) ERROR Defect: ALMOST_EXPIRED: The certificate will expire very soon. 10:06:24 PM Attempting to ensure the existence of necessary CAA records " 10:06:25 PM No CAA records were created. 10:06:25 PM Verifying 1 domains" management status " Verifying "cPanel (powered by Sectigo)""s authorization on 1 domains via DNS CAA records " 10:06:25 PM "XXX" is managed. CA authorized: "XXX" All of this user"s 1 domains are managed. "cPanel (powered by Sectigo)" is authorized to issue certificates for 1 of this user"s 1 domains. 10:06:25 PM Performing HTTP DCV (Domain Control Validation) on 1 domains " 10:06:26 PM Local HTTP DCV OK: XXX 10:06:26 PM No local DNS DCV is necessary. And there was no other log entries for the user.
    0
  • cPanelAnthony
    It sounds like you're experiencing the issue in this article.
    0
  • sunmacet
    Yes I can confirm that this seemed to be the case. When we ran AutoSSL per user as explained in the article the AutoSSL finished in under 3 hours without problems. With normal run it took over 2 days and was interrupted before finishing.
    0
  • cPanelAnthony
    Yes I can confirm that this seemed to be the case. When we ran AutoSSL per user as explained in the article the AutoSSL finished in under 3 hours without problems. With normal run it took over 2 days and was interrupted before finishing.

    Thanks for the confirmation!
    0
  • JboyJW
    FYI, I experienced this same issue today, it's still not resovled. I had a client complain about SSL issues and found that 6 of my clients had the ALMOST_EXPIRED defect in the latest log. Running AutoSSL on each account worked to restore their SSL certs. I tried running the loop command suggested on the
    0
  • microvax
    Questions: Is this issue exclusive to SECTIGO? what will happen if I change the Certificate Provider back to Let's Encrypt?
    0
  • cPRex Jurassic Moderator
    Is this issue exclusive to SECTIGO?

    It sure is
    what will happen if I change the Certificate Provider back to Let's Encrypt?

    Things will likely work well. That's what we're recommending to people that are experiencing this issue.
    0
  • microvax
    Time ago we decided to reduce the use of Let's Encrypt certificates because of the warning messages shown by FORTINET firewalls. BTW if you would use paid certificates what kind of SSL certificates would you buy? Wilcards?
    0
  • cPRex Jurassic Moderator
    I haven't heard anything specific about firewalls not handling Let's Encrypt well, but there wouldn't be anything I could do on my end for that. For a paid certificate, you're welcome to get any type you want. cPanel works with Let's Encrypt wildcard certificates since version 84.
    0

Please sign in to leave a comment.