Force autoSSL for service SSL

turbo2ltr

• December 10, 2021 10:16

Every day I get 9 emails telling me the service SSL will expire in less than 30 days.. I googled up and down and can't seem to find out how to force WHM to run autoSSL on the service SSL cert. I really don't want to get 9 emails a day for the next 29 days. The server domain is a subdomain of one of the other domains on the server. But the host subdomain is not listed in the "Manage Auto SSL Hosts" for that domain so I assume it's separate. But the host is not listed anywhere on that page.

• 

  andrew.n

  • December 10, 2021 16:43

  If you are getting these emails it means that for some reason your certificates were not able to be renewed automatically. You can run this command manually to see the error why the hostname SSL certs are failing: /usr/local/cpanel/bin/checkallsslcerts

  0
• 

  turbo2ltr

  • December 10, 2021 17:21

  There does not appear to be an error. Just a notice saying they will expire. I ran that command, here are the results. [QUOTE] host3 root [~] # /usr/local/cpanel/bin/checkallsslcerts The system will check for the certificate for the "cpanel" service. The system will attempt to verify that the certificate for the "cpanel" service is still valid using OCSP (Online Certificate Status Protocol). The "cpanel" service"s current certificate comes with the server"s cPanel license. This certificate expires in less than 25 days. The system will attempt to renew and install a new certificate to the "cpanel" service and any other services that use the old certificate. The system will attempt to install a certificate for the "cpanel" service from the system ssl storage. None of the certificates in the system ssl storage were acceptable to use for the "cpanel" service. The system will attempt to install a certificate for the "cpanel" service from the cPanel store. The system will check for the certificate for the "dovecot" service. The system will attempt to verify that the certificate for the "dovecot" service is still valid using OCSP (Online Certificate Status Protocol). The "dovecot" service"s current certificate comes with the server"s cPanel license. This certificate expires in less than 25 days. The system will attempt to renew and install a new certificate to the "dovecot" service and any other services that use the old certificate. The system will attempt to install a certificate for the "dovecot" service from the system ssl storage. None of the certificates in the system ssl storage were acceptable to use for the "dovecot" service. The system will check for the certificate for the "exim" service. The system will attempt to verify that the certificate for the "exim" service is still valid using OCSP (Online Certificate Status Protocol). The "exim" service"s current certificate comes with the server"s cPanel license. This certificate expires in less than 25 days. The system will attempt to renew and install a new certificate to the "exim" service and any other services that use the old certificate. The system will attempt to install a certificate for the "exim" service from the system ssl storage. None of the certificates in the system ssl storage were acceptable to use for the "exim" service. The system will check for the certificate for the "ftp" service. The system will attempt to verify that the certificate for the "ftp" service is still valid using OCSP (Online Certificate Status Protocol). The "ftp" service"s current certificate comes with the server"s cPanel license. This certificate expires in less than 25 days. The system will attempt to renew and install a new certificate to the "ftp" service and any other services that use the old certificate. The system will attempt to install a certificate for the "ftp" service from the system ssl storage. None of the certificates in the system ssl storage were acceptable to use for the "ftp" service. The cPanel Store is processing the hostname certificate request. The system will check the cPanel Store again the next time that "/usr/local/cpanel/bin/checkallsslcerts" runs.
  I see the end says the cpanel store is processing the cert request. Not sure if there is a place to check that. If I got the autoSSL Queue and log, there's nothing relevant in there.

  0
• 

  cPanelAnthony

  • December 12, 2021 17:26

  Hello! Could you open a ticket using the link in my signature and update me once done? Your web hosting provider may be able to do so on your behalf.

  0
• 

  turbo2ltr

  • December 17, 2021 11:46

  Now I see this in the log [QUOTE][WARN] The system failed to acquire a signed certificate from the cPanel Store because of the following error: The system failed to acquire a signed certificate from the cPanel Store. at bin/checkallsslcerts.pl line 607.
  I saw there was a cpanel update and pending reboot so I did both of those. Now I get [QUOTE][WARN] The system failed to acquire a signed certificate from the cPanel Store because of the following error: The system failed to acquire a signed certificate from the cPanel Store. at bin/checkallsslcerts.pl line 654.
  I then found this thread with the answer. Stale CSRs.

  0
• 

  andrew.n

  • December 17, 2021 15:15

  wow nice solution, well done!

  0

Please sign in to leave a comment.