Seriously, why was AutoSSL changed?
AutoSSL has always been working great. It has had a few minor issues, but ever since October/November, we've had issues with AutoSSL almost daily.
Most of these issues are related to AutoSSL not being able to issue a certificate for a domain/subdomain that doesn't exist. This makes sense, but it has worked for years before October/November. I don't know whether AutoSSL automatically excluded the domain or if it was just ignored, but it worked without problems.
In one case, a client was trying to run AutoSSL for an addon domain that had a subdomain: subdomain.example.com
This subdomain had a valid A record that pointed to the cPanel server.
Because this subdomain was added through cPanel, cPanel also added
As you can see, AutoSSL included always been able to be renewed, up until October/November - even though no DNS record has ever existed for www.subdomain.example.com from AutoSSL, the certificate was installed in first try. I would guess this is the problem of 99% of the cases we have where AutoSSL is failing to renew/install a certificate. What has happened?
As you can see, AutoSSL included always been able to be renewed, up until October/November - even though no DNS record has ever existed for www.subdomain.example.com from AutoSSL, the certificate was installed in first try. I would guess this is the problem of 99% of the cases we have where AutoSSL is failing to renew/install a certificate. What has happened?
-
Thanks for that link, @cPRex! Wouldn't it be possible to check if subdomains passes DCV and ignore them for the specific certificate if they fail? 0 -
While that would be possible, that isn't the spirit of what AutoSSL is for. AutoSSL is designed to cover every domain that is configured on the server-side, not just the ones that pass DCV. It's important for those checks to take place as-is so they can alert server managers about potential issues. 0
Please sign in to leave a comment.
Comments
3 comments