Force AutoSSL to renew when not all domains pass DCV
I have a domain that I have added to a client's account but the domain is pointed at another server. The cpanel server is being used as the primary and secondary dns, and another dns server that his host controls as the tertiary dns. The issue is twofold apparently in that none of the auto-generated subdomains (eg. cpanel.domain.com, cpcalendars.domain.com, etc) exist within the tertiary dns server, and for some reason LetsEncrypt is only checking that one during DCV (which seems really weird to me, but obviously not something we can control).
The offshoot of this is that now every 2 hours I am getting these emails:
[QUOTE]AutoSSL would normally renew this certificate now, but 1 of the website"s secured domains just failed DCV. To provide you with more time to resolve this problem, AutoSSL will defer the renewal until Apr 22, 2022 at 12:00:00 AM UTC. After that time, AutoSSL will request a replacement certificate that excludes any domains that fail DCV. At the time of this notice, the certificate will expire in 6 days, 9 hours, 28 minutes, and 39 seconds.
Is there a way to force AutoSSL to just go ahead and skip all of the domains that are failing DCV now, instead of having to wait? Thanks. -Michael
Is there a way to force AutoSSL to just go ahead and skip all of the domains that are failing DCV now, instead of having to wait? Thanks. -Michael
-
I have a domain that I have added to a client's account but the domain is pointed at another server. The cpanel server is being used as the primary and secondary dns, and another dns server that his host controls as the tertiary dns. The issue is twofold apparently in that none of the auto-generated subdomains (eg. cpanel.domain.com, cpcalendars.domain.com, etc) exist within the tertiary dns server, and for some reason LetsEncrypt is only checking that one during DCV (which seems really weird to me, but obviously not something we can control). The offshoot of this is that now every 2 hours I am getting these emails: Is there a way to force AutoSSL to just go ahead and skip all of the domains that are failing DCV now, instead of having to wait? Thanks. -Michael
0 -
No, that did not solve the problem. It's still emailing me saying it is deferring until Apr 22, 2022 at 12:00:00 AM UTC. -Michael
When will it expire. It should do it just before 3 days of expiration0 -
When will it expire. It should do it just before 3 days of expiration
That's both in the original post, and irrelevant to the question I am asking. -Michael0 -
from what I was told and have read. The a ssl certs will be renewed within 3 days of expiration. So it might not be ready to renew.
Spirogg, no offense but you are not understanding the issue, and are just adding noise to the thread. I appreciate the attempt to help though. The system is trying to renew, failing due to some of the DCV failing, and saying it will keep trying every couple of hours until it gives up and does a partial renew. I am asking how to force that partial renew now. Thank you. -Michael0 -
Spirogg, no offense but you are not understanding the issue, and are just adding noise to the thread. I appreciate the attempt to help though. The system is trying to renew, failing due to some of the DCV failing, and saying it will keep trying every couple of hours until it gives up and does a partial renew. I am asking how to force that partial renew now. Thank you. -Michael
Sorry man it"s late and I can"t see well at night. By what I read again in original post. Do You want to exclude those sub domains from AutoSSL and just give the main domain an update. can"t you go here Go to "Home >> Security >> SSL/TLS Status". And exclude the sub domains ? If not I will stop Bothering you just trying to help ;)0 -
exclude the subdomains you don't want and are in the way of DVC then re run the script 77369 0 -
I have no idea what screen you are on, or how you have "Tools" as the only thing in the left bar. There is no "Home >> Security >> SSL/TLS Status" in mine and my search box says "Search Tools and Accounts". We're obviously on different versions of WHM. Also, what I would *really* like is for it to just work. All of those subdomains are secured currently, because it just worked fine when I was using cpanel as the provider. However, since they still haven't fixed the issue with Sectigo yet I am stuck using Let's Encrypt, which appears to be why I am having this problem. -Michael 0 -
I have no idea what screen you are on, or how you have "Tools" as the only thing in the left bar. There is no "Home >> Security >> SSL/TLS Status" in mine and my search box says "Search Tools and Accounts". We're obviously on different versions of WHM. Also, what I would *really* like is for it to just work. All of those subdomains are secured currently, because it just worked fine when I was using cpanel as the provider. However, since they still haven't fixed the issue with Sectigo yet I am stuck using Let's Encrypt, which appears to be why I am having this problem. -Michael
Sorry thats in version 102.011 in cPanel for the account (domain.com) not WHM well ill stop making noise and hopefully @cPRex or someone else might give you the answer. was just a suggestion . sorry and good luck Michael. :)0 -
Excluding the domains through cPanel as @Spirogg mentioned is the best way to make this happen immediately. There is no way to tell AutoSSL to ignore errors by default. 0
Please sign in to leave a comment.
Comments
12 comments