New certificate lacks the following domain that the previous certificate secured: mail.xxxxx.com ?
Hi, cPanel keeps sending me an email that AutoSSL has successfully renewed the Domain Validated (DV) SSL certificate for "xxxxx.com". The new certificate lacks the following domain that the previous certificate secured: mail.xxxxx.com
There is no mail.xxxxx.com and if there was, it was years ago. How do I resolve the issue so that AutoSSL shuts the F up about it?
Things I have tried so far:
1) Check to make sure that there is indeed no mail.xxxxx.com subdomain or A entry in the DNS Zone Manager for that domain.
2) Delete the whole domain's SSL host under Manage SSL Hosts.
3) Trigger AutoSSL to check that domain to issue a new SSL cert.
It still sends me an email about a non-existent subdomain. WTF? That subdomain has not been in this WHM for at least 5 years.
-
Hey there! Just to confirm, ensure the domain doesn't exist in the Apache configuration anywhere, as AutoSSL checks based on vhosts, not DNS entries. Another thing to check would be to confirm that the notification is coming from the live server, and not an old server where the account may have been migrated away from. It sounds silly, but it happens. If those don't get things working, we'd be happy to look at the issue directly through a ticket! 0 -
Could you please be kind as to elaborate for me what this means exactly: "checks based on vhosts" Is there a place in WHM I should check for that subdomain? "[...] is coming from the live server [...]" >> Of course it is. I'm dvmb, but not that dvmb haha ;-) As usual, thanks for replying to me :) 0 -
AutoSSL has to have a place to install the certificate, so it uses Apache vhosts to determine what it should be trying to issue. That's all I meant. I don't think you'll find anything in WHM ,but inside the cPanel for the particular account is where you would see all the subdomains/addon domains. 0 -
OK, I'm in that customer's cPanel. Before this excessively ugly cPanel rebranding, we used to have an icon for subdomains, but it's no longer there. I tried to go in DOMAINS, but all I see is the customer's domain, not any subdomain, like I don't see mail.xxxxx.com in there. 0 -
If you don't see anything in the Domains tab, then it's likely not there. I'd do a grep in their userdata for the domain that AutoSSL is complaining about, just to be sure it doesn't exist: grep -Ri domain-to-look-for.com /var/cpanel/userdata/username0 -
OK thanks, the grep command shows: /var/cpanel/userdata/xxxxx/xxxxx.com:serveralias: mail.xxxxx.com www.xxxxx.com How can I remove that? 0 -
Before we start deleting things, do you not see those records in the DNS zone for the server? 0 -
Absolutely not. 0 -
Interesting. So there's two ways we can approach this: -fix the record so it does exist, by just adding it to the DNS zone. This would also be controlled for newly-created zones in WHM >> Tweak Settings with the "Service Domains" toggle option. OR -manually delete the userdata entry. To manually delete that entry, do the following: -create a backup of the userdata file just in case. -remove any unwanted entries in the "serveralias" line - if that means the only thing left is just "serveralias:" that is fine, but it still needs to be present even if it's empty. -save the file -run the following commands /scripts/updateuserdatacache /scripts/updateuserdomains /scripts/restartsrv_cpsrvd
That *should* be enough to get that removed in a way that cPanel understands. If that doesn't get things working for you, it's ticket time!0 -
They do NOT have mail with us and we don't need mail.xxxxx.com so I would prefer if we could follow what they have in their DNS Zone Manager, meaning no mail.xxxxx.com 0 -
That makes sense! 0 -
OK so do I need to remove it also from the .cache files? And what about the .com_SSL files? Do I need to remove it from there too? 0 -
The .cache files will get updated with my command, but it's safe to move those out of the way. Yes, if there are _SSL files present also, do those too. 0 -
OK I've manually vi'ed all 4 files in userdata and I've run the 3 commands. Then in Manage SSL Hosts, they were still there, so I deleted the host. Then I ran Auto SSL to regenerate the cert. Believe it or not, they're still showing under Manage SSL Hosts! Though, the annoying email is gone so I'll take that as a satisfactory "solution". Weird. Thanks for all your help, you may close this now :) 0 -
I'm glad that helped! I wish we had more "why" about how things get out of sync, but short of some epic forensic analysis I don't think we always get those types of answers. I'll mark this one as solved for you too! 0 -
A year later, I'm receiving lots of "The new certificate lacks the following domain that the previous certificate secured" emails again for mail subdomains that point to external servers. It's pretty annoying and it's not new domains or anything. They've been set up like this for years.
0
Please sign in to leave a comment.
Comments
16 comments