Skip to main content

AutoSSL alerts for account terminated months ago

Comments

5 comments

  • cPRex Jurassic Moderator
    Hey hey! Let's start with the simple things first - does the domain/subdomain/addon domain that is listed in the email exist in the server's Apache configuration file (/etc/apache/2/conf/httpd.conf)? AutoSSL can only attempt to secure domains that are listed in a vhost, so I'm wondering if the domain just didn't get removed from Apache. Another area to check would be /var/cpanel/userdata - a grep of that entire directory wouldn't hurt.
    0
  • Metro2
    @cPRex thank you. I'm not turning up in either of those, so I tried this (replacing the username / account name with example) [/]# locate example
    And this is what it returns: [/]# locate example /backup/.meta/example.db /backup/2023-09-22/system/dirs/_var_cpanel/notificationsdb/example /backup/2023-09-22/system/dirs/_var_spool_cron/example /usr/share/cagefs-skeleton/usr/local/apache/domlogs/ftp.examplet.com.au-ftp_log.offsetftpbytes /usr/share/cagefs-skeleton/usr/local/apache/domlogs/example-popbytes_log.bkup2 /var/cpanel/notificationsdb/example /var/log/apache2/domlogs/ftp.examplet.com.au-ftp_log.offsetftpbytes /var/log/apache2/domlogs/example-popbytes_log.bkup2 /var/spool/cron/example
    That looks to me like cPanel Backup is still backing-up the account, which was terminated months ago. I know I must be overlooking something, but I definitely Terminated the user's account a long time ago.
    0
  • cPRex Jurassic Moderator
    None of those files would be enough to trigger an AutoSSL run, but it's interesting that notifications are being sent about it. Just to confirm, and I know this sounds silly but it does happen quite a bit, are you certain the notifications are coming from this particular server? Checking the email headers would confirm the IP address or hostname that is sending the message. Another thing to check would be to see if cPanel thinks anyone owns that domain. You can run "/scripts/whoowns domain.com" to see if that is still linked with an account somehow.
    0
  • Metro2
    @cPRex - I had a feeling I was overlooking something. You nailed it. I hadn't looked at the hidden email headers, and sure enough - that user had a friend/service migrate their hosting, but they never removed me from their cPanel > Preferences > Contacts. (I always add my noreply@ addy to each of my user's CP contacts, since many don't pay attention to important notices such as email quotas etc...). Mystery solved - thank you very much for the polite hint! :oops:;)
    0
  • cPRex Jurassic Moderator
    Nice! I'm glad it was that simple, and not something crazy.
    0

Please sign in to leave a comment.