Skip to main content

AutoSSL Certificate does not renew automatically

Comments

13 comments

  • jackofalltrades
    Last night a new Certificate was installed. I don't know if this was a consequence of eliminating the redirects from the htaccess file, because I uninstalled the expired certificate or because I deleted the canonicals. What seems to be clear is that renewing the certificate is not automatic, it brings a lot of trouble (including your website being flagged as unsafe) and there is no information available as to avoiding these problems. I would like to know if this was a one time event, or should I expect to have the same problems in 3 months time when the certificate expires again. What can be done to avoid these problems, if anything, or is this the cost of a free certificate, which in any case, as I understand, doesn't cover all events. I'm gratefull for having the opportunity to upgrade my website to current trends, with a free certificate, but if the cost is having my website flagged as unsafe for two days every three months, I'll have to think about it. My website belongs to a very particular niche, it does not live off volumes of traffic, and maybe just going back to an http website is better for me. Thanks anyway.
    0
  • jackofalltrades
    Additionally, being a first timer, and CPanel probably knowing which is the procedure (I understand AutoSSL has existid for some time now), there was no warning on how to proceed for best results.
    0
  • cPanelMichael
    Hello @jackofalltrades, I'm sorry to see you had some trouble with the AutoSSL feature. I notice you mentioned your web hosting provider. Could you verify if this is a shared hosting account, or if you have root access to the server itself? This will help us to determine the best course of action. Thanks!
    0
  • jackofalltrades
    Hello @jackofalltrades, I'm sorry to see you had some trouble with the AutoSSL feature. I notice you mentioned your web hosting provider. Could you verify if this is a shared hosting account, or if you have root access to the server itself? This will help us to determine the best course of action. Thanks!

    Hello Michael, Yes, its a shared server and I don't have access to the server. I can put you in contact with the provider if you are both willing to find a best procedure for the future. Can you contact me in private?
    0
  • cPanelMichael
    Hello, The AutoSSL feature, while it installs SSL certificates for individual domain names, is intended to be managed by the server administrator (e.g. your web hosting provider). When domain validation fails with AutoSSL, the first step is to review the AutoSSL logs to see what happened via "WHM >> Manage AutoSSL >> Logs". This isn't something you can do as an end-user. Certificate requests occur nightly during cPanel updates, and the validation process typically only takes a few hours. Certificate renewal attempts for cPanel-signed certificates begin within 15 days of expiry. Thus, the responsibility is with your hosting provider to address any issues preventing domain validation with the AutoSSL feature before the certificate expires. We've resolved several issues with AutoSSL since it's delivery as a feature. You can search for the term "autossl" on our change logs to see cases we've addressed: 60 Change Log - Change Logs - cPanel Documentation 58 Change Log - Change Logs - cPanel Documentation If an issue still exists at the next renewal attempt, your hosting provider would be able to recognize the issue 15-days out, and they could open a support request with us so we could determine the cause of the problem. Thank you.
    0
  • jackofalltrades
    Ok. As I understand it: 15 or less days before renewal I should contact my hosting provider and ask him to check the "WHM >> Manage AutoSSL >> Logs" to see if there is anything that might be preventing that renewal so he can open a support request and get you to solve the problem. And that should be it. I haven't yet seen the links you disclosed above, so maybe the answer to the following is there, if not: Why was I asked by the hosting provider to eliminate redirects in my htaccess file? And, would that be a recurrent requirement for renewal? I must say, the only redirects I had there were: 1- From non-www to www 2- From http to https 3- From /otherpage1.php to /newpage.php 4- From /otherpage2.php to /newpage.php 5- and one more otherpage3 to the same /newpage.php 6-11 and six otherpagesX to their own newpageX.php all permanent redirects, Nine as: [R=301,L] One as [R=301,NC,NE,QSA,L] One as [R=permanent,L] Each https file also had a canonical http to https Thanks, Michael.
    0
  • cPanelMichael
    Ok. As I understand it: 15 or less days before renewal I should contact my hosting provider and ask him to check the "WHM >> Manage AutoSSL >> Logs" to see if there is anything that might be preventing that renewal so he can open a support request and get you to solve the problem. And that should be it.

    Yes, that's correct.
    Why was I asked by the hosting provider to eliminate redirects in my htaccess file? And, would that be a recurrent requirement for renewal?

    Here's a thread that explains this a little more: AutoSSL and HTTP Redirects Let us know if that answers your question. Thanks!
    0
  • jackofalltrades
    Hello, Michael. I went through the change logs and didn't really understand much, except that CPanel has many issues it is fixing daily, and that on the dates 30 Nov to 4 Dec there seems to have been no issues fixed. The issues I had shouldn't they appear in this log if it was a CPanel issue? Or is it that those particular issues haven't been fixed yet and the new/renewed certificate was installed using a bypass or alternative way of doing it? Thanks.
    0
  • jackofalltrades
    Ok, Michael. I read: AutoSSL and HTTP Redirects and cPanel & WHM"s AutoSSL/SSL ordering process I understand I'm using Comodo (I suppose I can verify that in my CPanel), so then I should edit my htaccess file puting: RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt$ before every "RewriteRule" for the redirects. With this included the following renewal should be automatic unless the hosting provider finds some other unknown issue in the logs. Would this be right? Does that include other RewriteRule? like: RewriteCond %{HTTP_USER_AGENT} libwww-perl.* RewriteRule .* " [F,L] Thanks.
    0
  • cPanelMichael
    I went through the change logs and didn't really understand much, except that CPanel has many issues it is fixing daily, and that on the dates 30 Nov to 4 Dec there seems to have been no issues fixed. The issues I had shouldn't they appear in this log if it was a CPanel issue? Or is it that those particular issues haven't been fixed yet and the new/renewed certificate was installed using a bypass or alternative way of doing it?

    There's no particular case to reference, it was more-so to let you know we are constantly improving the AutoSSL feature to account for issues like the one you encountered.
    I understand I'm using Comodo (I suppose I can verify that in my CPanel), so then I should edit my htaccess file puting: RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt$ before every "RewriteRule" for the redirects. With this included the following renewal should be automatic unless the hosting provider finds some other unknown issue in the logs. Would this be right?

    No, I don't suggest making any changes to the .htaccess file unless your system still uses cPanel version 58. This happens automatically in cPanel version 60. The link was provided to offer some information on the issue you may have encountered with the last AutoSSL failure. Thank you.
    0
  • jackofalltrades
    Ok. Many thanks for your clear and to the point explanations. I hope I don't have to bother you again. :) And, have a nice weekend.
    0
  • jackofalltrades
    44027 This is what has happened with my daily visitors during the changeover from http to https. Around Nov 2 awstats started finding visitors to the https version. The grey tendency line shows a clear climbing tendency over the usual variability between Oct 15th and Nov 30th. On Nov 30th the AutoSSL Certificate did not renew, causing not only a fall in total visitors but also a change in tendency. I couldn't include the tendency from 52 on (when the new Certificate was in place), but it's a downward tendency, that is the Presence of the Certificate and being online with a https status has not allowed a recovery, at least to the situation previous to the failed AutoSSL. And we must consider that during the last 10 days I have been doing a good amount of marketing, increasing backlinks in more than 10%, posting YouTube videos, taking part in a like, follow and share campaign among my peers, etc., so what I really have been doing is avoiding an even worse fall. My website is not called Wikipedia, so figures are quite small, but in proportion they are significant. How long it will take before this gets back to the historic trend, as it should, is hard to say but clearly not very soon. I leave this here for others considering evolving from Http to Https, which are the dangers, and specially, for CPanel managers to disclose a step to step procedure, for those of us who are not experts or can't read your minds, and specially to teach hosting providers when you introduce these kinds of "improvements" so they can channel procedures with users before these kinds of issues occur.
    0
  • jackofalltrades
    BTW The last point in the graph in a steep fall is because awstats data is incomplete for the last 24 hours, tomorrow that line should be be less steep, horizontal or climbing.
    0

Please sign in to leave a comment.