Skip to main content

AutoSSL still not renewed after expiring

Comments

7 comments

  • cPanelMichael
    Hello, Could you let us know which version of cPanel is installed on this system? You can check via the following command:
    cat /usr/local/cpanel/version
    Also, could you let us know the rest of the output? For instance, are there any DCV (Domain Control Validation) error messages? Thank you.
    0
  • tdldrg
    It doesn't have any error that goes orange like some. Here's the new one today from 'all users' log. Til now it is still not renewed itself after expiring and same goes for some few domains that have expired already. Seems like stuck on attempt to renew SSL...
    11:03:02 PM Checking websites for "xxxxx" " 11:03:02 PM The website "xxxxxx.co.uk", owned by "xxxxx", has a faulty SSL certificate (OPENSSL_VERIFY:0:10:CERT_HAS_EXPIRED NOT_ALL_DOMAINS ALMOST_EXPIRED AUTOSSL_READY_FOR_RENEWAL). AutoSSL will attempt to replace this certificate. 11:03:06 PM The system will attempt to renew SSL certificates for the following websites: 11:03:06 PM xxxxx.co.uk (xxxxxxxx.com xxxxxxxxx.co.uk www.xxxxxxx.com www.xxxxxxx.co.uk mail.xxxxxxxcom mail.xxxxxx.co.uk) 11:03:06 PM The system has completed the AutoSSL check for "xxxxx".
    0
  • cPanelMichael
    Hello, Are you sure the previous SSL certificates were installed with the AutoSSL feature? If not, you'd need to enable the following option under the "Options" tab in "WHM >> Manage AutoSSL": Allow AutoSSL to replace invalid or expiring non-AutoSSL certificates. Here's the option's description: This option will allow AutoSSL to replace certificates that the AutoSSL system did not issue. When you enable this option, AutoSSL will install certificates that replace users" CA-issued certificates if they are invalid or about to expire. Unless you fully understand this option, do not select it, because the system could unexpectedly replace an expiring or invalid EV or OV certificate with a DV certificate.
    Note you can use the following command to manually run the AutoSSL check for an individual account if you don't want to wait for the automatic nightly run:
    /usr/local/cpanel/bin/autossl_check --user $username
    Thank you.
    0
  • tdldrg
    Yes I'm quite sure it's AutoSSL installed the expired one. Only certificates issued from AutoSSL covers for a few months as mentioned it was 8/30/2016 - 11/29/2016. Could wish 6 months or a year perhaps. I didn't enable the "Allow AutoSSL to replace invalid or expiring non-AutoSSL certificates." as we also have other non-AutoSSL issued certificates using EV and other SSL installed. I've also tried that manually checking the account via WHM AutoSSL manage user or command you suggest but just the same.
    4:07:43 PM This system has AutoSSL set to use "cPanel (powered by Comodo)". 4:07:43 PM Checking websites for "xxxx " 4:07:43 PM The website "xxxx.co.uk", owned by "xxxx", has a faulty SSL certificate (OPENSSL_VERIFY:0:10:CERT_HAS_EXPIRED NOT_ALL_DOMAINS ALMOST_EXPIRED AUTOSSL_READY_FOR_RENEWAL). AutoSSL will attempt to replace this certificate. 4:07:43 PM The system will attempt to renew SSL certificates for the following websites: 4:07:43 PM xxxx.co.uk (xxxxx.com xxxxx.co.uk www.xxxxx.com www.xxxxxx.co.uk mail.xxxxx.com mail.xxxxx.co.uk) 4:07:43 PM The system has completed the AutoSSL check for "xxxx". 4:07:43 PM The system has finished checking 1 user.
    0
  • cPanelMichael
    Could you open a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome. Thank you.
    0
  • tdldrg
    I've opened a ticket Support Request ID is: 8047329
    0
  • cPanelMichael
    Hello, To update, it looks like the renewal failed because Comodo was blocked from accessing the website due to rules in the account's .htaccess file, and thus domain validation failed. Regarding the certificate renewal schedule, this is noted on the
    0

Please sign in to leave a comment.