AutoSSL corrupting existing SSL certificate

archie_n

• February 09, 2017 14:41

Just had a rather unpleasent experience with AutoSSL on a account with an existing purchased and installed SSL certificate: I've parked two new domains on this account prior to registering the new domain. This apperently resulted in overwriting the existing SSL certificate with an unsigned certificate.

• 

  cPanelMichael

  • February 09, 2017 19:47

  Hello, Could you verify if "Allow AutoSSL to replace invalid or expiring non-AutoSSL certificates" is enabled under the "Options" tab in "WHM >> SSL/TLS >> Manage AutoSSL"? Thank you.

  0
• 

  archie_n

  • February 10, 2017 06:19

  Hello, Could you verify if "Allow AutoSSL to replace invalid or expiring non-AutoSSL certificates" is enabled under the "Options" tab in "WHM >> SSL/TLS >> Manage AutoSSL"? Thank you.

  
  Hi! After this experience, I've disabled the AutoSSL feature. When checking now, the mentioned options is not enabled. Log file:
  Log for the AutoSSL run for "existing_domain_owner": Thursday, February 9, 2017 4:03:14 PM GMT+0100 (cPanel (powered by Comodo)) 4:03:14 PM This system has AutoSSL set to use "cPanel (powered by Comodo)". 4:03:14 PM Checking websites for "existing_domain_owner" " 4:03:15 PM The website "EXISTING_DOMAIN_dot_TLD", owned by "existing_domain_owner", has a faulty SSL certificate (OPENSSL_VERIFY:0:18:DEPTH_ZERO_SELF_SIGNED_CERT NOT_ALL_DOMAINS). AutoSSL will attempt to replace this certificate. 4:03:15 PM WARN The domain "NEW_PARKED_DOMAIN_dot_TLD" failed domain control validation: "NEW_PARKED_DOMAIN_dot_TLD" does not resolve to any IPv4 addresses on the internet. at bin/autossl_check.pl line 562. 4:03:17 PM WARN The domain "www.NEW_PARKED_DOMAIN_dot_TLD" failed domain control validation: "www.NEW_PARKED_DOMAIN_dot_TLD" does not resolve to any IPv4 addresses on the internet. at bin/autossl_check.pl line 562. 4:03:17 PM WARN The domain "mail.NEW_PARKED_DOMAIN_dot_TLD" failed domain control validation: "mail.NEW_PARKED_DOMAIN_dot_TLD" does not resolve to any IPv4 addresses on the internet. at bin/autossl_check.pl line 562. 4:03:18 PM The system will attempt to renew SSL certificates for the following websites: 4:03:18 PM EXISTING_DOMAIN_dot_TLD (EXISTING_DOMAIN_dot_TLD 55553400.no FURTHER_DOMAINS_dot_TLD)
  

  0
• 

  cPanelMichael

  • February 13, 2017 14:48

  Hello, The AutoSSL feature should not replace non-AutoSSL SSL certificates unless "Allow AutoSSL to replace invalid or expiring non-AutoSSL certificates" is enabled under the "Options" tab in "WHM >> SSL/TLS >> Manage AutoSSL". Feel free to open a support ticket using the link in my signature so we can take a closer look if this is happening on your system. You can post the ticket number here and we will update this thread with the outcome. Thank you.

  0

Please sign in to leave a comment.