AutoSSL and litespeed
Today a client complained that his AutoSSL certificate wasn't renewed. I checked and it ran out yesterday.
I checked the log and it said...
The website "X", owned by "X", has a faulty SSL certificate (OPENSSL_VERIFY:0:10:CERT_HAS_EXPIRED NOT_ALL_DOMAINS ALMOST_EXPIRED AUTOSSL_READY_FOR_RENEWAL). AutoSSL will attempt to replace this certificate.
That doesn't really help much.
Checked the "orange" entries in the log and can see lots of entries like this...
However, I think these are normal. There were no entries for the addon domain listed either by the actual domain itself or as a subdomain of the primary. I checked his htaccess files and he did have a small number of redirects - but none of them were modified with any cpanel additions. Client says he hasn't modified anything. I removed the certificate and disabled AutoSSL on his account - then enabled it again. I see the message in the log... The website "sub.x", owned by "X", has no SSL certificate. AutoSSL will attempt to obtain a new certificate and install it - however when I look in the "pending" queue - there is nothing in there and it's been over 30 minutes and nothing has happened. The biggest problem here is that the client has set their site to always use SSL and so the site has now been down for close to an hour - which is totally unacceptable to them and will almost certainly result in us losing their business. They are obsessed with their site being available at all times. My conclusion here is that the AutoSSL process does not seem to work correctly with litespeed. We have lots of other servers that are not running litespeed and so far we've had no complaints about the AutoSSL process there. Can anyone confirm they are having the same or similar problem with litespeed and AutoSSL? Update: it looks to me as though the initial installation of these certs via AutoSSL worked fine but none of them are being renewed and there are no errors other than the vague one I pasted at the top of this thread. After over two hours, none of the certificates in this clients account that I removed and then re-enabled AutoSSL for have been installed, so I was forced to purchase a commercial certificate for this client. I've looked around but can't find any other problems reported with autossl and litespeed.
WARN The domain "cpanel.X" failed domain control validation: The system queried for a temporary file at "http://cpanel.X/2B81D6EE1D439117E53C4F5B713A7F01.txt", but the web server responded with the following error: 404 (Not Found).
However, I think these are normal. There were no entries for the addon domain listed either by the actual domain itself or as a subdomain of the primary. I checked his htaccess files and he did have a small number of redirects - but none of them were modified with any cpanel additions. Client says he hasn't modified anything. I removed the certificate and disabled AutoSSL on his account - then enabled it again. I see the message in the log... The website "sub.x", owned by "X", has no SSL certificate. AutoSSL will attempt to obtain a new certificate and install it - however when I look in the "pending" queue - there is nothing in there and it's been over 30 minutes and nothing has happened. The biggest problem here is that the client has set their site to always use SSL and so the site has now been down for close to an hour - which is totally unacceptable to them and will almost certainly result in us losing their business. They are obsessed with their site being available at all times. My conclusion here is that the AutoSSL process does not seem to work correctly with litespeed. We have lots of other servers that are not running litespeed and so far we've had no complaints about the AutoSSL process there. Can anyone confirm they are having the same or similar problem with litespeed and AutoSSL? Update: it looks to me as though the initial installation of these certs via AutoSSL worked fine but none of them are being renewed and there are no errors other than the vague one I pasted at the top of this thread. After over two hours, none of the certificates in this clients account that I removed and then re-enabled AutoSSL for have been installed, so I was forced to purchase a commercial certificate for this client. I've looked around but can't find any other problems reported with autossl and litespeed.
-
Hello @4u123, It's possible the issue you experienced relates to the recent Comodo outage discussed on the following thread: In Progress - The provider "cPanel (powered by Comodo)" cannot currently accept incoming requests Can you confirm if the AutoSSL feature works when switching to Let's Encrypt as the default AutoSSL provider? Thank you. 0 -
Hello @4u123, It's possible the issue you experienced relates to the recent Comodo outage discussed on the following thread: In Progress - The provider "cPanel (powered by Comodo)" cannot currently accept incoming requests Can you confirm if the AutoSSL feature works when switching to Let's Encrypt as the default AutoSSL provider? Thank you.
It can't be related. AutoSSL should have renewed these certs 15 days before they were due to expire. They expired yesterday. It's possible that since I deleted them and re-enabled AutoSSL for this client today, the subsequent failure of the certs being installed may have been affected by the Comodo issue - but that would not be the root cause of this problem.0 -
Hello, Could you open a support ticket using the link in my signature so we can take a closer look and see why the AutoSSL certificate renewals failed to complete the domain validation process? Thank you. 0
Please sign in to leave a comment.
Comments
3 comments