Does AutoSSL renew service certificates?

Cameron Brennan

• October 24, 2017 19:10

Hi All, cPanel/Whm N00B here and my first post haha. I have recently started as the IT manager for a small company and walked into a gigantic mess. My background is in infrastructure, so I don't have much experience in web stuff alas and the previous IT guy has recently left. I got an email stating that the service certificates were expiring in 4 days so I thought I would get in there and make sure they were sorted before the weekend came. I made my first small mistake by resetting the certificate for dovecot mail server with a self-signed certificate. I incorrectly assumed that the cert showing cPanel inc was a self-signed cert. Anyway, I didn't progress as I didn't want to break anything further. That's when I saw the autossl section. My question is, will autossl renew these service certs or does it only do the website ones? The service certs (other than the one I reset) expire in 4 days. Thanks very much!

• 

  sktest123

  • October 25, 2017 03:39

  [LIST]

  When a certificate expires, your server installs a self-signed certificate. If your server meets the requirements to obtain a free cPanel-signed certificate, the server automatically orders one the next time that the upcp maintenance script runs. When the signed certificate becomes available, the server downloads and installs it. Manage Service SSL Certificates - Documentation - cPanel Documentation

  0
• 

  Cameron Brennan

  • October 25, 2017 06:04

  Thanks for the reply sktest123...so I can see that the upcp job has run but nothing has updated as yet. The autossl log seems to have a lot of errors in there but nothing about the service ssl certs as yet. I'm guessing that tomorrow might be different possibly as it will fall within the 3 days expiration.

  0
• 

  cPanelMichael

  • October 25, 2017 15:12

  Hello, More information on the free hostname SSL certificate for your services is available at:

  0
• 

  Cameron Brennan

  • October 26, 2017 00:08

  Hi Michael, The ...well-known\pki etc folder is empty. In the autossl section it shows the following: 49215 The log shows things like this too:
  The domain "xxx.xxx.com" failed domain control validation: The system queried for a temporary file at "http://xxx.xxxx.com/.well-known/pki-validation/9DAB0B4774E5AAB0038A956369F80D19.txt", but the web server responded with the following error: 404 (Not Found). A DNS or web server misconfiguration may exist.
  Thanks

  0
• 

  Cameron Brennan

  • October 27, 2017 05:37

  I have also tried running the checkallsslcerts manually too and got the following: The system will check for the certificate for the "cpanel" service. The system will attempt to verify that the certificate for the "cpanel" service is still valid using OCSP (Online Certificate Status Protocol). The system will attempt to replace the certificate for the "cpanel" service with a signed certificate from the cPanel Store because the current certificate expi res in less than "25" days. The system will attempt to install a certificate for the "cpanel" service from t he system ssl storage. None of the certificates in the system ssl storage were acceptable to use for th e "cpanel" service. The system will attempt to install a certificate for the "cpanel" service from t he cPanel store. The system will check for the certificate for the "dovecot" service. The system will attempt to replace the self-signed certificate for the "dovecot" service with a signed certificate from the cPanel Store. The system will attempt to install a certificate for the "dovecot" service from the system ssl storage. None of the certificates in the system ssl storage were acceptable to use for th e "dovecot" service. The system will check for the certificate for the "exim" service. The system will attempt to verify that the certificate for the "exim" service is still valid using OCSP (Online Certificate Status Protocol). The system will attempt to replace the certificate for the "exim" service with a signed certificate from the cPanel Store because the current certificate expire s in less than "25" days. The system will attempt to install a certificate for the "exim" service from the system ssl storage. None of the certificates in the system ssl storage were acceptable to use for th e "exim" service. The system will check for the certificate for the "ftp" service. The system will attempt to verify that the certificate for the "ftp" service is still valid using OCSP (Online Certificate Status Protocol). The system will attempt to replace the certificate for the "ftp" service with a signed certificate from the cPanel Store because the current certificate expires in less than "25" days. The system will attempt to install a certificate for the "ftp" service from the system ssl storage. None of the certificates in the system ssl storage were acceptable to use for th e "ftp" service. The cPanel Store is processing the hostname certificate request. The system will check the cPanel Store again the next time that "./checkallsslce rts" runs. I've submitted a ticket #8981383 as this is now urgent :(

  0

Please sign in to leave a comment.