Skip to main content

AutoSSL provider could not renew the SSL certificate

Comments

5 comments

  • cPanelNick
    If the dns entries are missing for the proxy subdomains, you can run force them to be added with the following command
    /scripts/checkproxysubdomains --force

    # /scripts/checkproxysubdomains --help Usage: checkproxysubdomains [options] Options: --help Brief help message --man Full help message --force Rerun configuration even if previously done
    0
  • chrismfz
    Hello there. That's not the issue. I've checked all the subdomains, they work. After ~10 tries with "./autossl_check --user=user-here" it worked for all subdomains except one, webdisk, which of course it exists. With the same error because of an error: Unexpected end of stream while looking for line . at /usr/local/cpanel/Cpanel/SSL/Auto/Provider/cPanel.pm line 302. But that's not the only issue, customers are wondering what is this notification and why it's failing filling multiple support tickets. I disabled notifications as a "solution" just wondering if this happened again before.
    0
  • cPanelMichael
    Hello @chrismfz, Here's a link to a blog post and forums thread where the new AutoSSL notifications in cPanel version 68 are discussed: New SSL Notifications in v68 | cPanel Blog SSL Notifications in cPanel 68 As far as the AutoSSL validation failures, do you have any custom Mod_Security rules enabled on this system? If so, check to see if it's a Mod_Security rule that's blocking the AutoSSL validation request. For instance, in the AutoSSL failure notification, you will see a reference to a .txt file (e.g. 00DA63E2744526D6F1D135BFD1485184.txt in the example you posted). You can search for the specific file name in your /etc/apache2/logs/modsec_audit.log file with a command like this:
    grep 00DA63E2744526D6F1D135BFD1485184.txt /etc/apache2/logs/modsec_audit.log
    This should help determine if it's a Mod_Security rule that's blocking the request. Feel free to open a support ticket using the link in my signature if you can't find anything and would like us to take a closer look. Thank you.
    0
  • chrismfz
    I am not getting any output on error_log / modsec log.
    [root@saturn logs]# grep "1BE66A1525109767BBCAA2860264E7FE.txt" * grep: archive: Is a directory grep: domlogs: Is a directory grep: lsapisock: Is a directory grep: mod_evasive: Is a directory grep: modsec_audit: Is a directory [root@saturn logs]# grep "1BE66A1525109767BBCAA2860264E7FE.txt" */*
    I am getting 404 for those .txt files. The requested URL /.well-known/pki-validation/1BE66A1525109767BBCAA2860264E7FE.txt was not found on this server. Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request. And if modsec was enabled or a rule is blocking the certification it would block it everywhere. I am usually see only cPanel's domains blocked (autodiscover,mail,webmail,cpanel). Eventually I will get the CRT but not for all subdomains. But all other subdomains are valid, has A/CNAME records and they are working. Example, in the screenshot all subdomains are working. But most of them didn't get a certificate.
    0
  • cPanelMichael
    Hello, Could you open a support ticket using the link in my signature so we can take a closer look? Thank you.
    0

Please sign in to leave a comment.