AutoSSL ... (+ CloudFlare)
AnsweredI pass all the domains through CloudFlare.
At the same time, I want to be able to run AutoSSL in cPanel, so the domains will have a valid SSL - this helps with many things.
I have not managed to find a stable solution to auto-update the Auto SSLs yet.
I thought with the Sectigo's SSL and disabling the HTTPS redirects in CloudFlare would be the way. In general, this seemed to work for the most part... but, still, I am not that sure, since, from to time to time, I still have to go and completely disable CloudFlare on certain domains and run the AutoSSL manually in order to update the SSLs.
However, this time, things are much worse. There are two domains - one with an expired SSL, and one that is going to expire in a few days - and the AutoSSL remains "in Progress" status forever. Both had successful AutoSSL updates in the past, but this time, with CloudFlare disabled, .htaccess also disabled, domain force HTTPS redirection in cPanel disabled - will not fetch a new SSL.
Last night, in the logs for one of the domains I also found something like that..."There is no certificate available.... and that the system will try again later". The case is that after many hours, none of the certificates will renew. Especially the domain with the expired domain, can not wait for hours with CloudFlare disabled, since browsers throw the security warning about the invalid/expired SSL.
Any ideas what's going on and how to solve this?
Also, what is the right combination in order to have CloudFlare + AutoSSL working automatically, without requiring me supervising the procedure?
-
Hey there! Are you using Sectigo or Let's Encrypt for the AutoSSL provider? I recommend most users use Let's Encrypt at this point.
Can you check this article and see if that helps get Cloudflare configured properly?
0 -
Hello!
I had Sectigo selected as provider. At some point I noticed that for one domain the logs returned something like "Sectigo can not accept more requests at the moment" ... So, I switched to Let's encrypt. After a while all pending and in progress SSL renewals went through with the Let's encrypt SSL.
Thanks for the article. For the most part, I have fulfilled those requirements, since the majority of the domains are renewing their SSLs. There are a few ones which every three months complain - and likely, there is some other kind of redirection somewhere, and I will do deeper investigation in order to fine-tune those possible HTTPS redirects.
However, this time, with these two domains - it seems like there was an issue with Sectigo.
Thanks0 -
I'm glad that's all it was!
0
Please sign in to leave a comment.
Comments
3 comments