Skip to main content

Please translate these cryptic warning messages

Comments

12 comments

  • Andrew

    I guess you are getting this while renewing/adding SSL for that domain name? It says that one check failed but another type of check succeeded so the certificate should have been issued. Do you see any issues?

    Andrew N. - cPanel Plesk VMWare Certified Professional
    Do you need immediate assistance? 20 minutes response time!* Open a ticket
    EmergencySupport - Professional Server Management and One-time Services

     

    1
  • cPRex Jurassic Moderator

    Could you also confirm if this was an email notification (as well as the subject, if so) or something inside the interface?

    0
  • jeffschips

    Hello cPRrex and thank you for responding!

    Yes, it is an email unfortunately they have been deleted so I can't dig up the subject line.  I receive these messages whenever the domain ssl is updated.

    0
  • cPRex Jurassic Moderator

    Thanks for the additional details.  I found the following article talking about this change with Let's Encrypt:

    https://support.cpanel.net/hc/en-us/articles/4403905702679-Let-s-Encrypt-Wildcard-reduction-sends-reduced-coverage-email?

    I left a comment on that case for our team referencing this thread, and I'll be sure to post updates if I hear anything on my end!

    0
  • jeffschips

    thank you cPRex that is very informative and useful.  The link basically says:

    Procedure
    Log into cPanel as the user that owns the domain.
    Navigate to "Security » SSL/TLS Status."
    Click "Exclude from AutoSSL" next to the domain.
    That's it! After performing these steps, AutoSSL will no longer complain about losing coverage for this domain, and subsequent AutoSSL runs will be faster.

    If there is a large number of domains that need to be excluded, select the checkbox next to each domain, then click "Exclude # Domain(s) from AutoSSL" in the section above the Domains table.

    A domain may be included in AutoSSL after it has been excluded by following the procedure in Include a domain in AutoSSL.

    Further documentation can be found on SSL/TLS Status here

    So the language is a bit confusing: will it just "not complain" or will it be excluded.  "Not complaining is good" being "excluded" could cause issues, no?

     

    0
  • cPRex Jurassic Moderator

    I did reach out to our developers about this issue as it seems it's become a bit more prominent since the default is now Let's Encrypt. The case number associated with the new work on this is EK-96 and the developers are actively looking at this now, so I'll post an update once I have more details.

    0
  • Nick

    Hi cPRex. Can you please ask them for an approximate timeframe for this issue to be resolved? It's causing all our clients to stress out and it's wasting our time explaining that the email is wrong.

    0
  • cPRex Jurassic Moderator

    The best answer I have at this point is "soon" - it's scheduled to be fixed in version 120, but there is also a backport request to 110, 116, and 118. 

    0
  • Nick

    Hi cPRex. That's great news, thanks for your help so far!

    Can you please clarify, I believe version 120 is estimated to be released in April?

    And when they release 120 (presumably including the fix), is it expected to take a long time to backport to 110, 116, 118 or does that happen within days/weeks?

    If possible, it would be great to hear that the fix is still expected to be included in version 120...

    0
  • cPRex Jurassic Moderator

    120 is getting released to Edge on Tuesday if everything goes according to plan.

    I still see the requests for the backport in place, although those haven't been completed.  It looks like our work on the case has stalled as we are struggling to reproduce this in recent builds.

    Nick - if you're still seeing this behavior in 118, could you please submit a ticket from an affected system so we can get some more details for testing?

    0
  • Nick

    > if you're still seeing this behavior in 118, could you please submit a ticket from an affected system so we can get some more details for testing?

    I'm not using 118. I'm using 110.0.24 (CloudLinux v7.9.0 STANDARD kvm).

    It's still happening. If you need any further details please let me know.

     
     
    0
  • cPRex Jurassic Moderator

    I'm not sure if the backport will make it to 110 at this point, as that is only going to receive the most critical of updates until it reached end-of-life in July.

    0

Please sign in to leave a comment.