Failure to renew certificate via manual execution of AutoSSL.
1) A certificate installed via cPanel > AutoSSL expired on 04/03/2024, and accessing the site displays the corresponding error message.
2) The reason for non-renewal is probably due to accidental deletion of the /.well-known/pki-validation/randomfilename.txt folder in the domain root.
3) If from cPanel > Security > SSL/TLS Status I run AutoSSL, the certificate is not renewed.
4) If I repeat the procedure in step 3 after restoring from a backup the folder indicated in step 2 the certificate is still not renewed.
How can I solve it ?
-
Hey there! When you manually run AutoSSL, what error does it give? If the file was missing or unreachable I would expect it to tell you that in the log.
0 -
Do you have access to WHM of the server or only the cPanel account? In WHM >> Manage AutoSSL, there would be a tab where you can view the logs for the server and see more detail about what may have happened.
If you don't have that level of access you'll likely need to speak with your host in order to get to the root cause of the issue.
0 -
I only have access to cPanel and I don't see any other logs that give me more information.
0 -
Correct - you'll have to reach out to your host to have them look at the logs and find the root cause.
0 -
I too am having the same issue. I keep getting this...
"The system failed to fetch the DCV (Domain Control Validation) file at “http://website.com/.well-known/acme-challenge/XS716K2IES4A79JCUA62FQB6Y_ONOJ0U” because of an error: The system failed to send an HTTP (Hypertext Transfer Protocol) “GET” request to “http://website.com/.well-known/acme-challenge/XS716K2IES4A79JCUA62FQB6Y_ONOJ0U” because of an error: Could not connect to 'website.com:80': Connection timed out."
I can see autossl creating the file in the acme-challenge directory. I have tested creating a file in that directory and i can access it via html. So i know port 80 is open and working.
My certificate renewed on December 18th and is now failing. I noticed that the letsencrypt plugin was updated on December 20th to a newer version. Any ideas?
0 -
Laurn Werner - do you have root access to the server?
0 -
yes i do
0 -
Can you try using the tool here to see if that also reports the correct IP address for the domain name?
You may also want to scan the domain using a tool such as intodns.com, as any DNS problem will keep AutoSSL from working properly.
0 -
seems to work here under root.
0 -
i'm not seeing anything that looks like dns issues
0 -
We may need to see a ticket on this one if the cpdig test is working, as that is the command that AutoSSL users to detect and verify the domain.
0 -
a technical support ticket? Where do i go to do that?
0 -
You can do that from WHM >> Create a Support Ticket.
0 -
its showing that some other company can only create support requests for our IP address
0 -
That just means your cPanel license isn't purchased directly through us. You can still contact that provider for support, and if they can't figure out the issue they can escalate it to us.
As a test, could you temporarily disable the firewall on the system to see if that could be blocking the connection from the AutoSSL provider?
0 -
how do i go about disabling the firewall?
0 -
That part I can't say for sure, as it isn't controlled by cPanel. There also may be an external firewall outside of your machine that your host could check when you submit that ticket.
0 -
i'm able, from root, to curl out to letsencrypt
0 -
That's good, but it's completely possible there are inbound issues, or that it's something else entirely - the firewall check was just a guess.
0 -
In my case I've solved the problem by changing the Dns CAA record from "sectigo.com" to "letsencrypt.org" because my provider changed the party issuing ssl certificates.
Only my hosting provider's support had access to this log which allowed them to diagnose the problem:
"DNS CAA records forbid "Let's Encrypt™" from issuing certificates for any of this user's 12 domains. AutoSSL cannot increase "glsistem"'s SSL coverage."
While I was only seeing the message
"Success: The Auto SSL check has completed. The page will refresh in 5 seconds."
which I pointed out in my second post, which is misleading because it suggests that there is no problem.
I would suggest to the cpanel team that the user also see the correct log.
0 -
I agree! I've created case CPANEL-43934 to see if we can add more log details to the cPanel user side when clicking the "Run AutoSSL" button inside the cPanel >> SSL/TLS Status interface.
0 -
Perfect, that's something that would be useful to implement
1
Please sign in to leave a comment.
Comments
23 comments