Service SSL Won't Renew - Invalid TLD
AnsweredMy server's service SSL is due to expire tomorrow. So I ran checkallsslcerts to find out what the problem is.
Let's Encrypt have rejected the request because on the list of domains in the request, as well as my hostname, it contains:
server.hostname.tld, autoconfig.server.hostname.tld, autodiscover.server.hostname.tld, cpanel.server.hostname.tld, cpcalendars.server.hostname.tld, cpcontacts.server.hostname.tld, ipv6.server.hostname.tld, mail.server.hostname.tld, webdisk.server.hostname.tld, webmail.server.hostname.tld, whm.server.hostname.tld, www.server.hostname.tld
Let's Encrypt won't allow requests for invalid TLD's
What is causing my server to request these domains? The hostname is set up correctly in WHM.
Many thanks, Ian
-
Maybe this won't apply in your case.
But I had a similar issue with a hostname where the root of the hostname wasn't being recognized as vaild by Let's Encrypt. In my case, the hostname didn't exist as a cPanel account in WHM.
I found that I needed to add my root hostname as an addon domain to a cPanel account in order for Let's Encrypt to find it and allow certs to be created for it. So, for example, with a hostname of server.hostname.tld, you would need to add hostname.tld as a domain in a cPanel account (either as its own account or as an addon domain).
After that, you can use checkallsslcerts to get Let's Encrypt to add a cert for your hostname:
https://support.cpanel.net/hc/en-us/articles/360055612073-How-to-generate-a-free-signed-hostname-certificate1 -
Hey there! Details on manually removing old hostnames can be found here:
Once that is done, I would expect the certificate to be issued normally.
1 -
Rex,
You were absolutely spot on! That worked a treat,
Thanks so much for your help.
Ian
0 -
I'm glad to help!
0
Please sign in to leave a comment.
Comments
4 comments