Skip to main content
cPanel Technical Support has been heavily impacted by hurricane Beryl and our ability to respond to tickets has been hindered as a result. We appreciate your understanding and patience as we address these delays.

cPanel Service Certificates not renewing

Comments

15 comments

  • cPRex Jurassic Moderator

    Hey there!  After the change to Let's Encrypt the notifications are extra chatty - I'm looking into this to see if we can calm that down a bit.

    In the mean time, no, there's nothing you need to do on the server as it will handle the renewal automatically.

    0
  • cPRex Jurassic Moderator

    I did want to say I created case CPANEL-44215 with our developers to see if we can improve/adjust/manage these notifications, and I'll be sure to post updates here once I get them!

    1
  • MHFraser

    ok great!

    yeah whm has still retained some of the legacy setup from when the cpanel store did the certs and considers <30 days a problem that needs manual intervention. Aside from the notifications there are little yellow exclamation marks against the certs etc.

    I think it just needs to be retuned for much lower number.

     

    still I think 2 days is too short. almost no time to do anything about it should lets encrypt fail to renew the certs (and they do very occasionally). a week is good. :)

    1
  • cPRex Jurassic Moderator

    Agreed on all counts!

    0
  • Jeff

    I've got about 10 servers that are all sending me alerts every other day (or so), so I'd love to see a solution to this sooner than later. Can we switch back to cPanel-issued certs so that they renew sooner?

    0
  • cPRex Jurassic Moderator

    There's no way to switch back to the previous system as that has been removed.  I've stressed the importance of that case to our developers as much as I can.

    0
  • Jeff

    Thank you!

    0
  • cPRex Jurassic Moderator

    Sure thing! 

    0
  • MHFraser

    still getting alerts

    Friday night of a long weekend. I really don't want to be fixing something on Sunday!

     

    # date

    Fri Jun  7 17:39:51 AEST 2024

     

    # /usr/local/cpanel/bin/checkallsslcerts

    The system will check for the certificate for the “cpanel” service.

    The system will attempt to verify that the certificate for the “cpanel” service is still valid using OCSP (Online Certificate Status Protocol).

    The “cpanel” service’s certificate will expire soon (Jun 9, 2024). If this certificate remains installed on Jun 7, 2024, the system will attempt to replace it.

    The system will check for the certificate for the “dovecot” service.

    The system will attempt to verify that the certificate for the “dovecot” service is still valid using OCSP (Online Certificate Status Protocol).

    The “dovecot” service’s certificate will expire soon (Jun 9, 2024). If this certificate remains installed on Jun 7, 2024, the system will attempt to replace it.

    The system will check for the certificate for the “exim” service.

    The system will attempt to verify that the certificate for the “exim” service is still valid using OCSP (Online Certificate Status Protocol).

    The “exim” service’s certificate will expire soon (Jun 9, 2024). If this certificate remains installed on Jun 7, 2024, the system will attempt to replace it.

    The system will check for the certificate for the “ftp” service.

    The system will attempt to verify that the certificate for the “ftp” service is still valid using OCSP (Online Certificate Status Protocol).

    The “ftp” service’s certificate will expire soon (Jun 9, 2024). If this certificate remains installed on Jun 7, 2024, the system will attempt to replace it.

    0
  • cPRex Jurassic Moderator

    The key sentence there is this guy:

    "The “cpanel” service’s certificate will expire soon (Jun 9, 2024). If this certificate remains installed on Jun 7, 2024, the system will attempt to replace it."

    so there's still nothing you need to do.

    If you want to manually fix this you can go to WHM >> Manage Service SSL Certificates, and choose the "reset" option next to each certificate to install a self-signed cert, and then run /usr/local/cpanel/bin/checkallsslcerts to force the renewal to happen earlier, but you really shouldn't have to do anything.

    0
  • MHFraser

    they have renewed. :)

    it was close of business on June 7 when I posted that. It's June 8 here now. 

     

     

     

     

    0
  • cPRex Jurassic Moderator

    I had no doubt!

    1
  • Jeff

    cPRex Can we get a status update on the case (CPANEL-44215)? All of my servers are now starting to send me emails and SMS messages every day complaining about their certificates expiring. I know I can go in and manually reset/re-issue them, but I really don't have time to deal with that....and that only gets me another 90 days until they begin nagging me again. I can't believe that there's not more folks on here looking for a solution to their "naggy" servers.

    0
  • Fernando

    I'm facing the same problem as you guys, all my servers are spaming me regarding this, I really miss the option to force a renewal before the end date. Reset the cert to install a self signed cert and then a new one, can surely be avoided in order to prevent customers to see the ugly warning complaining about self signed cert during the process.  Also as UI improvement and UEX, the yellow triangle on manageservicecrts page has a tooltip (that take a long time to appear by the way) that state my cert will expire in 20 days, but when you press on "Certificate Details" to see the information, there is another message saying that will expire in 19 days. Also the link "Certificate Details", that open a box with information that has a box with more information that open a box to more information... it's like... too many boxes. So please put some love on this.  Finally, the email notification need a fix on the link, I thought for a moment that the email was a phishing one when fail.

    1
  • cPRex Jurassic Moderator

    Jeff - no updates just yet

    Fernando - thanks for the feedback!

    0

Please sign in to leave a comment.