Skip to main content

Mismatch about when services certificate will be renewed

Comments

7 comments

  • cPRex Jurassic Moderator

    Hey there!  This is a known issue with the notifications that we're working on resolving, specifically case CPANEL-45617 which is titled ""Service SSL Certificate Expires Soon" messages do not say it will attempt an automatic renewal, confusing customers and generating support tickets."

    so once that is taken care of they will be more clear for users.

    For the time being you don't need to do anything as the certificate will renew automatically.

    0
  • outofcontrol

    Same issue here but dated June 18th. I tried running /usr/local/cpanel/bin/checkallsslcerts and it says it will not renew until 3 days before (15th). 3 days is too short. Been burned a few years back on a different issue where cpanel refused to update the service certs until the last 3 days and then it failed resulting in a 24 period of no cert, and many angry customers. 

    Is there a way to force these service certs to update right now? They are with LetsEncrypt.

    0
  • cPRex Jurassic Moderator

    You can visit WHM >> Manage Service SSL Certificates, click Reset next to each one, and then run checkallsslcerts again to force a new cert to be installed.

    0
  • eitanc

    Thanks cPRex.

    1. Where can I read CPANEL-45617 ?

    2. I think CP needs to understand that some customers wish to control when the cert is renewed, not waiting for the last moment.
    Please consider letting us manually change the cert replace time-before threshold, to avoid last minute emergencies and stress

    3. Also, it can be nice to add to the warning email of X days for the services certs change - the above text you added, how to manually initiate a cert replace, so customers will be direct how to renew the cert manually at the time that is good for them

    0
  • cPRex Jurassic Moderator

    1 - there is no public way to view that

    2 - at this point we don't plan to create a selectable renewal time, but I do want to see that extended to at least 10-15 days.

    3 - In theory, it *should* never have to be manually renewed.

    Instead of adding the details to the message, what if that message simply didn't send at all until the renewal happened?  I'm not sure there is a benefit in emailing users 30 days out when the certificate will hopefully soon be auto-renewed at day 15.  Does that make sense?

    0
  • eitanc

    I like that theory, but that if all is perfect and fits all customers' use cases, but we know it is never so, especially when the warning email is way too soon before the cert change.

    I agree that 10-15 day windows for the actual change before the expiration, is much better.
    It makes sense to send that email only a few days before the actual change, tops one week.
    Today's state is annoying and harassments.

    0
  • cPRex Jurassic Moderator

    Exactly - I'm trying to get that process improved significantly in the near future!

    0

Please sign in to leave a comment.