Skip to main content

AutoSSL not renewing SSL-certificates

Comments

74 comments

  • cPRex Jurassic Moderator

    Hey there!  This is a known issue, and we do have case CPANEL-45964 you can read about here:

    https://support.cpanel.net/hc/en-us/articles/26827479927959-AutoSSL-pulls-the-incorrect-CaBundle-when-installing-new-SSL-Certificates

    but at this time I don't have a workaround available.  Our team is working on that case and I'll be sure to post an update once I hear something on my end!

    0
  • cPRex Jurassic Moderator

    Richard van - is your server using Sectigo as the AutoSSL provider? 

    0
  • Richard van

    @CPRex: Yes, it is using Sectigo as (sole) AutoSSL provider.

     

    0
  • cPRex Jurassic Moderator

    Thanks for that information.  I'm guessing you're also in version 118 or older - could you try switching to Let's Encrypt and see if you still experience the issue?  https://support.cpanel.net/hc/en-us/articles/360050823313-How-to-install-and-enable-the-Let-s-Encrypt-provider-for-AutoSSL

    1
  • Jorge Riveros

    Good afternoon, I am having the same problem, I have already switched to Lets Encrypt but the problem within "Manage Service SSL" continues and in a few days my certificate will expire.

    0
  • cPRex Jurassic Moderator

    Jorge Riveros - what output do you get from /usr/local/cpanel/bin/checkallsslcerts?  That should show more details about the specific error.

    0
  • Jorge Riveros

    I suposed that is the same output

    0
  • cPRex Jurassic Moderator

    Yes, that issue is the same as case CPANEL-45964 that I mentioned above. 

    0
  • Spyros AL

    Good afternoon, 

    I'm having the same issue. 

    3:00:07 PM WARN Certificate verification failed! The system did not find the Certificate Authority Bundle that matches this certificate. Contact “cPanel, LLC” to obtain the Certificate Authority Bundle for “cPanel ECC Domain Validation Secure Server CA 3”. at /usr/local/cpanel/Cpanel/SSL/Auto/Provider.pm line 999.
     WARN (XID 8kzrng) The system failed to install an SSL certificate onto the website “XXXXXX” because of the following error: Certificate verification failed! The system did not find the Certificate Authority Bundle that matches this certificate. Contact “cPanel, LLC” to obtain the Certificate Authority Bundle for “cPanel ECC Domain Validation Secure Server CA 3”.

    the output of /usr/local/cpanel/bin/checkallsslcerts is: 
    The system will check for the certificate for the “cpanel” service.
    The system will attempt to verify that the certificate for the “cpanel” service is still valid using OCSP (Online Certificate Status Protocol).
    The certificate for the “cpanel” service passed all checks.
    The system will check for the certificate for the “dovecot” service.
    The system will attempt to verify that the certificate for the “dovecot” service is still valid using OCSP (Online Certificate Status Protocol).
    The certificate for the “dovecot” service passed all checks.
    The system will check for the certificate for the “exim” service.
    The system will attempt to verify that the certificate for the “exim” service is still valid using OCSP (Online Certificate Status Protocol).
    The certificate for the “exim” service passed all checks.
    The system will check for the certificate for the “ftp” service.
    The system will attempt to verify that the certificate for the “ftp” service is still valid using OCSP (Online Certificate Status Protocol).
    The certificate for the “ftp” service passed all checks.

    Is there any workaround for solving it?

    0
  • cPRex Jurassic Moderator

    Unfortunately no, there is no current workaround for the CA bundle issue.

    0
  • vlad lazarciuc

    hi,

    i have the same issue

    6:16:05 PM WARN Certificate verification failed! The system did not find the Certificate Authority Bundle that matches this certificate. Contact “cPanel, LLC” to obtain the Certificate Authority Bundle for “cPanel ECC Domain Validation Secure Server CA 3”. at /usr/local/cpanel/Cpanel/SSL/Auto/Provider.pm line 933.

     WARN (XID stepq6) The system failed to install an SSL certificate onto the website XXXX because of the following error: Certificate verification failed! The system did not find the Certificate Authority Bundle that matches this certificate. Contact “cPanel, LLC” to obtain the Certificate Authority Bundle for “cPanel ECC Domain Validation Secure Server CA 3”.

    0
  • Scott Kettle

    I followed cPRex post to switch to Let's Encrypt and then manually checked AutoSSL on each user on my server and SUCCESS!! 
    cPRex said "Thanks for that information.  I'm guessing you're also in version 118 or older - could you try switching to Let's Encrypt and see if you still experience the issue?  https://support.cpanel.net/hc/en-us/articles/360050823313-How-to-install-and-enable-the-Let-s-Encrypt-provider-for-AutoSSL "

    1
  • cPRex Jurassic Moderator

    I'm glad to hear that helped!

    0
  • Jorge Riveros

    I performed those steps but I still continue with the error

    0
  • cPRex Jurassic Moderator

    Jorge Riveros - our team is still looking into the original case mentioned earlier in the thread, as switching to Let's Encrypt isn't resolving the problem for all users.

    0
  • Jorge Riveros

    If I choose one of these options could it work?

    0
  • cPRex Jurassic Moderator

    I can't say for sure, as that would be using another certificate that is already on the machine.  It may be best to create a ticket so this can be examined directly on the server.

    0
  • torrocks

    Website has been down for a while because of this.  I disabled AUTOssl to try to install my own certificate that I got from ZeroSSL.  It doesn't work.  I get a

    0: communication failure
    /cpsess5912262388/execute/SSL/install_ssl

    Also "response" is just a blank bar.

    When I force renew

    Certificate verification failed! The system did not find the Certificate Authority Bundle that matches this certificate. Contact “cPanel, LLC” to obtain the Certificate Authority Bundle for “cPanel ECC Domain Validation Secure Server CA 3”. at /usr/local/cpanel/Cpanel/SSL/Auto/Provider.pm line 933.
    Cpanel::Exception/(XID vwdwt4) The system failed to install an SSL certificate onto the website “cursors-4u.com” because of the following error: Certificate verification failed! The system did not find the Certificate Authority Bundle that matches thiscertificate. Contact “cPanel, LLC” to obtain the Certificate Authority Bundle for “cPanel ECC Domain Validation Secure Server CA 3”.

    I don't even have a LetsEncrypt option on my cpanel anymore.  I have no idea WTF is going on.  Frustrating.

    0
  • Richard van

    @torrocks: You'll have to manually install that SSL certificate, totally bypassing AutoSSL, just like you're installing one from another provider (e.g. RapidSSL, Sectigo).

    1
  • Jorge Riveros

    any news about this? 

    0
  • cPRex Jurassic Moderator

    Our team is still working on the case right now and doing some testing.  It's our highest priority issue at the moment so I'm hoping there is a fix soon.

    0
  • Jorge Riveros

    any news about this? 

    0
  • cPRex Jurassic Moderator

    I just spoke with the team and it's still being worked on at this time.

    1
  • Jorge Riveros

    any news?

    0
  • cPRex Jurassic Moderator

    I will be sure to post when I have an update from the team.

    0
  • Alin Vladic

    HELP same issue 

    0
  • cPRex Jurassic Moderator

    Alin Vladic - the team is still working on the case and I'll be sure to post once I have an update.

    1
  • Alin Vladic

    thank you cprex but this is so so important please 

     

    0
  • Alin Vladic

    hey guys please this is important how long it will take it has been a while now please :) needs to be sorted 

    0
  • Richard Brandson

    changing to Lets Encrypt worked for me, thank you!!

    0

Please sign in to leave a comment.