AutoSSL not working properly after changing from Sectigo to Let's Encrypt
We are running a Legacy server, version CloudLinux v7.9.0 STANDARD and recently changed AutoSSL provider from Sectigo to Let's Encrypt.
Problem:
AutoSSL is unable to replace the expiring old Sectigo certs with error:
Impediment: CERTIFICATE_IS_EXTERNALLY_SIGNED: The certificate is neither self-signed nor from AutoSSL.
We enabled option "Allow AutoSSL to replace invalid or expiring non-AutoSSL certificates.", however, it seems to be ignored.
Question:
It seems to be a bug, but is there a way to force the "Allow AutoSSL to replace invalid or expiring non-AutoSSL certificates." to work properly?
-
Hey there! Can you let me know what version of cPanel you're using? Are you on at least version 110?
0 -
Yes, it is version 110.0.50
0 -
Thanks for the confirmation. It's possible that you may have to use the WHM >> Manage SSL Hosts page to delete the certificate and then run AutoSSL to reinstall a new version.
0 -
That is something I would really prefer not to do, deleting currently working SSL certs on a live website is not something I want to do. Isn't there a way to somehow force AutoSSL to simply ignore the fact the current/old cert is a non-AutoSSL one?
0 -
The tool *should* be handling that properly since you've chosen that overwrite option in the configuration. Since that isn't working it would be best to create a ticket so this can be investigated directly on the system.
0 -
OK, I simply used the method you suggested - i.e. I deleted the old certs manually and let AutoSSL create new ones. It worked but not going to lie, was a bit scary :)
0 -
I'm glad to hear it went well!
0
Please sign in to leave a comment.
Comments
7 comments