problems with autossl_check, checkallsslcerts and digicert.com

Hello,

Since Weds 3rd June we've noticed that there are issues contacting ocsp.digicert.com from two servers that use a wildcard certificate we bought to secure cpanel services. The certificate expires in October this year. I thought it would resolve itself but, alas, no.

The two servers are on entirely different networks and the certificate has been installed on each

The certificate runs on a main server and a DNS Only server, both are having trouble reaching digicert.

I've run some tests and both our local DNS lookups match with public DNS and pings to the IPs below work fine.

# dig A +short ocsp.digicert.com
ocsp.edge.digicert.com.
ocsp.digicert.com.cdn.cloudflare.net.
162.159.142.9
172.66.2.5

Curl "get" works but appreciate the error report is from using post.

# curl -I http://ocsp.digicert.com:80
HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Tue, 24 Mar 2026 18:33:23 GMT
ETag: "69c2d8f3-267"
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
Cache-Control: max-age=722
Date: Fri, 05 Jun 2026 08:20:00 GMT
Connection: keep-alive

We have CSF on each server (main and DNS Only) and port 80 is open outbound.

The error we're seeing consistently is:

Server 1:
[2026-06-05 11:42:05 +1000]
warn [autossl_check] Cpanel::Exception::HTTP::Network/(XID zxgda6)
The system failed to send an HTTP (Hypertext Transfer Protocol) “POST” request to “http://ocsp.digicert.com” because of an error: Could not connect to 'ocsp.digicert.com:80': Network is unreachable

Server 2: DNS Only.
[2026-06-05 12:42:57 +1000] warn [checkallsslcerts] Retrying after network failure: (XID rd25qv) The system failed to send an HTTP (Hypertext Transfer Protocol) “POST” request to “http://ocsp.digicert.com” because of an error: Could not connect to 'ocsp.digicert.com:80': Network is unreachable
[2026-06-05 12:42:57 +1000] warn [checkallsslcerts] Cpanel::Exception::HTTP::Network/(XID 2a7kb6) The system failed to send an HTTP (Hypertext Transfer Protocol) “POST” request to “http://ocsp.digicert.com” because of an error: Could not connect to 'ocsp.digicert.com:80': Network is unreachable

The feedback from DigiCert support is this:

This seems to be an issue on your network not being able to reach ocsp.digicert.com server.
Because this is a DNS only server could you please make sure that there is no restrictions on the outbound access. Also check your firewall if there is any block on the outbound port 80
So it is possible you have something on you network blocking it, as it works fine for me and other testing it.

Stand out for me is that we have several servers on totally different networks experiencing the same behaviour.

One final thought: The certificate we bought was from a new provider and not the previous provider, the old certificate expired on the same day the errors started, although we removed the old certificate from both servers. Coincidence.

Would you have any ideas as to why we're receiving this error? Is it possible to debug this further?

I'm heeding the advice in the online docs not to run the checkallsslcerts script unless instructed.

Cheers.