AutoSSL Certificate Renewal still pending over 48 hours after expiration..

P

petersconsult

Member
Hello,
i'm having an issue on 4 domains (31 sub-domains total) that expired over 48 hours ago, and AutoSSL lists the demands for renewal as still pending in the AutoSSL Pending Queue..
My question is this: is there a way to purge this queue and start again with a new request?
It seems like these certificate requests must have just timed out somewhere along the process (the txt file used for authentication is still accessible on these domains)..

Any help would be appreciated!
Thank you
 
Hello,

There doesn't appear to be a way to cancel an AutoSSL request. This is most likely due to the fact that AutoSSL requests get sent to be processed by the cPanel Store; who in turn has to wait on Comodo to issue the certificate.

If it's still pending, then it's entirely possible that they are behind on the processing as there is a queue based system that is used and from what I've read from cPanel threads; this can affect how long it takes for a pending certificate to be issued.

Have you ran a check against the users that are still pending? It's possible that this would nudge the process, and if not; provide a log of what it's doing.

Regards,

KnownHost; out front when it comes to US VPS hosting.
 
Thank you for the quick reply!

Yes, i've probably run too many checks...
i have to admit that this is a little disconcerting; the certificates are supposed to start renewing 15 days before their expiration; this means that the process of renewing these certs is taking at least 18 days, and this has to happen every 3 months...

i really miss the StartSSL free certificate service!
 
If it's been over 5+ days, I recommend submitting a ticket so that we can contact cPanel on your behalf and ask them to investigate into your AutoSSL pending processes.

This would allow us to get additional answers regarding this process and in turn, provide you with additional insight -- we always relay what cPanel states to us to the customer as to keep everyone informed.
 
Thank you!
Looking through the logs, it seems like it's been trying to obtain renewed certificates since May 7, so 17 days...

i'll open a ticket..
 
Just an update to this thread.

This issue turned out to be an AutoSSL bug with cPanel.

Internal Case Number: CPANEL-13344 was assigned for their development team to investigate and correct.

For some reason, AutoSSL was experiencing issues with Comodo being unable to validate subdomains; which lead to the SSL orders staying in the pending status and being revoked after 7 days; only to reschedule themselves at the next check in.

In case anyone else experiences this; the solution and current work around is to swap to Let's Encrypt until the AutoSSL issue is fixed.

This does not appear to be happening to all servers utilizing AutoSSL.
 
Just an update to say that, working with the always-awesome support staff at KH, i installed the LetsEncrypt plugin referenced above by DarkSorrow and the certificates were immediately issued.
Everything seems to work fine...
i rely on SSL certificates mostly for email service as i only allow SSL/TLS client connections to the mail server.
Apple Mail seems to honor the LetsEncrypt certificate just fine; i don't believe that any of my clients use Windows, so i can't speak for Outlook, and Android users seem to connect just fine as well..

i will update if i run into any issues, but, so far, so good.

Just a reminder, here is the info for the LetsEncrypt plugin (exceedingly easy to install and activate):
https://documentation.cpanel.net/display/CKB/The+Let's+Encrypt+Plugin
 
I don't know why but for some reason when you install LetsEncrypt it doesn't create a icon in the users cpanel. I seen some hosts cpanels who have a link within cpanel for it. Maybe something KH can look into. Long as it works it's not a real biggie :)
 
I don't see the need to install or trouble shoot a 3rd party plugin when a built in feature already does the same thing. AutoSSL provides Let's Encrypt SSL certificates.
 
@TMCS: but that's the whole point!
The default AutoSSL provider (cPanel/Comodo) could not issue SSL certificates for some domains that contained the subdomain 'webmail.domain.tld'.
This is a known issue for which cPanel created a support ticket...
Maybe read all posts above...
 
petersconsult said:
@TMCS: but that's the whole point!
The default AutoSSL provider (cPanel/Comodo) could not issue SSL certificates for some domains that contained the subdomain 'webmail.domain.tld'.
This is a known issue for which cPanel created a support ticket...
Maybe read all posts above...
Click to expand...

From what I *read* it appears the issue was with the COMODO provider and switching AutoSSL provider to Let's Encrypt corrected the issue.

From the KH tech:
"Internal Case Number: CPANEL-13344 was assigned for their development team to investigate and correct.

For some reason, AutoSSL was experiencing issues with Comodo being unable to validate subdomains; which lead to the SSL orders staying in the pending status and being revoked after 7 days; only to reschedule themselves at the next check in.

In case anyone else experiences this; the solution and current work around is to swap to Let's Encrypt until the AutoSSL issue is fixed.

This does not appear to be happening to all servers utilizing AutoSSL."

Not an issue with AutoSSL but with the provider. AutoSSL allows you to either use Comodos or Let's Encrypt as a provider and switching over to Let's Encrypt allowed the new SSL certs to be installed.

Thanks!
 
indeed, but in order to switch to LetsEncrypt, you have to install their '3rd party plugin'..

or perhaps i did not understand what you meant when you said:
"I don't see the need to install or trouble shoot a 3rd party plugin when a built in feature already does the same thing"

if so, my bad..
 
2nd line on linked page:
"cPanel & WHM ships with the cPanel (powered by Comodo) provider. To install the Let's Encrypt™ AutoSSL provider plugin, read our The Let's Encrypt Plugin documentation."

That means that you have to install the plugin, which, as i stated above, worked out fine to resolve the Certificate issue from the default provider (cPanel/Comodo)

i will update this thread if i run into any issues with mail clients or browsers or anything else recognizing the LetsEncrypt CA.

Be Well.
 
There's a difference between the Let's Encrypt WHM plugin and the Let's Encrypt provider for AutoSSL. But either way, I'm glad it's working for you.

Beers all around!
 
You must log in or register to reply here.
Top