AutoSSL fail-over
In
Progress
Apparently it's possible that your provider is too busy to provide certificates for a long time and expiring certificates on your hosted websites.
I suggest a fail-over system where a secondary provider will be used if the primary is unavailable to provide certificates and the installed certificate is about to expire in n days.
Unless DNS settings prevent this of course.
I like this idea 
cPanel, WebHost Manager and WHM are registered trademarks of cPanel, L.L.C. for providing its computer software that facilitates the management and configuration of Internet web servers.
Excellent idea. I just had a 'rate limiting' issue with the current provider. Allowing for multiple providers gives us some load-balancing/fail-over protection.
Excellent idea. I just had a 'rate limiting' issue with the current provider. Allowing for multiple providers gives us some load-balancing/fail-over protection.
We just had an issue where all of a sudden cPanel/Septico didn't issue certificates for all subdomains on a domains for some reason. Needed to manually switch to Let's Encrypt to get all certificates. Didn't even get a warning in the system. Only noticed it when trying to go to one the subdomains.
Hope that this would fix it.
We just had an issue where all of a sudden cPanel/Septico didn't issue certificates for all subdomains on a domains for some reason. Needed to manually switch to Let's Encrypt to get all certificates. Didn't even get a warning in the system. Only noticed it when trying to go to one the subdomains.
Hope that this would fix it.
Howdy,
I wanted to check with you and see which AutoSSL provider you are currently utilizing? (LetsEncrypt or Sectigo).
Dustin Scherer (he/him) | Product Owner | @dustinscherer
Howdy,
I wanted to check with you and see which AutoSSL provider you are currently utilizing? (LetsEncrypt or Sectigo).
Dustin Scherer (he/him) | Product Owner | @dustinscherer
Dustin,
Using Sectigo. Really annoying. Issue shows up every once in a while... today actually being one of those times. Been stuck for hours trying to get an SSL and the log keeps indicating "The “cPanel (powered by Sectigo)” provider cannot currently accept incoming requests. The system will try again later." Weeks ago I had an SSL outage because Sectigo apparently had been have issues for an entire week and the SSL expired.
Dustin,
Using Sectigo. Really annoying. Issue shows up every once in a while... today actually being one of those times. Been stuck for hours trying to get an SSL and the log keeps indicating "The “cPanel (powered by Sectigo)” provider cannot currently accept incoming requests. The system will try again later." Weeks ago I had an SSL outage because Sectigo apparently had been have issues for an entire week and the SSL expired.
Dustin, I thought cPanel would be aware that the Sectigo AutoSSL supplier often has issues. We gave a single server with a single sectigo certificate and we regularly get warnings that the renewal failed.
We use Let’s Encrypt on our other servers and it has been very reliable.
Dustin, I thought cPanel would be aware that the Sectigo AutoSSL supplier often has issues. We gave a single server with a single sectigo certificate and we regularly get warnings that the renewal failed.
We use Let’s Encrypt on our other servers and it has been very reliable.
We are definitely aware of the issues around Sectigo. We're working on solutions and will update this feature request as those come into play.
Dustin Scherer (he/him) | Product Owner | @dustinscherer
We are definitely aware of the issues around Sectigo. We're working on solutions and will update this feature request as those come into play.
Dustin Scherer (he/him) | Product Owner | @dustinscherer
Multiple fallbacks, please. We switched to Sectigo because Let's Encrypt was rate limiting us, then Sectigo started flaking out. Two providers seems insufficient.
Multiple fallbacks, please. We switched to Sectigo because Let's Encrypt was rate limiting us, then Sectigo started flaking out. Two providers seems insufficient.
Given that a thread in the forums regarding the Sectigo "cannot accept requests now" issue is two years old and there doesn't seem to be a permanent solution imminent, I think this feature request has a lot of merit. At first, Sectigo would fail but ultimately get a new certificate for my hosted sites prior to expiration. More recently (in the past month or two), it has begun allowing some sites to expire before it can successfully renew their certificate, leaving the customer wondering why their browser is issuing "security warnings" when they try to access their site.
As a hosting provider hosting hundreds of sites, Let's Encrypt has also rate-limited us, so while they seem reliable and fast, we can't count on them to provide all of our customers' certificates. Thus, we turned to Sectigo due to the "unlimited" nature of the service. But now we are faced with sites losing their SSL status due to expired certificates because the Sectigo logs indicate that it "wasn't currently accepting requests." We then must go into cPanel, switch our provider temporarily to Let's Encrypt, do an AutoSSL check on that one account to get the renewal certificate issued, then switch AutoSSL back to Sectigo for its normal daily renewal runs.
Having an automatic fall-back option to use another provider in case of renewal failure at expiration time could allow this process to happen without the administrator getting involved in a manual process *after* the site has already gone insecure due to an expired certificate (leaving an unhappy customer).
Please consider such an option if you can't get Sectigo working properly, consistently. Two years of this blocking issue seems too long.
Given that a thread in the forums regarding the Sectigo "cannot accept requests now" issue is two years old and there doesn't seem to be a permanent solution imminent, I think this feature request has a lot of merit. At first, Sectigo would fail but ultimately get a new certificate for my hosted sites prior to expiration. More recently (in the past month or two), it has begun allowing some sites to expire before it can successfully renew their certificate, leaving the customer wondering why their browser is issuing "security warnings" when they try to access their site.
As a hosting provider hosting hundreds of sites, Let's Encrypt has also rate-limited us, so while they seem reliable and fast, we can't count on them to provide all of our customers' certificates. Thus, we turned to Sectigo due to the "unlimited" nature of the service. But now we are faced with sites losing their SSL status due to expired certificates because the Sectigo logs indicate that it "wasn't currently accepting requests." We then must go into cPanel, switch our provider temporarily to Let's Encrypt, do an AutoSSL check on that one account to get the renewal certificate issued, then switch AutoSSL back to Sectigo for its normal daily renewal runs.
Having an automatic fall-back option to use another provider in case of renewal failure at expiration time could allow this process to happen without the administrator getting involved in a manual process *after* the site has already gone insecure due to an expired certificate (leaving an unhappy customer).
Please consider such an option if you can't get Sectigo working properly, consistently. Two years of this blocking issue seems too long.
Replies have been locked on this page!