المساعد الشخصي الرقمي

مشاهدة النسخة كاملة : سي بانيل cPanel | شهادات SSL حل مشكلة AutoSSL pending order stuck in queue



Rise Company
09-04-2022, 17:13
سي بانيل cPanel | شهادات SSL حل مشكلة AutoSSL pending order stuck in queue
How to clear stuck AutoSSL queue in cPanel - Flush cPanel AutoSSL Queue
Autossl renewal in pending queue for days on multiple servers
cannot currently accept incoming requests. The system will try again later.
OPENSSL_VERIFY: The certificate chain failed OpenSSL’s verification (0:18:DEPTH_ZERO_SELF_SIGNED_CERT).
cpanel newdomains autossl not generating
ERROR TLS Status: Defective

المشكلة :

عند حجز دومين جديد او عمل subdomain لا يتم توليد تلقائى لشهادة SSL
فتجد ان الشهادة معلقة فى وضع pending
لكى تعرف حل المشكلة اذهب الى سيرفر اخر تابع لك وقم بعمل subdomain
وتحقق اذا كانت شهادة ssl تولد ام لا وفى الغالب هتجد ان المشكلة عامة
بسبب خلل او تحديث عند موزد شهادات SSL

سبب المشكلة :

This may be caused by rate limiting at Sectigo. After a significant number of SSL requests from all cPanel customers have been submitted to the AutoSSL provider Sectigo, additional requests will be rate-limited. When the rate limit is in place, this message will appear when attempting to run AutoSSL.
This may also be due to issues or maintenance at Sectigo. The following status page will track such events.
https://sectigo.status.io (https://sectigo.status.io/)






حل المشكلة :

فى الغالب مشكلة من موزد شهادات SSL يجب ان تنتظر وحاول بعد ساعات

او قم ببعض المحاولات منها

حذف QUE المخذن

first of all I moved out a pending ssl queue by

mv /var/cpanel/autossl_queue_cpanel.sqlite /var/cpanel/autossl_queue_cpanel.sqlite.bak



ثم ادخل هذا الامر لاعادة الطلب SSL


/usr/local/cpanel/bin/autossl_check_cpstore_queue --force

قد يكون لديك ملف .htaccess بداخله forward يمنع تولد الشهادة

then tried to issue the SSL and showing the warnings/errors which mostly causes due to rewrite rules in .htaccess
so I have renamed .htaccess and then able to issue the SSL, please check and confirm for the same.
After issuing the ssl I have moved back your .htaccess_bk to original .htaccess

-----------------------------------

حل اخر



/scripts/autorepair update_sectigo_cabundles
/usr/local/cpanel/bin/checkallsslcerts --force
/scripts/restartsrv_apache


ملحوظة:

متوقع بعد 3 ساعات تقريبا تجد المشكلة اتحلت من نفسها
وبيكون السبب هو delay من مزود شهادات ssl

------------------------------------------------


حل المشكلة النهائى
حول الى Lets Encrypt
ولن تواجه اى مشكلة وهتجد ان التفعيل سريع جدا جدا
التثبيت من هنا


/usr/local/cpanel/scripts/install_lets_encrypt_autossl_provider

ثم

In WHM -> Manage AutoSSL -> Providers tab -> Select Lets Encrypt and click save.

شاهد ايضا
سي بانيل CPANEL | شهادات SSL حل مشكلة DNSKEY MISSING; DNS PROBLEM: LOOKING UP AAAA (https://www.rise.company/forum/showthread.php/99191-%D8%B3%D9%8A-%D8%A8%D8%A7%D9%86%D9%8A%D9%84-cPanel-%D8%B4%D9%87%D8%A7%D8%AF%D8%A7%D8%AA-SSL-%D8%AD%D9%84-%D9%85%D8%B4%D9%83%D9%84%D8%A9-DNSKEY-Missing-DNS-problem-looking-up-AAAA)
المرجع:
https://support.cpanel.net/hc/en-us/articles/360048668574?_ga=2.103246978.302853982.1672663571-90341209.1638625035
https://support.cpanel.net/hc/en-us/articles/5291034412695-AutoSSL-order-stuck-in-queue-on-NAT-systems-when-domain-subdomain-resolves-to-the-local-IP-address
https://www.itechlounge.net/2021/11/linux-how-to-clear-stuck-autossl-queue-in-cpanel/
https://forums.cpanel.net/threads/autossl-renewal-in-pending-queue-for-days-on-multiple-servers.695837/
https://support.cpanel.net/hc/en-us/articles/360052762394-How-to-check-the-AutoSSL-queue-for-certificates-that-have-already-been-submitted-
https://forums.cpanel.net/threads/all-certificates-changed-to-lets-encrypt.673201/
https://support.cpanel.net/hc/en-us/articles/360043943774

Rise Company
03-01-2023, 14:00
حل اخر التحويل الى LetsEncrypt

I was able to resolve the problem for now by
moving to LetsEncrypt as our AutoSSL provider.

Instructions:

Step 1 :
Install Lets Encrypt cpanel plugin
Run the following command in ssh :


/usr/local/cpanel/scripts/install_lets_encrypt_autossl_provider


Step 2:
In WHM -> Manage AutoSSL -> Providers tab -> Select Lets Encrypt and click save.

Step 3:
Run AutoSSL For All Users (Alternatively you may just do it for the domain where ssl did not renew)

المرجع:
https://support.cpanel.net/hc/en-us/articles/360062635693-How-To-Install-LetsEncrypt-for-AutoSSL

Rise Company
03-01-2023, 14:06
Ok, I had the same problem with autoSSL showing defective certificate on my subdomains. It has been solved by following the advise from the link from tmcstom that we should update everything on the server. Inside WHM interface, in the left column I simply needed to find and click on system update then software update and then cpanel update and then hard restart my whole server. I rerun the AutoSSL and it this time it went correctly and reinstalled the certificates and now all is green.

Rise Company
03-01-2023, 14:50
https://www.rise.company/forum/images/imported/2023/01/1.jpg