Paper Lantern for cPanel accounts is being retired this year. Find out more »
cPanel & WHM Version 102 has been released, and brings a slew of great updates. Take a look at what is included, and then upgrade today!

AutoSSL fail-over

Wesley Haegens shared this idea 8 months ago
In Progress

Apparently it's possible that your provider is too busy to provide certificates for a long time and expiring certificates on your hosted websites.

I suggest a fail-over system where a secondary provider will be used if the primary is unavailable to provide certificates and the installed certificate is about to expire in n days.

Unless DNS settings prevent this of course.

Replies (7)

photo
1

Excellent idea. I just had a 'rate limiting' issue with the current provider. Allowing for multiple providers gives us some load-balancing/fail-over protection.

photo
1

We just had an issue where all of a sudden cPanel/Septico didn't issue certificates for all subdomains on a domains for some reason. Needed to manually switch to Let's Encrypt to get all certificates. Didn't even get a warning in the system. Only noticed it when trying to go to one the subdomains.

Hope that this would fix it.

photo
1

Howdy,

I wanted to check with you and see which AutoSSL provider you are currently utilizing? (LetsEncrypt or Sectigo).


Dustin Scherer (he/him) | Product Owner | @dustinscherer

photo
2

Dustin,

Using Sectigo. Really annoying. Issue shows up every once in a while... today actually being one of those times. Been stuck for hours trying to get an SSL and the log keeps indicating "The “cPanel (powered by Sectigo)” provider cannot currently accept incoming requests. The system will try again later." Weeks ago I had an SSL outage because Sectigo apparently had been have issues for an entire week and the SSL expired.


photo
1

Dustin, I thought cPanel would be aware that the Sectigo AutoSSL supplier often has issues. We gave a single server with a single sectigo certificate and we regularly get warnings that the renewal failed.

We use Let’s Encrypt on our other servers and it has been very reliable.

photo
1

We are definitely aware of the issues around Sectigo. We're working on solutions and will update this feature request as those come into play.


Dustin Scherer (he/him) | Product Owner | @dustinscherer

photo
1

Multiple fallbacks, please. We switched to Sectigo because Let's Encrypt was rate limiting us, then Sectigo started flaking out. Two providers seems insufficient.

Leave a Comment
 
Attach a file