Problems with CertSage ACME client (version 1.4.1)

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: mslweb.net

I ran this command: Installed according to griffin's instructions.

It produced this output: It works well for a few hours and then it is no longer valid

My web server is (include version): grserver, Apache Version 2.4.57, MySQL Version 8.0.34, Perl Version 5.16.3

The operating system my web server runs on is (include version): linux, Kernel Version 3.10.0-962.3.2.lve1.5.49.el7.x86_64

My hosting provider, if applicable, is: accuwebhosting.com

I can login to a root shell on my machine (yes or no, or I don't know): I don't know

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): cPanel Version 110.0 (build 8)

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): I don't know

I am a newbie here, so apologies in advance if this makes no sense. I installed CertSage ACME client (version 1.4.1) according to griffin's instructions. It works well for a few hours, but then it fails the browser checks. I have tried with multiple browsers, clearing cache and all, but the problem persists. I have deleted all traces of the SSL in my cPanel file manager and started from scratch many times, but the result is always the same: works for a few hours and then stops working. I ran a check using SSL Checker and everything looks great (green), but another check using SSL Server Test (Powered by Qualys SSL Labs) showed this problem:

SSL Report: mslweb.net (3.127.93.80)

Assessed on: Thu, 27 Jul 2023 05:46:08 UTC | Hide | Clear cache

Certificate name mismatch
Click here to ignore the mismatch and proceed with the tests

Try these other domain names (extracted from the certificates):

*** webmail.accu1.cloudhostingforlinux.com**
*** cpcontacts.accu1.cloudhostingforlinux.com**
*** accu1.cloudhostingforlinux.com**
*** webdisk.accu1.cloudhostingforlinux.com**
*** cpanel.accu1.cloudhostingforlinux.com**
*** cpcalendars.accu1.cloudhostingforlinux.com**
*** mail.accu1.cloudhostingforlinux.com**
*** www.accu1.cloudhostingforlinux.com**

What does this mean?

We were able to retrieve a certificate for this site, but the domain names listed in it do not match the domain name you requested us to inspect. It's possible that:

*** The web site does not use SSL, but shares an IP address with some other site that does.**
*** The web site no longer exists, yet the domain name still points to the old IP address, where some other site is now hosted.**
*** The web site uses a content delivery network (CDN) that does not support SSL.**
*** The domain name is an alias for a web site whose main name is different, but the alias was not included in the certificate by mistake.**

SSL Report v2.1.10

I wonder if the issue is with my hosting provider or if I messed something up and it's all my fault. I hope this makes sense and you can help. Thanks.

2 Likes
2

looks like they have autossl running: to go cpanel setting and add your domain for autossl config

6 Likes
3

Update on the problem I reported earlier: I clicked on the ignore mismatch option provided by the ssllabs website and the resulting full report is the following:

1690450887335
16904508873351440×7924 1.36 MB

Thanks in advance!

2 Likes
4

Hi, orangepizza. Many thanks for your kind reply. I wonder how I could have missed this. I will give it a try and then report back if this has solved the issue. Best. MSL

1 Like
5

Welcome to the Let's Encrypt Community, Miguelangel! :slightly_smiling_face:

CertSage is able to acquire a certificate covering these domain names (if their DNS entries point to your cPanel server):

  • mslweb.net
  • www.mslweb.net
  • mail.mslweb.net

Your current working certificate (issued by cPanel and thus not acquired by AutoSSL from Let's Encrypt) covers these domain names:

  • mail.mslweb.net
  • cpanel.mslweb.net
  • cpcalendars.mslweb.net
  • cpcontacts.mslweb.net
  • mslweb.net
  • webdisk.mslweb.net
  • webmail.mslweb.net

Note that www.mslweb.net is not in that list.

From your SSL Labs report results listed above, it looks to me like your server is/was intermittently serving two different certificates with the first being a self-signed, default (aka snakeoil) certificate from your hosting provider and the second being the one issued by cPanel covering the domain names mentioned above. That intermittent behavior would seem to indicate that your server has/had some confusion over which certificate to serve, which would indicate to me the need to remove the snakeoil certificate in cPanel.

I also performed a (less-exhaustive) check from a different service to confirm behavior:

https://decoder.link/sslchecker/mslweb.net/443

In your case, cPanel is able to issue certificates for you directly, so there's no need for you to use CertSage or AutoSSL.

8 Likes
6

Griffin, you star! Thanks so much. This has been sorted now. All the best!

5 Likes
7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.