Service disruption: domain caught in the 30s window

My domain is: northernlifemagazine.co.uk

I ran this command:

WHM > AutoSSL > Check user

It produced this output:

Log for the AutoSSL run for “northernlife”: Thursday, December 2, 2021 10:57:42 PM GMT+0000 (Let’s Encrypt™)

10:57:42 PM AutoSSL’s configured provider is “Let’s Encrypt™”.

Analyzing “northernlife”’s domains …

10:57:42 PM Analyzing “northernlifemagazine.co.uk” (website) …

10:57:42 PM ERROR TLS Status: Defective

ERROR Defect: NO_SSL: No SSL certificate is installed.

10:57:42 PM Analyzing “store.northernlifemagazine.co.uk” (website) …

10:57:42 PM ERROR TLS Status: Defective

ERROR Defect: NO_SSL: No SSL certificate is installed.

10:57:42 PM Attempting to ensure the existence of necessary CAA records …

10:57:42 PM No CAA records were created.

10:57:42 PM Verifying 6 domains’ management status …

Verifying “Let’s Encrypt™”’s authorization on 6 domains via DNS CAA records …

10:57:42 PM “www.store.northernlifemagazine.co.uk” is managed.

store.northernlifemagazine.co.uk” is managed.

mail.northernlifemagazine.co.uk” is managed.

www.northernlifemagazine.co.uk” is managed.

northernlifemagazine.co.uk” is managed.

“*.northernlifemagazine.co.uk” is managed.

All of this user’s 6 domains are managed.

CA authorized: “northernlifemagazine.co.uk

CA authorized: “*.northernlifemagazine.co.uk”

CA authorized: “www.northernlifemagazine.co.uk

CA authorized: “mail.northernlifemagazine.co.uk

CA authorized: “store.northernlifemagazine.co.uk

CA authorized: “www.store.northernlifemagazine.co.uk

“Let’s Encrypt™” is authorized to issue certificates for 6 of this user’s 6 domains.

10:57:42 PM Performing HTTP DCV (Domain Control Validation) on 5 domains …

10:57:42 PM Local HTTP DCV OK: northernlifemagazine.co.uk

Local HTTP DCV OK: www.northernlifemagazine.co.uk

Local HTTP DCV OK: mail.northernlifemagazine.co.uk

Local HTTP DCV OK: store.northernlifemagazine.co.uk

Local HTTP DCV OK: www.store.northernlifemagazine.co.uk

10:57:42 PM Verifying local authority for 1 domain …

10:57:42 PM No local authority: “*.northernlifemagazine.co.uk”

10:57:42 PM No local DNS DCV is necessary.

10:57:42 PM Processing “northernlife”’s local DCV results …

10:57:42 PM Analyzing “northernlifemagazine.co.uk”’s DCV results …

10:57:43 PM SUCCESS Let’s Encrypt DCV for “mail.northernlifemagazine.co.uk” is valid until 1/1/22, 9:36 PM UTC.

SUCCESS “Let’s Encrypt™” DCV OK: mail.northernlifemagazine.co.uk

SUCCESS Let’s Encrypt DCV for “www.northernlifemagazine.co.uk” is valid until 1/1/22, 9:08 PM UTC.

SUCCESS “Let’s Encrypt™” DCV OK: www.northernlifemagazine.co.uk

SUCCESS Let’s Encrypt DCV for “northernlifemagazine.co.uk” is valid until 1/1/22, 9:08 PM UTC.

SUCCESS “Let’s Encrypt™” DCV OK: northernlifemagazine.co.uk

AutoSSL will request a new certificate.

10:57:43 PM Analyzing “store.northernlifemagazine.co.uk”’s DCV results …

10:57:44 PM SUCCESS Let’s Encrypt DCV for “www.store.northernlifemagazine.co.uk” is valid until 1/1/22, 9:36 PM UTC.

SUCCESS “Let’s Encrypt™” DCV OK: www.store.northernlifemagazine.co.uk

SUCCESS Let’s Encrypt DCV for “store.northernlifemagazine.co.uk” is valid until 1/1/22, 9:08 PM UTC.

SUCCESS “Let’s Encrypt™” DCV OK: store.northernlifemagazine.co.uk

AutoSSL will request a new certificate.

10:57:44 PM The system will attempt to renew the SSL certificates for (northernlifemagazine.co.uk: northernlifemagazine.co.uk www.northernlifemagazine.co.uk mail.northernlifemagazine.co.uk) and (store.northernlifemagazine.co.uk: store.northernlifemagazine.co.uk www.store.northernlifemagazine.co.uk).

Certificate #1:northernlifemagazine.co.uk” and 4 other domains

Creating certificate order …

10:57:45 PM WARN Net::ACME2::x::ACME: “https://acme-v02.api.letsencrypt.org/acme/finalize/53540237/44252370540” indicated an ACME error: 403 Forbidden (403 urn:ietf:params:acme:error:orderNotReady (Order's status ("pending") is not acceptable for finalization)). at /usr/local/cpanel/Cpanel/SSL/Auto/Run/User.pm line 397.

The system has completed “northernlife”’s AutoSSL check.

-----‐--------

My web server is (include version):

LAMP

The operating system my web server runs on is (include version):

  • CentOS v7.9.2009 [cloud]
  • [v100.0.5]
    WHM and cpanel

I can login to a root shell on my machine (yes or no, or I don't know):

Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

Yes
WHM
V100.0.5


I am aware there was some disruption to acme-v02.api.letsencrypt.org, which was reported within seconds of my receiving an initial error when first applying for this certificate. Thank you team for rectifying the issue - I just wanted to check whether the wording in the continuing error is of concern and needs action, or will resolve itself in time.

2 Likes

These three can be combined:

          northernlifemagazine.co.uk
        *.northernlifemagazine.co.uk
www.store.northernlifemagazine.co.uk

And these five can be combined:

          northernlifemagazine.co.uk
     mail.northernlifemagazine.co.uk
      www.northernlifemagazine.co.uk
    store.northernlifemagazine.co.uk
www.store.northernlifemagazine.co.uk

But I don't think you can combine all six on the same cert.
[the wildcard overlaps with "www, mail, store"]

2 Likes

Thank you @rg305 for your reply on this. I allowed autoSSL to run overnight for all users to see if that would fix the issue but it didn't. What did work was going into cpanel for the individual account and using the SSL/TLS Status screen to exclude two of the subdomains from autoSSL. These domains were the ones automatically included by cpanel (www.store. and mail.) which are not needed anyway but always seem to get included in requests. This action, which changed the request to Let's Encrypt to one single certificate, has worked:

The system will attempt to renew the SSL certificates for (northernlifemagazine.co.uk: northernlifemagazine.co.uk www.northernlifemagazine.co.uk) and (store.northernlifemagazine.co.uk: store.northernlifemagazine.co.uk).
Certificate #1:northernlifemagazine.co.uk” and 2 other domains
Creating certificate order …
6:32:58 AM Installing “store.northernlifemagazine.co.uk”’s new certificate …
6:32:58 AM SUCCESS Success!
6:32:58 AM Installing “northernlifemagazine.co.uk”’s new certificate …
6:32:58 AM SUCCESS Success!
6:32:58 AM The system has completed “northernlife”’s AutoSSL check.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.