SSL certificate about to expire

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: mrsphysics.co.uk

I ran this command:
|AutoSSL did not renew the certificate for β€œmrsphysics.co.uk”. You must take action to keep this site secure.

The β€œLetsEncrypt” AutoSSL provider could not renew the SSL certificate without a reduction of coverage because of the following problems:

:no_entry: www.mrsphysics.co.uk (checked on Feb 18, 2023 at 5:52:16 PM UTC)

DNS DCV: No local authority: β€œwww.mrsphysics.co.uk”; HTTP DCV: The system queried for a temporary file at β€œhttps://www.mrsphysics.co.uk/.well-known/acme-challenge/3-0PIM-TFE4AUOSNS_C2E07DU0M1OZ1K”, which was redirected from β€œhttp://www.mrsphysics.co.uk/.well-known/acme-challenge/3-0PIM-TFE4AUOSNS_C2E07DU0M1OZ1K”. The web server responded with the following error: 404 (Not Found). A DNS (Domain Name System) or web server misconfiguration may exist. The domain β€œwww.mrsphysics.co.uk” resolved to an IP address β€œ92.205.13.44” that does not exist on this server.

:no_entry: webdisk.mrsphysics.co.uk (checked on Feb 18, 2023 at 5:52:16 PM UTC)

DNS DCV: No local authority: β€œwebdisk.mrsphysics.co.uk”; HTTP DCV: β€œwebdisk.mrsphysics.co.uk” does not resolve to any IP addresses on the internet.

:no_entry: cpcontacts.mrsphysics.co.uk (checked on Feb 18, 2023 at 5:52:16 PM UTC)

DNS DCV: No local authority: β€œcpcontacts.mrsphysics.co.uk”; HTTP DCV: β€œcpcontacts.mrsphysics.co.uk” does not resolve to any IP addresses on the internet.

:no_entry: mrsphysics.co.uk (checked on Feb 18, 2023 at 5:52:16 PM UTC)

DNS DCV: No local authority: β€œmrsphysics.co.uk”; HTTP DCV: The system queried for a temporary file at β€œhttps://mrsphysics.co.uk/.well-known/acme-challenge/YOXXZ-39__4LPB0LKFGNO0F-4AU7W6BB”, which was redirected from β€œhttp://mrsphysics.co.uk/.well-known/acme-challenge/YOXXZ-39__4LPB0LKFGNO0F-4AU7W6BB”. The web server responded with the following error: 404 (Not Found). A DNS (Domain Name System) or web server misconfiguration may exist. The domain β€œmrsphysics.co.uk” resolved to an IP address β€œ92.205.13.44” that does not exist on this server.

:no_entry: webmail.mrsphysics.co.uk (checked on Feb 18, 2023 at 5:52:16 PM UTC)

DNS DCV: No local authority: β€œwebmail.mrsphysics.co.uk”; HTTP DCV: β€œwebmail.mrsphysics.co.uk” does not resolve to any IP addresses on the internet.

:no_entry: cpanel.mrsphysics.co.uk (checked on Feb 18, 2023 at 5:52:16 PM UTC)

DNS DCV: No local authority: β€œcpanel.mrsphysics.co.uk”; HTTP DCV: β€œcpanel.mrsphysics.co.uk” does not resolve to any IP addresses on the internet.

:no_entry: mail.mrsphysics.co.uk (checked on Feb 18, 2023 at 5:52:16 PM UTC)

DNS DCV: No local authority: β€œmail.mrsphysics.co.uk”; HTTP DCV: β€œmail.mrsphysics.co.uk” does not resolve to any IP addresses on the internet.

:no_entry: cpcalendars.mrsphysics.co.uk (checked on Feb 18, 2023 at 5:52:16 PM UTC)

DNS DCV: No local authority: β€œcpcalendars.mrsphysics.co.uk”; HTTP DCV: β€œcpcalendars.mrsphysics.co.uk” does not resolve to any IP addresses on the internet.

For the most current status, navigate to the β€œSSL/TLS Status” interface. You can also exclude domains from future renewal attempts, which would cease future notifications.

The following domains will lose SSL coverage when the certificate expires:

The certificate that is installed on this website contains the following properties:

Expiration: Friday, March 3, 2023 at 2:52:59 PM UTC
Domain Names: cpanel.mrsphysics.co.uk
cpcalendars.mrsphysics.co.uk
cpcontacts.mrsphysics.co.uk
mail.mrsphysics.co.uk
mrsphysics.co.uk
webdisk.mrsphysics.co.uk
webmail.mrsphysics.co.uk
www.mrsphysics.co.uk
Subject: commonName webmail.mrsphysics.co.uk
Issuer: countryName US


organizationName Let's Encrypt
commonName R3

To upgrade to an EV or OV certificate, navigate to the β€œSSL/TLS Wizard” interface.
The system generated this notice on Saturday, February 18, 2023 at 5:52:21 PM UTC.

You can disable the β€œAutoSSL cannot request a certificate because all of the website’s domains have failed DCV (Domain Control Validation).” type of notification through the cPanel interface: https://quasar.servers.prgn.misp.co.uk:2083/?goto_app=ContactInfo_Change

Do not reply to this automated message.||

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:
tsohosting
I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Can anyone translate this into a language that someone with no web knowledge can understand. Is this becuase I migrated my site from cPanel Business to cPanel Deluxe with tsohost?

1 Like

I can try, but it probably won't be easy.

First, the simple errors:

These "does not resolve to any IP addresses on the internet" errors (which is also the case for the cpanel, mail, webdisk, cpcontacts and cpcalendars subdomains) mean those hostnames do not exist in the Domain Name System (DNS) at TsoHost any longer. But I can't tell you why they don't exist any more, only you or your hoster would know.

The error for the mrsphysics.co.uk and www.mrsphysics.co.uk hostnames is more difficult. Because it probably relates to how the "AutoSSL" plugin is integrated or can work together with the webserver. I'm assuming that the "cPanel Deluxe" product is a shared hosting product without you having any actual control over the server, except for the cPanel control panel?

Also, did you previously also use TsoHost for your "cPanel Business" product?

In any case, the first issue with regard to the missing hostnames in the DNS might be fixed by removing the hostnames from the certificate somehow. However, that would mean those sites wouldn't be accessible securely any longer. But without an entry in the DNS, those hostnames aren't reachable entirely anyway...

The second issue with regard to mrsphysics.co.uk and www.mrsphysics.co.uk is probably something only TsoHost can fix.

6 Likes

Is it likely because I transferred from cPanel Business to Delux?

1 Like

Could be, but I'm not familiar with TsoHost, cPanel nor both of those products. So I can't say for sure.

4 Likes

Is that the expected IP for that domain and system?

5 Likes

Do I log on to tsohost to locate my server?

1 Like

Welcome to theLet's Encrypt Community, Jennie! :slightly_smiling_face:

It is very common with cPanel setups to not cover all of the cPanel "utility" subdomain names on your own certificate either because those subdomain entries don't actually exist in DNS as @Osiris mentioned or because they point to cPanel pages rather than the HTTP-01 challenge files needed for a Let's Encrypt certificate. Either way, those types of "utility" subdomain names that are supported by your provider are usually covered by their certificate when you use them. That said, usually at the very least example.com, www.example.com, and mail.example.com point to the Apache webserver managed by the cPanel instance and can therefore be covered by your certificate since they are able to serve the needed HTTP-01 challenge files. Based on the errors for the two primary names, I suspect that you are logging into cPanel via your hosting provider's website rather than directly into cPanel via your own website (https://www.mrsphysics.co.uk:2083), meaning that the cPanel instance running AutoSSL at which you are looking isn't the actual cPanel instance hosting your website (at 92.205.13.44). In essence, your current errors are rather a red herring.

5 Likes

It does seem possible that there are setup steps that were done (maybe by someone else or automatically by computer software) that were effectively undone and not redone as a result of this migration, especially if that's the main thing that changed recently.

It will be good news if @griffin's analysis is right and so those steps are ultimately not ones that need to be redone. :slight_smile: However, your main site's current certificate does expire on March 3, so I'm not confident that things are all OK yet.

4 Likes

Thanks so much. I think I'd better employ some help!

3 Likes

Before incurring that cost, I highly recommend trying to login directly to your cPanel using the link I provided above (with :2083 attached) to check the settings there. In case you're wondering, port 2083 is for logging into your cPanel itself and port 2096 is for logging into your cPanel email. Using these types of links can be very convenient.

https://www.mrsphysics.co.uk:2083

https://www.mrsphysics.co.uk:2096

5 Likes

Thank you for helping me so much! I can't believe you are all helping so much.
Jennie

5 Likes

It's what we do here. :slightly_smiling_face:

5 Likes

Thanks but I've no idea what my cPanel username or password might be and have no idea how to reset it or find what it is. Someone initially set up the website but he's moved on :sob::sob::sob:

2 Likes

URGH! My wonderful support Cal Laird has got to the bottom of it. TSOHOST now charges Β£20+ pa to host a third party certificate. As my website is in 9 parts then that is going to be 9 lots of Β£20+ pa.
Time I looked for a new host, any recommendations? I need a huge amount of space. I run this website for free to users for educational purposes.

@Bruce5051 That's why they're asking for recommendations......

All I know is a non-exhaustive list of providers with (or without) good (free) certificate support at Does My Hosting Provider Offer HTTPS? | Certbot

3 Likes

Why would one need to pay for a certificate if one has their own hardware? Usually that's just for shared hosting, as with your own hardware, you have root access and you can do whatever you want.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.