SSL certificate about to expire

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: mrsphysics.co.uk

I ran this command:
|AutoSSL did not renew the certificate for “mrsphysics.co.uk”. You must take action to keep this site secure.

The “LetsEncrypt” AutoSSL provider could not renew the SSL certificate without a reduction of coverage because of the following problems:

www.mrsphysics.co.uk (checked on Feb 18, 2023 at 5:52:16 PM UTC)

DNS DCV: No local authority: “www.mrsphysics.co.uk”; HTTP DCV: The system queried for a temporary file at “https://www.mrsphysics.co.uk/.well-known/acme-challenge/3-0PIM-TFE4AUOSNS_C2E07DU0M1OZ1K”, which was redirected from “http://www.mrsphysics.co.uk/.well-known/acme-challenge/3-0PIM-TFE4AUOSNS_C2E07DU0M1OZ1K”. The web server responded with the following error: 404 (Not Found). A DNS (Domain Name System) or web server misconfiguration may exist. The domain “www.mrsphysics.co.uk” resolved to an IP address “92.205.13.44” that does not exist on this server.

webdisk.mrsphysics.co.uk (checked on Feb 18, 2023 at 5:52:16 PM UTC)

DNS DCV: No local authority: “webdisk.mrsphysics.co.uk”; HTTP DCV: “webdisk.mrsphysics.co.uk” does not resolve to any IP addresses on the internet.

cpcontacts.mrsphysics.co.uk (checked on Feb 18, 2023 at 5:52:16 PM UTC)

DNS DCV: No local authority: “cpcontacts.mrsphysics.co.uk”; HTTP DCV: “cpcontacts.mrsphysics.co.uk” does not resolve to any IP addresses on the internet.

mrsphysics.co.uk (checked on Feb 18, 2023 at 5:52:16 PM UTC)

DNS DCV: No local authority: “mrsphysics.co.uk”; HTTP DCV: The system queried for a temporary file at “https://mrsphysics.co.uk/.well-known/acme-challenge/YOXXZ-39__4LPB0LKFGNO0F-4AU7W6BB”, which was redirected from “http://mrsphysics.co.uk/.well-known/acme-challenge/YOXXZ-39__4LPB0LKFGNO0F-4AU7W6BB”. The web server responded with the following error: 404 (Not Found). A DNS (Domain Name System) or web server misconfiguration may exist. The domain “mrsphysics.co.uk” resolved to an IP address “92.205.13.44” that does not exist on this server.

webmail.mrsphysics.co.uk (checked on Feb 18, 2023 at 5:52:16 PM UTC)

DNS DCV: No local authority: “webmail.mrsphysics.co.uk”; HTTP DCV: “webmail.mrsphysics.co.uk” does not resolve to any IP addresses on the internet.

cpanel.mrsphysics.co.uk (checked on Feb 18, 2023 at 5:52:16 PM UTC)

DNS DCV: No local authority: “cpanel.mrsphysics.co.uk”; HTTP DCV: “cpanel.mrsphysics.co.uk” does not resolve to any IP addresses on the internet.

mail.mrsphysics.co.uk (checked on Feb 18, 2023 at 5:52:16 PM UTC)

DNS DCV: No local authority: “mail.mrsphysics.co.uk”; HTTP DCV: “mail.mrsphysics.co.uk” does not resolve to any IP addresses on the internet.

cpcalendars.mrsphysics.co.uk (checked on Feb 18, 2023 at 5:52:16 PM UTC)

DNS DCV: No local authority: “cpcalendars.mrsphysics.co.uk”; HTTP DCV: “cpcalendars.mrsphysics.co.uk” does not resolve to any IP addresses on the internet.

For the most current status, navigate to the “SSL/TLS Status” interface. You can also exclude domains from future renewal attempts, which would cease future notifications.

The following domains will lose SSL coverage when the certificate expires:

• cpanel.mrsphysics.co.uk
• cpcalendars.mrsphysics.co.uk
• cpcontacts.mrsphysics.co.uk
• mail.mrsphysics.co.uk
• mrsphysics.co.uk
• webdisk.mrsphysics.co.uk
• webmail.mrsphysics.co.uk
• www.mrsphysics.co.uk

The certificate that is installed on this website contains the following properties:

Expiration: Friday, March 3, 2023 at 2:52:59 PM UTC
Domain Names: cpanel.mrsphysics.co.uk
cpcalendars.mrsphysics.co.uk
cpcontacts.mrsphysics.co.uk
mail.mrsphysics.co.uk
mrsphysics.co.uk
webdisk.mrsphysics.co.uk
webmail.mrsphysics.co.uk
www.mrsphysics.co.uk
Subject: commonName webmail.mrsphysics.co.uk
Issuer: countryName US

organizationName Let's Encrypt
commonName R3

To upgrade to an EV or OV certificate, navigate to the “SSL/TLS Wizard” interface.
The system generated this notice on Saturday, February 18, 2023 at 5:52:21 PM UTC.

You can disable the “AutoSSL cannot request a certificate because all of the website’s domains have failed DCV (Domain Control Validation).” type of notification through the cPanel interface: https://quasar.servers.prgn.misp.co.uk:2083/?goto_app=ContactInfo_Change

Do not reply to this automated message.||

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:
tsohosting
I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Can anyone translate this into a language that someone with no web knowledge can understand. Is this becuase I migrated my site from cPanel Business to cPanel Deluxe with tsohost?

I can try, but it probably won't be easy.

First, the simple errors:

These "does not resolve to any IP addresses on the internet" errors (which is also the case for the cpanel, mail, webdisk, cpcontacts and cpcalendars subdomains) mean those hostnames do not exist in the Domain Name System (DNS) at TsoHost any longer. But I can't tell you why they don't exist any more, only you or your hoster would know.

The error for the mrsphysics.co.uk and www.mrsphysics.co.uk hostnames is more difficult. Because it probably relates to how the "AutoSSL" plugin is integrated or can work together with the webserver. I'm assuming that the "cPanel Deluxe" product is a shared hosting product without you having any actual control over the server, except for the cPanel control panel?

Also, did you previously also use TsoHost for your "cPanel Business" product?

In any case, the first issue with regard to the missing hostnames in the DNS might be fixed by removing the hostnames from the certificate somehow. However, that would mean those sites wouldn't be accessible securely any longer. But without an entry in the DNS, those hostnames aren't reachable entirely anyway...

The second issue with regard to mrsphysics.co.uk and www.mrsphysics.co.uk is probably something only TsoHost can fix.

Is it likely because I transferred from cPanel Business to Delux?

Could be, but I'm not familiar with TsoHost, cPanel nor both of those products. So I can't say for sure.

Is that the expected IP for that domain and system?

Do I log on to tsohost to locate my server?

Welcome to theLet's Encrypt Community, Jennie!

It is very common with cPanel setups to not cover all of the cPanel "utility" subdomain names on your own certificate either because those subdomain entries don't actually exist in DNS as @Osiris mentioned or because they point to cPanel pages rather than the HTTP-01 challenge files needed for a Let's Encrypt certificate. Either way, those types of "utility" subdomain names that are supported by your provider are usually covered by their certificate when you use them. That said, usually at the very least example.com, www.example.com, and mail.example.com point to the Apache webserver managed by the cPanel instance and can therefore be covered by your certificate since they are able to serve the needed HTTP-01 challenge files. Based on the errors for the two primary names, I suspect that you are logging into cPanel via your hosting provider's website rather than directly into cPanel via your own website (https://www.mrsphysics.co.uk:2083), meaning that the cPanel instance running AutoSSL at which you are looking isn't the actual cPanel instance hosting your website (at 92.205.13.44). In essence, your current errors are rather a red herring.

It does seem possible that there are setup steps that were done (maybe by someone else or automatically by computer software) that were effectively undone and not redone as a result of this migration, especially if that's the main thing that changed recently.

It will be good news if @griffin's analysis is right and so those steps are ultimately not ones that need to be redone. However, your main site's current certificate does expire on March 3, so I'm not confident that things are all OK yet.

Thanks so much. I think I'd better employ some help!

Before incurring that cost, I highly recommend trying to login directly to your cPanel using the link I provided above (with :2083 attached) to check the settings there. In case you're wondering, port 2083 is for logging into your cPanel itself and port 2096 is for logging into your cPanel email. Using these types of links can be very convenient.

https://www.mrsphysics.co.uk:2083

https://www.mrsphysics.co.uk:2096

Thank you for helping me so much! I can't believe you are all helping so much.
Jennie

It's what we do here.

Thanks but I've no idea what my cPanel username or password might be and have no idea how to reset it or find what it is. Someone initially set up the website but he's moved on

URGH! My wonderful support Cal Laird has got to the bottom of it. TSOHOST now charges £20+ pa to host a third party certificate. As my website is in 9 parts then that is going to be 9 lots of £20+ pa.
Time I looked for a new host, any recommendations? I need a huge amount of space. I run this website for free to users for educational purposes.

@Bruce5051 That's why they're asking for recommendations......

All I know is a non-exhaustive list of providers with (or without) good (free) certificate support at Does My Hosting Provider Offer HTTPS? | Certbot

Why would one need to pay for a certificate if one has their own hardware? Usually that's just for shared hosting, as with your own hardware, you have root access and you can do whatever you want.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.