SSL certificate has not renewed on Cpanel

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:safetymarineaust.com.au

I ran this command:-

It produced this output:

My web server is (include version):Cpanel 124.0.32

The operating system my web server runs on is (include version):?

My hosting provider, if applicable, is: Digitalhost.com

I can login to a root shell on my machine (yes or no, or I don't know):no

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):Yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Welcome to the Let's Encrypt Community! :slightly_smiling_face:

Any idea how you originally acquired your certificate?

1 Like

we have had the web site for at least10 years this is the first issue like this.

I'm not sure what ACME client software you have been using to acquire your certificates. I would guess AutoSSL, but I'm seeing wildcards in your certificate history, so maybe not. :thinking:

Test:

History:

1 Like

Thank you for your help but where does that leave us with a solution?

Given the limited information provided (domain name, hosting provider, and presumably shared-hosting using cPanel), my initial recommendation would be to check with your hosting provider to see if anything has changed in their offerings or your server configuration that would prevent renewal of your certificate(s). Without an indication of which ACME client software you are using to acquire your certificates and some type of logs/feedback from said software about what's happening, we're rather operating in the dark here. :man_shrugging:

3 Likes

My Server provider was my first port of call and their response was that I am using a free SSL and offered to upgrade to a paid service. So what should I ask them?

Based upon the certificate history I see using the link I provided above (and the more thorough history I've linked in this post below), it looks like the approach taken in acquiring your certificates likely changed in July of 2024. It had been renewing consistently (likely automatically) every 60 days since then, which is the recommended time, until it didn't renew in March of 2025. Given that these have been wildcard certificates (cover *.safetymarineaust.com.au as a SAN/hostname), a DNS-01 challenge would have been required to acquire the certificates. Have you changed your DNS service provider (for example, your domain name registrar) sometime this year?

2 Likes

I see a new certificate issued in your history from ten minutes ago.

:partying_face:

It's not a wildcard certificate, but it will likely work for what you need.

2 Likes

While your certificate appears to be installed properly:

safetymarineaust.com.au:

www.safetymarineaust.com.au:

Your redirects don't appear to be correct. All your URLS appear to redirect to http://www.safetymarineaust.com.au/home/ regardless of starting with HTTP or HTTPS.

For example, this isn't good:

https://safetymarineaust.com.au
301 Moved Permanently
http://www.safetymarineaust.com.au/home/
200 OK

These are examples of proper redirect chains, which aren't happening right now:

http://safetymarineaust.com.au
301 Moved Permanently
https://safetymarineaust.com.au
301 Moved Permanently
https://www.safetymarineaust.com.au/home/
200 OK
http://www.safetymarineaust.com.au
301 Moved Permanently
https://www.safetymarineaust.com.au
301 Moved Permanently
https://www.safetymarineaust.com.au/home/
200 OK
2 Likes

Thank you for all your help Griffin.

I gave my server provider a rev up so all is good there on the on theSSL now.

I checked on the redirects and changed those to HTTPS. Thanks for the heads up on that.

2 Likes

Happy to help. :slightly_smiling_face:

Things are better. Not perfect, but better at least.

You should probably decide if you want to use the apex domain name (no subdomain) or the www subdomain to serve your content.

In essence, this (current):

http://www.safetymarineaust.com.au
301 Moved Permanently
https://safetymarineaust.com.au/
200 OK

should either be this (uses apex):

http://www.safetymarineaust.com.au
301 Moved Permanently
https://www.safetymarineaust.com.au
301 Moved Permanently
https://safetymarineaust.com.au
200 OK

or this (uses www):

http://www.safetymarineaust.com.au
301 Moved Permanently
https://www.safetymarineaust.com.au
200 OK

while this (current):

http://safetymarineaust.com.au
301 Moved Permanently
https://safetymarineaust.com.au/
200 OK

should either be this (uses apex):

http://safetymarineaust.com.au
301 Moved Permanently
https://safetymarineaust.com.au
200 OK

or this (uses www):

http://safetymarineaust.com.au
301 Moved Permanently
https://safetymarineaust.com.au
301 Moved Permanently
https://www.safetymarineaust.com.au
200 OK

You are currently preferring to use the apex domain name, but your redirect chains are incomplete.

1 Like