Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Sectigo CA Certificate Expiration
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Sectigo CA Certificate Expiration

0x650x65 Member
edited May 2020 in Outages

Affecting huge amount of services including cPanel autossl. Even httpupdate.cpanel.net is not working due to the certificate expiration.

cPanel Incident: https://status.cpanel.net/incidents/4k9qp7qcf90n

Sectigo updates: https://sectigo.com/resource-library/sectigos-addtrust-root-is-soon-to-expire-what-you-need-to-know

https://support.sectigo.com/articles/Knowledge/Sectigo-AddTrust-External-CA-Root-Expiring-May-30-2020

Edit: Do not try to reissue cpanel account certificates on autossl. cPanel can not deliver new certificate due to outage.

Thanked by 1sibaper

Comments

  • NeoonNeoon Community Contributor, Veteran

    If you run Debian 9:

    dpkg-reconfigure ca-certificates
    and uncheck AddTrust External

    For some reason, they did keep the old cert, brought up some issues.

  • @Francisco, is this why I cannot generate certificate on LV Shared 01?

  • FranciscoFrancisco Top Host, Host Rep, Veteran

    @yokowasis said:
    @Francisco, is this why I cannot generate certificate on LV Shared 01?

    log a ticket and i'll look, but we use LE, not AutoSSL.

    Francisco

  • @Francisco said:

    @yokowasis said:
    @Francisco, is this why I cannot generate certificate on LV Shared 01?

    log a ticket and i'll look, but we use LE, not AutoSSL.

    Francisco

    Already did. It's just a few of providers keep throwing out ssl certificate expired, including my domain registrar and bunnycdn. Can't use their API at the moment.

  • FranciscoFrancisco Top Host, Host Rep, Veteran

    yokowasis said: Already did. It's just a few of providers keep throwing out ssl certificate expired, including my domain registrar and bunnycdn. Can't use their API at the moment.

    Looks like it's OK now :)

    Francisco

  • I never experienced such thing in the past... I had 15 odd Certificates that showed CA Certificates expired which I never ever knew as the SSL certificate itself was active.

    A developer called up last night saying he is not able to complete API calls to IAAS app and doing a curl call I discovered the CA Cert had expired. All these were bought from GoGetSSL.

    I replaced the CA and all went fine. However, this was a really shocking and embarrassing situation. These were all small apps /sites, glad it did not happen to the big busy ones.

    Raised a ticket with GoGetSSL and they apologized and said they sent out mailer on 30th... which seems like I never received at all.

Sign In or Register to comment.