Control Web Panel

WebPanel => SSL => Topic started by: Solsku on March 25, 2020, 07:15:43 AM

Title: New SSL configure options
Post by: Solsku on March 25, 2020, 07:15:43 AM
Can someone explain to me how these settings are supposed to work under Auto Renovations and Automatic SSL generation?
(https://i.imgur.com/SpPeLyC.png)
I noticed the new options there yesterday, and I left them as shown in the image, checking the possible options available. Today I noticed that CWP had installed certificates to all domains on my server, even though I had not checked "Enable"-button in Automatic SSL generation.

And what does SAN stand for?
Title: Re: New SSL configure options
Post by: ejsolutions on March 25, 2020, 10:00:05 AM
Another stealth "enhancement", this time with English flaws (renovations?).
@Soisku don't take what the text alongside a button, to mean what you think it means. It may have been lost in translation. ;)
Google is your friend (other search engines exist)..
https://duckduckgo.com/?q=SSL+SAN
Title: Re: New SSL configure options
Post by: Solsku on March 25, 2020, 11:47:37 AM
Looks like SAN was too simple for me to miss. I thought it might have been something CWP specific :P Should I assume that if I have the setting "Not renew SAN" enabled, my www-subdomains wouldn't be included in the next sertificate renewal?

The bigger mystery is why all my domains got certified in the first place when automatic SSL generation wasn't on. I found all of them being installed via acme.sh starting at 00:00 sharp (logged inside acme.sh.log).
Title: Re: New SSL configure options
Post by: Solsku on March 31, 2020, 05:58:55 AM
I have deleted unnecessary certificates from the list, but they keep coming back even though I don't have Automatic SSL generation active. Documentation over this matter is empty https://docs.control-webpanel.com/docs/admin-guide/webservers-settings/ssl-certificates

A few domains renewed their certificates ignoring the set autorenew window, and all of them ignored www-subdomain yet again. I feel kind of lost here.
Title: Re: New SSL configure options
Post by: Solsku on April 01, 2020, 06:54:17 AM
I changed the settings on one server to look like this yesterday:
(https://i.imgur.com/AyV4omc.png)

However, today I saw that the server had still installed new certificates to domains from which I had them previously deleted. I also noticed that root crontab looks like this:
Code: [Select]
37 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh/cwp_certs" > /dev/null
37 01 * * * /usr/local/cwp/php71/bin/php /usr/local/cwpsrv/htdocs/resources/admin/include/cron_autossl_renew_all_domains.php
00 00 * * * /usr/local/cwp/php71/bin/php /usr/local/cwpsrv/htdocs/resources/admin/include/cron_autossl_all_domains.php
00 00 * * * /usr/local/cwp/php71/bin/php /usr/local/cwpsrv/htdocs/resources/admin/include/alertandautorenewssl.php

On another server where I thankfully didn't touch those new SSL Configure options it looks like this:
Code: [Select]
05 01 * * * /usr/local/cwp/php71/bin/php /usr/local/cwpsrv/htdocs/resources/admin/include/alertandautorenewssl.php
05 01 * * * /usr/local/cwp/php71/bin/php /usr/local/cwpsrv/htdocs/resources/admin/include/cron_autossl_renew_all_domains.php
47 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh/cwp_certs" > /dev/null

Am I safe to assume that SSL Configure options are not working as intended?