Author Topic: Why is autoSSL so flakey?  (Read 6496 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
Why is autoSSL so flakey?
« on: March 31, 2020, 11:22:04 PM »
I'm having lots of problems with autoSSL
- can't add a www.DOMAIN to a certificate after creating certificate without it
- errors like "2020-03-31 06:03:12 DNS Redirection problem for DOMAIN with www and without it" when I try to renew
(there is no apparent problem in DNS. The www.DOMAIN is a CNAME for DOMAIN which points to the server address)

I can't find the configuration files for autoSSL to figure out what is going on. It seems to use LetsEncrypt under the covers but the files are not in /etc/letsencrypt.

This seems much more complex than just using LetsEncrypt directly, and having one certificate which includes all host names but the complexity of the way CWP sets up vhosts seems to make this hard. Is something broken on my system or is it autoSSL? Should I just turn off autoSSL altogether and try to use LetsEncrypt directly?

Re: Why is autoSSL so flakey?
« Reply #1 on: March 31, 2020, 11:31:22 PM »
Two threads about the same thing?  ::)

Plus this one:
http://forum.centos-webpanel.com/index.php?topic=8544
« Last Edit: March 31, 2020, 11:33:33 PM by ejsolutions »

Offline
*
Re: Why is autoSSL so flakey?
« Reply #2 on: March 31, 2020, 11:59:21 PM »
I figured out the first order issue. Documenting it here in case it's useful to someone else.

Apparently autoSSL requires that both DOMAIN and www.DOMAIN be A records. If www.DOMAIN is a CNAME pointing to DOMAIN then autoSSL will fail with a variety of unhelpful error messages.

Still wondering where the autoSSL configuration files are, and why it just doesn't use standard LetsEncrypt configuration.

Re: Why is autoSSL so flakey?
« Reply #3 on: April 01, 2020, 12:29:56 AM »
Useful information for those who still use a www subdomain.

Offline
*
Re: Why is autoSSL so flakey?
« Reply #4 on: April 01, 2020, 06:57:33 AM »
Apparently autoSSL requires that both DOMAIN and www.DOMAIN be A records. If www.DOMAIN is a CNAME pointing to DOMAIN then autoSSL will fail with a variety of unhelpful error messages.

Can someone from the development team confirm this?

I can install certificates just fine with www-subdomain, they just get excluded from the certificate in the renew process.

Offline
*****
Re: Why is autoSSL so flakey?
« Reply #5 on: April 01, 2020, 08:40:06 AM »
strange will check it