New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Sectigo CA Certificate Expiration
Affecting huge amount of services including cPanel autossl. Even httpupdate.cpanel.net is not working due to the certificate expiration.
cPanel Incident: https://status.cpanel.net/incidents/4k9qp7qcf90n
Sectigo updates: https://sectigo.com/resource-library/sectigos-addtrust-root-is-soon-to-expire-what-you-need-to-know
Edit: Do not try to reissue cpanel account certificates on autossl. cPanel can not deliver new certificate due to outage.
Thanked by 1sibaper
Comments
If you run Debian 9:
dpkg-reconfigure ca-certificates
and uncheck AddTrust External
For some reason, they did keep the old cert, brought up some issues.
@Francisco, is this why I cannot generate certificate on LV Shared 01?
log a ticket and i'll look, but we use LE, not AutoSSL.
Francisco
Already did. It's just a few of providers keep throwing out ssl certificate expired, including my domain registrar and bunnycdn. Can't use their API at the moment.
Looks like it's OK now
Francisco
I never experienced such thing in the past... I had 15 odd Certificates that showed CA Certificates expired which I never ever knew as the SSL certificate itself was active.
A developer called up last night saying he is not able to complete API calls to IAAS app and doing a curl call I discovered the CA Cert had expired. All these were bought from GoGetSSL.
I replaced the CA and all went fine. However, this was a really shocking and embarrassing situation. These were all small apps /sites, glad it did not happen to the big busy ones.
Raised a ticket with GoGetSSL and they apologized and said they sent out mailer on 30th... which seems like I never received at all.