After a recent WHM/cPanel update our Let's Encrypt SSL plugin ( third party custom plugin ) on 01-08-2017 started sending emails to those clients who's SSL certificates were to be renewed that the renewal failed. We found that the email was in fact incorrect as the certificates were in fact inssued and installed.

Furthermore, those trying to issue Let's Encrypt SSL Certificates at the time got an error that the installation failed and error unknown - but in reality the certificate was in fact installed and operational.

Not taking any chances with our clients site security for those employing and depending on the Let's Encrypt SSL Certificate plugin to include ecommerce web sites - we went into full emergency mode and followed our backup plan deploying the cPanel version installing SSL Certificates on ALL web sites that did not have one and any web sites that any SSL Certificate - no matter the provider had expired.

Today ( 01-09-2017 ) we recieved an official email from Let's Encrypt as follows:

"Critical Update: 0.7.9

 

Issue

We have identified an issue with the Let’s Encrypt for cPanel plugin which has resulted in certificate issuing and renewal resulting in "unknown errors".

This is due to a recent change in the way cPanel handles Online Certificate Status Protocol (OCSP) responses from the Let's Encrypt service which can sometimes be delayed immediately after issuance.

A fix is also being deployed by cPanel in v62, tracked by case id CPANEL-10223 https://documentation.cpanel.net/display/CL/62+Change+Log

 

Impact

The impact of this issue is the plugin is sometimes unable to issue new certificates, and sometimes fails to renew existing certificates.
 

Affected Versions

All versions prior to 0.7.9 are affected by this issue.
 

Fix

To fix this issue, you will need to upgrade to at least version 0.7.9 of the plugin.

This process is safe - no user data will be lost, including certificates and keys.

    yum clean all && yum -y install letsencrypt-cpanel

This will prevent the issue from recurring in the future.
"

**************************************************************

By 18:00 hours EEST we had completed updating all the shared servers with the new version and now we will leave both versions working to insure that no site that should have a valid SSL certificate does not have one.

The biggest difference between the two free SSL Certificate issuing plugins is that the cPanel version issues them for all web sites and renews the certificates as needed ( server administrator action ) and the Let's Encrypt version the site owner must manually issue the certificate within the applicable sites cPanel - they also automatically renewed.

Those wanting to manage their own SSL Certificates using Let's Encrypt may still issue them via the applicable web sites cPanel and those that do not want to manage the certificates will be managed by us server administrators.

Sorry for any confusion and inconvenience

AECNU WPMU Hosting Support Team


Monday, January 9, 2017







« Back

Powered by WHMCompleteSolution