Switching SSL provider from Letsencrypt to Sectigo
Posted by Ilya Vasilenko on 01 October 2021 03:54 PM
|
|
On Sept 30 2021 there was a major issue with LetsEncrypt root certificates affecting a large number of devices for browsing and mail checking. To get around this we recommend switching from LetsEncrypt to Sectigo (cPanel provided certificates). For more information see: https://forums.cpanel.net/threads/cpanel-33077-letsencrypt-transition-to-isrgs-root-important.673981/ If there are issues with Letsencrypt SSL certificates in WHM/cPanel you can switch SSL provider to Sectigo. To do that:
If you watch the AutoSSL process in the Logs section and see something like "provider cannot currently accept incoming requests. The system will try again later" then just wait several minutes and check in AutoSSL queue is filled at "Pending Queue" section. Once domain appear in that queue the certificates for them will be issued within 15 minutes. If at the end of the current log you see two identical lines like below:
It means AutoSSL is stuck. Then you need to push AutoSSL again manually (for all users or for that particular one). Once the new certificate has been issued you should restart HTTP Server (Apache), IMAP Server and Mail Server (Exim) in WHM -> Restart Services However, if previously issued Letsencrypt certificate is still valid AutoSSL may skip it from re-issuing procedure. To enforce AutoSSL to issue SSL certificate from Sectigo provider:
| |
|