SSL wildcard or with subdomains gets replaced by simple SSL

Z

Zhenmue

Verified User
Joined
Sep 2, 2021
Messages
92
Well, we are having this issue with all our DA Servers, with different clients (not so many, but there are).

Client requests a Wildcard SSL, OK, notification message success, OK.
some days later, SSL gets replaced with simple SSL that covers just the basics, leaving subdomains without SSL, and NO notification message.
Clients have to request again the SSL, usually more than one time.
same process, loosing his SSL, reaching LE Limit of requests, client angry.
Many times it also says success, but it does NOT replace the basic SSL, so you waste one attempt of request an SSL

Client requests a SSL manually selecting all his subdomains, OK, notification message success, OK.
some days later, SSL gets replaced with simple SSL that covers just the basics, leaving subdomains without SSL, and NO notification message.
Clients have to request again the SSL, usually more than one time.
same process, loosing his SSL, reaching LE Limit of requests, client angry.
Many times it also says success, but it does NOT replace the basic SSL, so you waste one attempt of request an SSL

Same with ZeroSSL, gets replaced with a simple-basic SSL not covering subdomains.

This have been going on for at least 2 months, with 2-3 Support tickets to DA, and their reply times are slow, and the support is NOT helpful. i mean i can explain everything, and they will just ask if the domain is using the DNS of the server, or just do 1 check and see the SSL is working (Ofcourse, i told them it is).

It has been like hitting a wall, trying to get support trough Ticket, and they are asking server access for the second time, wich i'm not providing, i have asked many times, ways/logs to check because these many incidents are not registered on the notification/message, and we need to find why and when these SSL are being replaced.

So, anyone have found this?, i have seen it with a few clients who have many subdomains.
Wildcard or manually selecting all subdomains
Letsencrypt ot ZeroSSL


it's been frustrating.
 
we have to make many attempts to get the basic SSL replaced.
we choose Wildcard ZeroSSL, and get a message/notification of "letsencrypt failed request" of 200 attempts.
 
2 months on the forum with no replies.

DirectAdmin support tickets are useless, staff is not reading the content of the ticket, and taking too much time to reply.

We are still facing issues, and clients are demanding going back to Cpanel, and we are moving them back, since we can't have bad reputation because of the buggy directadmin software for SSL managment.

We have requested several times help on directadmin tickets, the configuration of Admin SSL dissapears, all options are unmarked (after we have configure them).

And support Staff "Roman" just replies, that we need to check/mark the options.

I mean, OMG. that's the problem, we do that, and that is not saved, and if saved, is reverted back after a while.

i can't believe i'm the only one.
 
Zhenmue said:
i can't believe i'm the only one.
Click to expand...
Seems you are for some reason. There are lots of people using either ZeroSSL or LE without any issues.
I dont know if you're issue is caused by the change to ZeroSSL. Maybe at the time of change the was some bug, causing this, one never knows.

Zhenmue said:
It has been like hitting a wall, trying to get support trough Ticket, and they are asking server access for the second time, wich i'm not providing,
Click to expand...
So I can understand that you can't get any support. Without being able to look what's going on, it's almost impossible to give a solution or to see if it's a bug or something else causing this.
Even with cPanel the sometimes the guys need server access, especially when odd things are happening.

Indeed 2 months without reply, meaning that we don't know what is going on otherwise somebody would have replied to it. And there is too little information.
With your text and no further information, we are not able to help you in any way, it's too little to go on.

Zhenmue said:
DirectAdmin support tickets are useless
Click to expand...
Without access to the server it's undoable in this cause to find the cause. And you say it's buggy DA, but if that would be the case, there would be a lot of others.
Don't blaim support if you're not willing to provide server access.
Next to that, be glad they even reply to your tickets, while you don't have ticket support with a legacy license.

And don't expect answers on the forum, when too little information is provided to do any kind of investigation.

Maybe sound a bit hard, it's not intended to insult you or someting, just explaining why your post is not answers and why DA can't help you either in this case.
 
Richard G said:
Don't blaim support if you're not willing to provide server access.
.
Click to expand...

Sorry, maybe i wasn't very clear, that was the case on just 1 of our tickets, where the person providing support proved that he didn't read the ticket or even cared about the issue, so we wouldn't provide him access for a second time. We don't have any issue on providing support to our vendors, software providers, etc, but only to competent people.

After that, another staff took the ticket, and we provided access. On the other tickets, we have provided access too.

i mean, if we explain the issue, as good as we can, no english native speakers here, so it's some effort to explain all details, we do our best. So, if we explain: "we had a wildcard SSL, and with no client or our intervention, the SSL got replaced with a basic ssl that just covers the basics subdomains, we need to know why, and stop that, that is happening to a few clients", and we get a reply like "you have an ssl active".... then you just get mad, because we have to wait a lot for a reply, and the reply, didn't ask for any other information, nor provided any extra info about the issue.. it kind of confirms what we just said.

anyway, this thread was to check if anyone else is facing this issue. And indeed, it seems only we hit the jackpot.

Luckly, today they did confirm an issue, but is supposed to be a display issue only, that shouldn't affect the SSL renewals, wich i think the opposite. but will have to wait for a new reply from support.
 
Zhenmue said:
i mean, if we explain the issue, as good as we can, no english native speakers here, so it's some effort to explain all details, we do our best.
Click to expand...
I'm not native English either. But as far as i'm concerned, your English is very good and you did explain what is going on very clearly. So I don't think that is a part you need to worry about.

Sorry if I misunderstood you about the server access.

As always I would love to help, but unfortunately (also reason of no reply of my side), I have no clue as to how it's possible that an existing ssl certificate gets replaced by some other one.
Personally I always check on the https://crt.sh site what's going on if I get a notice from some ssl domain. As my collegue is also admin and often just doesn't remove domains or accounts which don't exist anymore. Hence SSL error on renew, but that is logically.

However, replacement is another issue.

I know Roman of support, he's also non-English, but even he should understand that existing wildcard certificates getting replaced by basic no-wildcard www/domain certificates without a known cause, is some special issue.

Only thing I can do is advise to put everything onto 1 provider, since it doesn't make difference if you use LE or ZeroSSL if I understood you correctly.
Then better put everything on LE and start see if you can fix things from there.
I'm very very curious as what can be causing this.
 
Zhenmue said:
we have to make many attempts to get the basic SSL replaced.
we choose Wildcard ZeroSSL, and get a message/notification of "letsencrypt failed request" of 200 attempts.
Click to expand...
I am experiencing the same issue on one of the servers. Did you manage to fix this issue? If yes, please share the fix.
 
samsda said:
I am experiencing the same issue on one of the servers. Did you manage to fix this issue? If yes, please share the fix.
Click to expand...
had a few tickets with DirectAdmin support on this, and at the end, trough the SSL Configuration recommendations made by them (from what i remember) this stopped happening or at least a lot less frequent.

i'm pretty sure it was related to reduce the amount of retries when for some reason an SSL failed

https://imgur.com/a/uXZ5ffP
 
You must log in or register to reply here.
Back
Top