Why do you need ssl for a parked domain? Do you know for sure that you wouldn't get any hits if they are just http? What sort of content does it have that you are getting revenue from it?

I have a series of domains parked on top of my main account, then in PHP I check to see what domain they're viewing and then show content specific for that domain.

Adsense shows how much is generated for each domain, so I can see how much I'm losing from it.

These have been fine under HTTPS ever since Google "recommended" that we all change everything over, it's only in the last couple weeks that the AutoSSL in cPanel went wonky.

i would open a web hosting support ticket.

I did, but it's Softlayer... they used to rock, but now it's a joke. I'll probably get a reply sometime tomorrow with a copy-and-paste canned response that does no good; I'll reply, and then get another canned reply on Friday.

I tried to post on the cPanel support forum last night, but their forum is "down for maintenance". So I'm more or less stranded without any help.

How much time passed between the two changes? Could this be a matter of "wait and see"? (or wait and expire, or wait and see what the heck is happening when a site changes certificates that "quick"?)

Sometimes we move too fast --- and it takes time (months even) for things to get back to normal.

Never been in this myself, but isn't there a way to RESCIND a cert from your end? I don't mean from cpanel, I mean directly as the holder of the cert? If all of that is done by your host, you will have to use the host to resolve it. In future, pay the freight for your own cert in future (ie, not free).

How much time passed between the two changes? Could this be a matter of "wait and see"? (or wait and expire, or wait and see what the heck is happening when a site changes certificates that "quick"?)

I discovered the problem on 7/28, and changed the certificate provider early on 7/29. I ran the AutoSSL script so it SHOULD have worked immediately, but even if not then AutoSSL with cPanel runs every 24 hours. So, in theory, it's never supposed to be more than 24 hours.

I see in the log that it ran without errors, though, so I don't know what's up. And I honestly can't afford to wait and see... it's not only the daily money being lost, but any of my users that came daily are going to quickly forget and move on to somewhere else! So this has potential long term fallout :-(

Never been in this myself, but isn't there a way to RESCIND a cert from your end? I don't mean from cpanel, I mean directly as the holder of the cert?

Not that I've been able to find. You would THINK there would be, but I can't find it... I was kinda hoping someone here could tell me how! LOL

If all of that is done by your host, you will have to use the host to resolve it.

It's all supposed to be automated with cPanel, and this is my first time dealing with any bugs from it. I submitted a ticket with Softlayer, but SURPRISE! No reply yet... :'-(

In future, pay the freight for your own cert in future (ie, not free).

If only it were that simple! Revenue is seriously less than 1/4 of what it was 2 years ago, even though traffic is booming. RapidSSL is the cheapest provider I know at $15.95 /each, but that's $1,000 /year I just don't have to spend on something that supposedly helps with Google in some unknown way and might make things marginally faster... ?

You do not mention whether you have checked that the common name matches the hostname.

I assume the problem is revoking through cPanel, because revoking with certbot is documented?

I have no clue what either of those sentences mean, @graeme_p! LOL

I didn't change anything on my end other than switching from Sectigo to Let's Encrypt and then back again, so I don't know why any of the names wouldn't match. How do I find out?

I don't know what "certbot" is, but I haven't found a way to revoke and reissue the certs through cPanel.

If you look at the certificate details you should see a field called "common name". This should match your domain name.

certbot is Letsecrypts own software for getting certificates. I have only used it on VPSs running a single site and I imagine using it for a large number of domains might be a pain. I do have to do something similar soon (lots of domains in cPanel) but in that case we only really need the certificates on a few of the domains.

Let's Encrypt would only issue certs for 100 domains per account

I've never come across this issue (although I have fewer than 100 certs)- the only thing I found was a limit of 100 names per certificate. It seems like there is some setting that you have that is specifying separate certificates for each sub-domain (like mail.example.com). Maybe the setting is trying to include all the domains on the same certificate?

I do everything directly on my servers, so I don't know about cPanel configurations. In my case, I explicitly specify the domain names of the certs to renew. (Or rather, the renew command automatically checks what's up for renewal). Also in my case, each domain/sub-domain has its own cert.

I wanted to let you guys and gals know that I've gotten it resolved, and I wanted to post some details for future readers.

First off, Softlayer was NO help. I submitted a ticket for assistance at 9:37pm on 7/31/19, but have not yet had a reply. They used to be great when they were The Planet, and were OK after Softlayer took over. Now IBM has taken over, and their support is worthless.

But I digress.

Last night, in WHM I went to Manage SSL Hosts and deleted the host account that's giving me trouble. This deleted the certificates for all of my parked domains. Then I went to Manage AutoSSL > Manage Users, found the account name, and clicked "Check [example]".

The system ran for a minute before giving the following message:

Checking websites for “example” …
4:02:09 AM Analyzing “example.com” …
4:02:09 AM ERROR TLS Status: Defective
ERROR Defect: NO_SSL: No SSL certificate is installed.

But then at the end it gave:

The provider “cPanel (powered by Sectigo)”’s AutoSSL queue already contains a certificate request for “example”’s website “example.com”. The request’s start time is Jul 29, 2019, 9:09:45 PM UTC, and its last poll time is Aug 2, 2019, 9:02:03 PM UTC.
3:18:54 AM The system has completed the AutoSSL check for “example”.

So for whatever reason, the system thought that the certificate existed, when it did not! I waited for about 2 hours, and there were no further updates and the certificate wasn't working.

Then I noticed that when I viewed one of my sites and got a certificate error, it said that a certificate existed but that it was for another account on my server. That's when I saw that Manage SSL Hosts had listed that account as "Primary" (presumably because, alphabetically, it was the first on the list of accounts).

So I then deleted THAT host, too, and then went back to Manage Users and clicked for it to check both accounts; the one I've been working with all along, and the one that had formerly been listed as the Primary.

Within a few minutes, the log file showed that a new certificate was being installed for both accounts. And within about 10 minutes, all of my accounts were working perfectly again :-D

So I THINK that the key notes here were:

- Go to Manage SSL Hosts and delete the host

- Go to Manage AutoSSL > Manage Users and click "Check [account name]" to get it to reinstall. If it's going to work then it should be reinstalled within 5-10 minutes, max

- If the system thinks that another account's certificate matches the one you deleted and isn't installing the new one, then deleting that host and clicking to reinstall it MAY help. At least, it worked for me.

@csdude55 ... Thanks for the update! Too frequently folks forget to share any resolutions on the forum. Appreciate the report!

You have no idea how many times this forum has saved my butt! LOL We all have a responsibility to help one another out when we can. 10 minutes to post that before I went to bed might save someone else several hours, even DAYS of work in the future... trust me, I know!