AutoSSL bug - static date of operations

[ntfs1984]

Hello, team.
I have a strange bug with AutoSSL: it always trying to run with some incorrect date, and as result - not working.
Part of log:

[B]Log for the AutoSSL run for “bounceless”: Tuesday, October 26, 2021 8:44:52 AM GMT+0300 (Let’s Encrypt™)[/B]
8:44:52 AM AutoSSL’s configured provider is “Let’s Encrypt™”.
Analyzing “bounceless”’s domains …
8:44:52 AM Analyzing “app.bounceless.io” (website) …
8:44:52 AM ERROR TLS Status: Defective
ERROR Certificate expiry: 3/19/17, 12:00 AM UTC (1,682.24 days ago)
ERROR Defect: OPENSSL_VERIFY: The certificate chain failed OpenSSL’s verification (0:10:CERT_HAS_EXPIRED).
ERROR Defect: OPENSSL_VERIFY: The certificate chain failed OpenSSL’s verification (1:10:CERT_HAS_EXPIRED).
ERROR Defect: OPENSSL_VERIFY: The certificate chain failed OpenSSL’s verification (2:10:CERT_HAS_EXPIRED).
ERROR Defect: OPENSSL_VERIFY: The certificate chain failed OpenSSL’s verification (3:10:CERT_HAS_EXPIRED).


The problem is: today is November 29, 2022, not October 26, 2021.

But this date (October 26, 2021 8:44) is always here, even if I'm running AutoSSL hour later.

In /var/cpanel/logs/autossl, I have log entries, called by incorrect date in names, but on a fact with correct access date, please refer to screenshot.
Also, on screenshot you can see that real period between operations is 3 minutes and 20 minutes, but according to directory names, operations were started within 1 sec period:

[root@srv autossl]# ls -lah
total 20K
drwx------ 5 root root 4.0K Nov 29 01:48 .
drwx------ 3 root root 4.0K Nov 29 00:58 ..
drwx------ 2 root root 4.0K Nov 29 01:24 2021-10-26T05:44:52Z
drwx------ 2 root root 4.0K Nov 29 01:27 2021-10-26T05:44:53Z
drwx------ 2 root root 4.0K Nov 29 01:48 2021-10-26T05:44:54Z
[root@srv autossl]# date
Tue Nov 29 01:48:53 EET 2022
[root@srv autossl]#

This issue is not depends on AutoSSL provider, it looks as bug of AutoSSL core.
This issue is affected to all usernames.
Server updated, rebooted, cache cleaned, etc.

Please assist.

 

[ntfs1984]

After Cpanel update, I have the same situation, but static date is now another. Part of log:

Creating certificate order …
Installing “playbook.bounceless.io”’s new certificate …
10:04:15 PM ERROR (XID qbbcqz) The system failed to install an SSL certificate onto the website “playbook.bounceless.io” because of the following error: Certificate verification failed! An SSL/TLS certificate failed verification because the system’s time is Nov 14, 2022, 8:04:15 PM, and the certificate is not valid until Nov 29, 2022, 2:47:56 PM. The certificate is otherwise valid. The system’s time may be incorrect. Try either the “rdate -s rdate.cpanel.net” or “ntpclient -s -h pool.ntp.org” command to fix this problem. CERT_NOT_YET_VALID

But system's time IS NOT Nov 14, 2022. WHM shows this:

Current Time​
Tue Nov 29 18:01:01 EET 2022 How is that possible, that all services are getting correct date, but AutoSSL is getting wrong date ?​

 

[cPanelWilliam]

Hello! Have you already tried synchronizing the server clock via WHM to see if this corrects the time discrepancy with AutoSSL? We have an article I'll include below that should help with this:

How to Synchronize the Server Clock

If your server runs in a Virtuozzo environment, then additional steps would need to be taken on the host node to adjust the clock. If this doesn't help to clear up the issue, I would recommend submitting a ticket so our team can take a closer look.

 

[gabk]

Hi,
were you ever able to resolve this issue ?
i have the exact same problem --- and couldn't find any solution till now.

 

[cPRex]

@gabk - I don't see that there was a resolution to this. Have you tried that synchronization link that was posted? Can you confirm the "date" command on the server is correct? If this is a VPS machine, you may need to speak with the host to ensure the time is synced properly at the parent level.

 

[gabk]

Date is correct.
But every time i try to renew the certificate, the error i receive always has a fixed date of oct 3,2023 11:42:34pm ... I. Not sure where it is getting this value frm.



Certificate verification failed! An SSL/TLS certificate failed verification because the system’s time is Oct 3, 2023, 11:42:34 PM, and the certificate is not valid until Oct 13, 2023, 11:02:35 AM. The certificate is otherwise valid. The system’s time may be incorrect. Try either the “rdate -s rdate.cpanel.net” or “ntpclient -s -h pool.ntp.org” command to fix this problem. CERT_NOT_YET_VALID

Service certificate was not renewed.

 

[cPRex]

And I'm guessing neither of those commands resolved the issue either?

 

[gabk]

Right

 

[cPRex]

Could you submit a ticket to our team so we can take a look?

 

[ntfs1984]

Hello.
Got this error again, but on another server.

The problem is: I can't find a way, how some Cpanel module(s) are retrieving date. Please refer on screenshot:


[2023-11-20 18:39:39 +0200]: “/usr/local/cpanel/scripts/restartsrv_apache_php_fpm --gra
[2022-04-09 04:08:50 +0300] info [cpsrvd] version 11.102.0.10 online
[2023-11-20 18:51:00 +0200] warn [queueprocd] Failed to fetch cPStore products li


[root@ec22022 logs]# timedatectl
Local time: Tue 2023-11-21 00:51:29 EET
Universal time: Mon 2023-11-20 22:51:29 UTC
RTC time: Mon 2023-11-20 22:48:36
Time zone: Europe/Kiev (EET, +0200)
NTP enabled: yes
NTP synchronized: yes
RTC in local TZ: no
DST active: no
Last DST change: DST ended at
Sun 2023-10-29 03:59:59 EEST
Sun 2023-10-29 03:00:00 EET
Next DST change: DST begins (the clock jumps one hour forward) at
Sun 2024-03-31 02:59:59 EET
Sun 2024-03-31 04:00:00 EEST
[root@ec22022 logs]#


I can assume that problem could be with system date. But not when 90% of logs have correct date, 10% not correct.

Date is FIXED, so it not just "-10 hours" or "+10 days" from current. It's static.

 

[cPRex]

@ntfs1984 - since this has been going on for some time, it would be best to create a ticket with our team so we can take a look and get this fixed once and for all.