Symptoms

Since switching from Sectigo to LetsEncrypt automatically, some SSLs trigger a notification about expiry when the SSLs haven't reached renewal time. No actions can be taken at the time of the expiry notification.

The SSL certificate for “domain.com” has not been renewed. 
You must take action to secure this site.

 

Description

The AutoSSL provider switched automatically to LetsEncrypt in November, as the Sectigo provider was removed from the product and will soon cease functioning.

Sectigo® AutoSSL provider
  • We will automatically switch Sectigo AutoSSL users to Let’s Encrypt™ in November 2024.
  • The Sectigo AutoSSL provider will not work on any version of cPanel & WHM after December 31, 2024.
 cPanel & WHM version 118 cPanel & WHM version 120

Due to this change, some SSLs installed from Sectigo trigger the expiry notification threshold in LetsEncrypt. It is unclear if this is intentional, as it triggers an email without any action needing to take place. The automated renewal is expected to occur but it hasn't reached the time to renew yet.

We've opened an internal case for our development team to investigate this further. For reference, the case number is CPANEL-46145. Follow this article to receive an email notification when a solution is published in the product. 

 

Workaround

Ignore the notification or disable the expiry notifications in WHM Tweak Settings.

Send notifications when certificates approach expiry.

Default is On, the setting could be toggled Off.