starred/AutoACME

Fork 0

mirror of https://github.com/ridercz/AutoACME.git synced 2026-04-25 15:15:53 +03:00

[GH-ISSUE #58] CCS stop working for no visible reason #42

New issue

Closed

opened 2026-02-26 21:31:27 +03:00 by kerem · 4 comments

kerem commented

2026-02-26 21:31:27 +03:00

Owner

Originally created by @leedavi on GitHub (Jul 5, 2024).
Original GitHub issue: https://github.com/ridercz/AutoACME/issues/58

I'm using AutoAcme and it works great. But, I do have an issue with the CCS. I've looked everywhere for a solution and maybe this is nothing to do with AutoAcme. (In fact probably not).

I've posted here is the hope other people know or have had this problem.

The Problem!

Everything is working, then for no reason the SSL cert stops working, I assume it's lost the binding to the CCS?
I have SNI on, I turn off the SNI. Then turn it back on.
Everything starts to work again?

Does anyone have any idea why? What should I be looking for?

Thank you for any help you can offer.

Originally created by @leedavi on GitHub (Jul 5, 2024). Original GitHub issue: https://github.com/ridercz/AutoACME/issues/58 I'm using AutoAcme and it works great. But, I do have an issue with the CCS. I've looked everywhere for a solution and maybe this is nothing to do with AutoAcme. (In fact probably not). I've posted here is the hope other people know or have had this problem. The Problem! - Everything is working, then for no reason the SSL cert stops working, I assume it's lost the binding to the CCS? - I have SNI on, I turn off the SNI. Then turn it back on. - Everything starts to work again? Does anyone have any idea why? What should I be looking for? Thank you for any help you can offer.

kerem closed this issue

2026-02-26 21:31:27 +03:00

kerem commented

2026-02-26 21:31:28 +03:00

Author

Owner

@webprofusion-chrisc commented on GitHub (Jul 5, 2024):

Set SNI on, set the hostname field and set IP address to All Unassigned. If you don't set SNI (with a hostname) or set a specific IP address you steal the binding from all other sites because it gets priority.

Really only one cert can be bound on port 443 per IP address, but SNI + All Unassigned IP creates a virtual binding to let the OS decide how to map the cert. So anything you do that disables SNI or creates a more specific IP binding will upset all other bindings served from the same IP address.

@webprofusion-chrisc commented on GitHub (Jul 5, 2024): Set SNI on, set the hostname field and set IP address to All Unassigned. If you don't set SNI (with a hostname) or set a specific IP address you steal the binding from all other sites because it gets priority. Really only one cert can be bound on port 443 per IP address, but SNI + All Unassigned IP creates a virtual binding to let the OS decide how to map the cert. So anything you do that disables SNI or creates a more specific IP binding will upset all other bindings served from the same IP address.

kerem commented

2026-02-26 21:31:28 +03:00

Author

Owner

@leedavi commented on GitHub (Jul 5, 2024):

Thank you for your answer Christopher. I am setting the SNI and host name, but thank you for confirming.

I have dug a little deeper and I have noticed that the SSL is not working for existing websites if a website has been deleted on the VPS. This is a development system and the deletion is automatic in our inhouse application. So not through the IIS interface, my thought is that something is breaking the binding between the website binding and the CCS.

I am going to try and remove the binding before deletion using the Autoacme "delhost" option.

Do you have any other ideas?

@leedavi commented on GitHub (Jul 5, 2024): Thank you for your answer Christopher. I am setting the SNI and host name, but thank you for confirming. I have dug a little deeper and I have noticed that the SSL is not working for existing websites if a website has been deleted on the VPS. This is a development system and the deletion is automatic in our inhouse application. So not through the IIS interface, my thought is that something is breaking the binding between the website binding and the CCS. I am going to try and remove the binding before deletion using the Autoacme "delhost" option. Do you have any other ideas?

kerem commented

2026-02-26 21:31:28 +03:00

Author

Owner

@leedavi commented on GitHub (Jul 5, 2024):

OK, the only way I can find to get it working after a website delete is to turn off and on the SNI. For my purpose this is OK.

I will close this task because I don't think it's related to AutoAcme.

@leedavi commented on GitHub (Jul 5, 2024): OK, the only way I can find to get it working after a website delete is to turn off and on the SNI. For my purpose this is OK. I will close this task because I don't think it's related to AutoAcme.

kerem commented

2026-02-26 21:31:29 +03:00

Author

Owner

@avonwyss commented on GitHub (Jul 5, 2024):

AutoACME does not control the CCS, so you are right to close the issue.

That being said, deleting the HTTPS binding before deleting the site may solve your issue (haven't tried it though).

@avonwyss commented on GitHub (Jul 5, 2024): AutoACME does not control the CCS, so you are right to close the issue. That being said, deleting the HTTPS binding before deleting the site may solve your issue (haven't tried it though).

No labels

pull-request

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/AutoACME#42

No description provided.

Rows
Columns