Auto SSL does not renew for root, Manage AutoSSL blank

Brent Glaser

Member
Feb 20, 2018
10
0
1
Canada
cPanel Access Level
Reseller Owner
Normally the domains have been auto renewing SSL, domain.com and www.domain.com renewed successfully but the server.mydomain.com for root access did not renew. When I log into Cpanel WHM Manage AutoSSL there is just a blank page. Version 70.0.26.
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,261
313
Houston
Hello,


server.mydomain.com sounds like it's the hostname of the server. When you go to WHM>>Service Configuration>>Manage Service SSL certificates do you see a valid certificate installed? If you do not, via CLI can you run the following and provide any errors you receive?

Code:
/usr/local/cpanel/bin/checkallsslcerts --verbose

Thank you,
 

Brent Glaser

Member
Feb 20, 2018
10
0
1
Canada
cPanel Access Level
Reseller Owner
Hello,


server.mydomain.com sounds like it's the hostname of the server. When you go to WHM>>Service Configuration>>Manage Service SSL certificates do you see a valid certificate installed? If you do not, via CLI can you run the following and provide any errors you receive?

Code:
/usr/local/cpanel/bin/checkallsslcerts --verbose

Thank you,

The certificate shows as expired a week ago. CLI gives me a error:
unknown command "/usr/local/cpanel/bin/checkallsslcerts"
 

Brent Glaser

Member
Feb 20, 2018
10
0
1
Canada
cPanel Access Level
Reseller Owner
Sorry was issue on the CLI.

Here is results
login as: root
[email protected]###.net's password:
Last login: Tue Mar 6 06:56:45 2018 from IPREMOVED
[email protected] [~]# /usr/local/cpanel/bin/checkallsslcerts --verbose
The system will check for the certificate for the “cpanel” service.
The system will attempt to replace the self-signed certificate for the “cpanel” service with a signed certificate from the cPanel Store.
The system will attempt to install a certificate for the “cpanel” service from t he system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for th e “cpanel” service.
The system will attempt to install a certificate for the “cpanel” service from t he cPanel store.
[WARN] The system failed to acquire a signed certificate from the cPanel Store b ecause of the following error: (XID nh5rhv) The system queried for a temporary f ile at “http://server.###.net/.well-known/pki-validation/0FEBD4B03994908C60 4CDF2452810441.txt”, but the web server responded with the following error: 404 (Not Found). A DNS (Domain Name System) or web server misconfiguration may exist .
The system will check for the certificate for the “dovecot” service.
The system will attempt to replace the self-signed certificate for the “dovecot” service with a signed certificate from the cPanel Store.
The system will attempt to install a certificate for the “dovecot” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for th e “dovecot” service.
The system will check for the certificate for the “exim” service.
The system will attempt to replace the self-signed certificate for the “exim” se rvice with a signed certificate from the cPanel Store.
The system will attempt to install a certificate for the “exim” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for th e “exim” service.
The system will check for the certificate for the “ftp” service.
The system will attempt to replace the self-signed certificate for the “ftp” ser vice with a signed certificate from the cPanel Store.
The system will attempt to install a certificate for the “ftp” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for th e “ftp” service.
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,261
313
Houston
The error message here:

[WARN] The system failed to acquire a signed certificate from the cPanel Store because of the following error: (XID nh5rhv) The system queried for a temporary file at “http://server.###.net/.well-known/pki-validation/0FEBD4B03994908C60 4CDF2452810441.txt”, but the web server responded with the following error: 404 (Not Found). A DNS (Domain Name System) or web server misconfiguration may exist.
Is the important part. This indicates that there is an issue with the hostname which is preventing the process from being able to retrieve the hash file from the listed URL.

Does the domain point to the server? You can ensure this by running a command like dig on the CLI:

Code:
dig a server.domain.com
Furthermore, if the domain does point to the server successfully do you have any apache includes which have customizations?


Thank you,
 

Brent Glaser

Member
Feb 20, 2018
10
0
1
Canada
cPanel Access Level
Reseller Owner
The error message here:



Is the important part. This indicates that there is an issue with the hostname which is preventing the process from being able to retrieve the hash file from the listed URL.

Does the domain point to the server? You can ensure this by running a command like dig on the CLI:

Code:
dig a server.domain.com
Furthermore, if the domain does point to the server successfully do you have any apache includes which have customizations?


Thank you,

[email protected] [~]# dig a server.example.com

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.5 <<>> a server.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43846
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;server.removed.net. IN A

;; ANSWER SECTION:
server.examlel.com. 4325 IN A IPREMOVED

;; Query time: 38 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mon Apr 16 12:27:59 2018
;; MSG SIZE rcvd: 53

Only started to see any issues when the server CPANEL was updated to latest version, and was also having issues with backups but was able to resolve. If I run the /usr/local/cpanel/bin/autossl_check --all command it checks all my domains as good, including www.example.com but does not check server.example.com
 
Last edited by a moderator:

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,261
313
Houston
***Please note that I removed the actual IP and hostname for the server from the thread.

The AutoSSL process and the Hostname SSL process are different.

Was the IP that was returned the correct IP address for the hostname? If it is correct is that IP by chance assigned to a domain as a dedicated IP address (i.e. not the primary IP of the server)


Thank you,
 

Brent Glaser

Member
Feb 20, 2018
10
0
1
Canada
cPanel Access Level
Reseller Owner
The error message here:



Is the important part. This indicates that there is an issue with the hostname which is preventing the process from being able to retrieve the hash file from the listed URL.

Does the domain point to the server? You can ensure this by running a command like dig on the CLI:

Code:
dig a server.domain.com
Furthermore, if the domain does point to the server successfully do you have any apache includes which have customizations?


Thank you,
Thank you it looks like you are on to something. The main ip was pointing to a domain on the server but other than the server's main ip. I have changed this and will update you shortly.
 

Brent Glaser

Member
Feb 20, 2018
10
0
1
Canada
cPanel Access Level
Reseller Owner
I changed the IP address to point correctly, dns seems to resolve now. Rebooted Server. Still same error
'file not found' when I run the command you specified. AutoSSL update does perform on all users except Root.
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,261
313
Houston
Please feel free to open a ticket using the link in my signature so that we can take a closer look. Once open please reply with the ticket ID so we can update this thread with the outcome.


Thank you,
 

Brent Glaser

Member
Feb 20, 2018
10
0
1
Canada
cPanel Access Level
Reseller Owner
Please feel free to open a ticket using the link in my signature so that we can take a closer look. Once open please reply with the ticket ID so we can update this thread with the outcome.


Thank you,
So I ran update again as you requested, and a different response. It must have taken a few minutes but it looks like it has resolved properly and updated the certificate.
Thank you so much for your help!!