Normally the domains have been auto renewing SSL, domain.com and www.domain.com renewed successfully but the server.mydomain.com for root access did not renew. When I log into Cpanel WHM Manage AutoSSL there is just a blank page. Version 70.0.26.
Hello,
server.mydomain.com sounds like it's the hostname of the server. When you go to WHM>>Service Configuration>>Manage Service SSL certificates do you see a valid certificate installed? If you do not, via CLI can you run the following and provide any errors you receive?
Thank you,
server.mydomain.com sounds like it's the hostname of the server. When you go to WHM>>Service Configuration>>Manage Service SSL certificates do you see a valid certificate installed? If you do not, via CLI can you run the following and provide any errors you receive?
Code:
/usr/local/cpanel/bin/checkallsslcerts --verboseThank you,
The certificate shows as expired a week ago. CLI gives me a error:
unknown command "/usr/local/cpanel/bin/checkallsslcerts"
When running /usr/local/cpanel/bin/checkallsslcerts Are you doing so as the root user or another user? This needs to be run as root.
Thank you,
Thank you,
Sorry was issue on the CLI.
Here is results
login as: root
root@server.###.net's password:
Last login: Tue Mar 6 06:56:45 2018 from IPREMOVED
root@server [~]# /usr/local/cpanel/bin/checkallsslcerts --verbose
The system will check for the certificate for the “cpanel” service.
The system will attempt to replace the self-signed certificate for the “cpanel” service with a signed certificate from the cPanel Store.
The system will attempt to install a certificate for the “cpanel” service from t he system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for th e “cpanel” service.
The system will attempt to install a certificate for the “cpanel” service from t he cPanel store.
[WARN] The system failed to acquire a signed certificate from the cPanel Store b ecause of the following error: (XID nh5rhv) The system queried for a temporary f ile at “http://server.###.net/.well-known/pki-validation/0FEBD4B03994908C60 4CDF2452810441.txt”, but the web server responded with the following error: 404 (Not Found). A DNS (Domain Name System) or web server misconfiguration may exist .
The system will check for the certificate for the “dovecot” service.
The system will attempt to replace the self-signed certificate for the “dovecot” service with a signed certificate from the cPanel Store.
The system will attempt to install a certificate for the “dovecot” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for th e “dovecot” service.
The system will check for the certificate for the “exim” service.
The system will attempt to replace the self-signed certificate for the “exim” se rvice with a signed certificate from the cPanel Store.
The system will attempt to install a certificate for the “exim” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for th e “exim” service.
The system will check for the certificate for the “ftp” service.
The system will attempt to replace the self-signed certificate for the “ftp” ser vice with a signed certificate from the cPanel Store.
The system will attempt to install a certificate for the “ftp” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for th e “ftp” service.
Here is results
login as: root
root@server.###.net's password:
Last login: Tue Mar 6 06:56:45 2018 from IPREMOVED
root@server [~]# /usr/local/cpanel/bin/checkallsslcerts --verbose
The system will check for the certificate for the “cpanel” service.
The system will attempt to replace the self-signed certificate for the “cpanel” service with a signed certificate from the cPanel Store.
The system will attempt to install a certificate for the “cpanel” service from t he system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for th e “cpanel” service.
The system will attempt to install a certificate for the “cpanel” service from t he cPanel store.
[WARN] The system failed to acquire a signed certificate from the cPanel Store b ecause of the following error: (XID nh5rhv) The system queried for a temporary f ile at “http://server.###.net/.well-known/pki-validation/0FEBD4B03994908C60 4CDF2452810441.txt”, but the web server responded with the following error: 404 (Not Found). A DNS (Domain Name System) or web server misconfiguration may exist .
The system will check for the certificate for the “dovecot” service.
The system will attempt to replace the self-signed certificate for the “dovecot” service with a signed certificate from the cPanel Store.
The system will attempt to install a certificate for the “dovecot” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for th e “dovecot” service.
The system will check for the certificate for the “exim” service.
The system will attempt to replace the self-signed certificate for the “exim” se rvice with a signed certificate from the cPanel Store.
The system will attempt to install a certificate for the “exim” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for th e “exim” service.
The system will check for the certificate for the “ftp” service.
The system will attempt to replace the self-signed certificate for the “ftp” ser vice with a signed certificate from the cPanel Store.
The system will attempt to install a certificate for the “ftp” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for th e “ftp” service.
The error message here:
Does the domain point to the server? You can ensure this by running a command like dig on the CLI:
Furthermore, if the domain does point to the server successfully do you have any apache includes which have customizations?
Thank you,
Is the important part. This indicates that there is an issue with the hostname which is preventing the process from being able to retrieve the hash file from the listed URL.
Does the domain point to the server? You can ensure this by running a command like dig on the CLI:
Code:
dig a server.domain.comThank you,
root@server [~]# dig a server.example.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.5 <<>> a server.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43846
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;server.removed.net. IN A
;; ANSWER SECTION:
server.examlel.com. 4325 IN A IPREMOVED
;; Query time: 38 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mon Apr 16 12:27:59 2018
;; MSG SIZE rcvd: 53
Only started to see any issues when the server CPANEL was updated to latest version, and was also having issues with backups but was able to resolve. If I run the /usr/local/cpanel/bin/autossl_check --all command it checks all my domains as good, including www.example.com but does not check server.example.com
Last edited by a moderator:
***Please note that I removed the actual IP and hostname for the server from the thread.
The AutoSSL process and the Hostname SSL process are different.
Was the IP that was returned the correct IP address for the hostname? If it is correct is that IP by chance assigned to a domain as a dedicated IP address (i.e. not the primary IP of the server)
Thank you,
The AutoSSL process and the Hostname SSL process are different.
Was the IP that was returned the correct IP address for the hostname? If it is correct is that IP by chance assigned to a domain as a dedicated IP address (i.e. not the primary IP of the server)
Thank you,
Thank you it looks like you are on to something. The main ip was pointing to a domain on the server but other than the server's main ip. I have changed this and will update you shortly.
I changed the IP address to point correctly, dns seems to resolve now. Rebooted Server. Still same error
'file not found' when I run the command you specified. AutoSSL update does perform on all users except Root.
'file not found' when I run the command you specified. AutoSSL update does perform on all users except Root.
Please feel free to open a ticket using the link in my signature so that we can take a closer look. Once open please reply with the ticket ID so we can update this thread with the outcome.
Thank you,
Thank you,
So I ran update again as you requested, and a different response. It must have taken a few minutes but it looks like it has resolved properly and updated the certificate.
Thank you so much for your help!!
Hello,
That's great news, I'm happy to hear that you were able to resolve the issue. Thank you for providing the outcome as well!
That's great news, I'm happy to hear that you were able to resolve the issue. Thank you for providing the outcome as well!
| Thread starter | Similar threads | Forum | Replies | Date |
|---|---|---|---|---|
| M | Sectigo AutoSSL doesn't renew domain | Security | 3 | |
| T | does autossl work well now ? | Security | 8 | |
| H | IP address of AutoSSL does not point to default hostname | Security | 1 | |
| F | SOLVED AutoSSL doesn't work | Security | 3 | |
| N | SOLVED AutoSSL Error DNS does not mange | Security | 4 |