Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

AUTO SSL error: size of response body exceeds

Discussion in 'Security' started by acpro, Jul 17, 2017.

Tags:
  1. acpro

    acpro Member

    Joined:
    Mar 7, 2017
    Messages:
    11
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    Portugal
    cPanel Access Level:
    Root Administrator
    Hi.

    I had to set chattr in "public_html" in some domains weeks ago, so cPanel was unable to create new ssl TXT files.

    Today i removed chattr from public_html and tried to renew the SSL certificates, but i´m having this error:



    Code:
    This system has AutoSSL set to use “cPanel (powered by Comodo)”.
    Checking websites for “website” …
    The website “website.com”, owned by “website”, has a valid SSL certificate, but additional SSL coverage may be possible for the domains “cpanel.website.com”, “webmail.website.com”, and “webdisk.website.com”. The system will attempt to replace this certificate with one that includes these additional domains.
    The domain “cpanel.website.com” failed domain control validation: The system failed to fetch the DCV (Domain Control Validation) file at “http://cpanel.website.com/.well-known/pki-validation/7D3DEB83740BCC1196057375FD29C066.txt” because of an error: The system failed to send an HTTP (Hypertext Transfer Protocol) “GET” request to “http://cpanel.website.com/.well-known/pki-validation/7D3DEB83740BCC1196057375FD29C066.txt” because of an error: Size of response body exceeds the maximum allowed of 16384
    .
    The domain “webmail.website.com” failed domain control validation: The system failed to fetch the DCV (Domain Control Validation) file at “http://webmail.website.com/.well-known/pki-validation/0CE820DCC8F40124767D1F3E4E9687C0.txt” because of an error: The system failed to send an HTTP (Hypertext Transfer Protocol) “GET” request to “http://webmail.website.com/.well-known/pki-validation/0CE820DCC8F40124767D1F3E4E9687C0.txt” because of an error: Size of response body exceeds the maximum allowed of 16384
    .
    The domain “webdisk.website.com” failed domain control validation: The system queried for a temporary file at “http://webdisk.website.com/.well-known/pki-validation/8AEC32147A47FA80E2264501A6E8FCEE.txt”, but the web server responded with the following error: 401 (Unauthorized). A DNS (Domain Name System) or web server misconfiguration may exist.
    AutoSSL cannot add any new domains to SSL coverage for the website “website.com”.
    The system has completed the AutoSSL check for “website”.
    
    How can i fix this? (chattr is removed and the folder is writtable).
     
    #1 acpro, Jul 17, 2017
    Last edited by a moderator: Jul 17, 2017
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,802
    Likes Received:
    1,895
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    Do you have any redirect rules configured for this domain name? The error message suggests the request for the .TXT DCV file was redirected to another file, and the request was blocked because the size of the response body exceeded the 16-KiB limit.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    1,011
    Likes Received:
    87
    Trophy Points:
    78
    cPanel Access Level:
    DataCenter Provider
    Can you check your apache error log for ModSecurity messages regarding response body size? This is just a hunch but you may need to enable larger response bodies on your own server. This only applies if SecResponseBodyAccess is enabled.

    I could be completely wrong on this one though if the DCV system is setting that limit and not your server.
     
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,802
    Likes Received:
    1,895
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hi @quizknows,

    The following case was implemented in cPanel 64.0.30:

    Fixed case CPANEL-13902: Limit DCV responses to a sane (constant for now) size.

    This was done to address instances where HTTP requests for DCV text files were redirected to other file types (e.g. MP3 streams) through custom rewrite rules, leading to AutoSSL exhausting the server's memory. This change doesn't fix whatever the customer is doing to redirect the request, but it adds a 16-KiB limit on DCV responses to prevent AutoSSL from potentially spooling large amounts of data and using excessive amounts of memory.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    quizknows likes this.
  5. acpro

    acpro Member

    Joined:
    Mar 7, 2017
    Messages:
    11
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    Portugal
    cPanel Access Level:
    Root Administrator
    Hi.

    Thanks for the answers, but no redirects are made in those domains.

    But if i disable Engintron the warnings are gone:

    Something related with engintron?
     
  6. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,802
    Likes Received:
    1,895
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    I recommend reporting this issue directly to Engintron on their GitHub page:

    Issues · engintron/engintron · GitHub

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice