Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

AUTO SSL error: size of response body exceeds

Discussion in 'Security' started by acpro, Jul 17, 2017.

Tags:
  1. acpro

    acpro Member

    Joined:
    Mar 7, 2017
    Messages:
    11
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    Portugal
    cPanel Access Level:
    Root Administrator
    Hi.

    I had to set chattr in "public_html" in some domains weeks ago, so cPanel was unable to create new ssl TXT files.

    Today i removed chattr from public_html and tried to renew the SSL certificates, but i´m having this error:



    Code:
    This system has AutoSSL set to use “cPanel (powered by Comodo)”.
    Checking websites for “website” …
    The website “website.com”, owned by “website”, has a valid SSL certificate, but additional SSL coverage may be possible for the domains “cpanel.website.com”, “webmail.website.com”, and “webdisk.website.com”. The system will attempt to replace this certificate with one that includes these additional domains.
    The domain “cpanel.website.com” failed domain control validation: The system failed to fetch the DCV (Domain Control Validation) file at “http://cpanel.website.com/.well-known/pki-validation/7D3DEB83740BCC1196057375FD29C066.txt” because of an error: The system failed to send an HTTP (Hypertext Transfer Protocol) “GET” request to “http://cpanel.website.com/.well-known/pki-validation/7D3DEB83740BCC1196057375FD29C066.txt” because of an error: Size of response body exceeds the maximum allowed of 16384
    .
    The domain “webmail.website.com” failed domain control validation: The system failed to fetch the DCV (Domain Control Validation) file at “http://webmail.website.com/.well-known/pki-validation/0CE820DCC8F40124767D1F3E4E9687C0.txt” because of an error: The system failed to send an HTTP (Hypertext Transfer Protocol) “GET” request to “http://webmail.website.com/.well-known/pki-validation/0CE820DCC8F40124767D1F3E4E9687C0.txt” because of an error: Size of response body exceeds the maximum allowed of 16384
    .
    The domain “webdisk.website.com” failed domain control validation: The system queried for a temporary file at “http://webdisk.website.com/.well-known/pki-validation/8AEC32147A47FA80E2264501A6E8FCEE.txt”, but the web server responded with the following error: 401 (Unauthorized). A DNS (Domain Name System) or web server misconfiguration may exist.
    AutoSSL cannot add any new domains to SSL coverage for the website “website.com”.
    The system has completed the AutoSSL check for “website”.
    
    How can i fix this? (chattr is removed and the folder is writtable).
     
    #1 acpro, Jul 17, 2017
    Last edited by a moderator: Jul 17, 2017
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Do you have any redirect rules configured for this domain name? The error message suggests the request for the .TXT DCV file was redirected to another file, and the request was blocked because the size of the response body exceeded the 16-KiB limit.

    Thank you.
     
  3. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    986
    Likes Received:
    76
    Trophy Points:
    78
    cPanel Access Level:
    DataCenter Provider
    Can you check your apache error log for ModSecurity messages regarding response body size? This is just a hunch but you may need to enable larger response bodies on your own server. This only applies if SecResponseBodyAccess is enabled.

    I could be completely wrong on this one though if the DCV system is setting that limit and not your server.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hi @quizknows,

    The following case was implemented in cPanel 64.0.30:

    Fixed case CPANEL-13902: Limit DCV responses to a sane (constant for now) size.

    This was done to address instances where HTTP requests for DCV text files were redirected to other file types (e.g. MP3 streams) through custom rewrite rules, leading to AutoSSL exhausting the server's memory. This change doesn't fix whatever the customer is doing to redirect the request, but it adds a 16-KiB limit on DCV responses to prevent AutoSSL from potentially spooling large amounts of data and using excessive amounts of memory.

    Thank you.
     
    quizknows likes this.
  5. acpro

    acpro Member

    Joined:
    Mar 7, 2017
    Messages:
    11
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    Portugal
    cPanel Access Level:
    Root Administrator
    Hi.

    Thanks for the answers, but no redirects are made in those domains.

    But if i disable Engintron the warnings are gone:

    Something related with engintron?
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    I recommend reporting this issue directly to Engintron on their GitHub page:

    Issues · engintron/engintron · GitHub

    Thank you.
     
Loading...

Share This Page