AutoSSL and HTTP Redirects

[cPanelFelipe]

Hi everyone,

We’ve been hard at work making the AutoSSL experience smoother for v60. While we can’t backport these updates to 58, I did want to share a bit of what we’ve been doing.

HTTP redirects seem to be pretty troublesome: specifically, the default cPanel/Comodo provider will fail if it finds a redirect. To address this, we’re implementing logic in 60 to insert mod_redirect exclusions into a virtual host’s .htaccess file when necessary.

You can do this in 58, but it will be a manual process. Here are the exclusions to add in:

For cPanel’s internal DCV checks:
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/cpanel-dcv/[0-9a-zA-Z_-]+$

For Comodo:
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$

For Let’s Encrypt:
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/

Insert these lines before every “RewriteRule” directive to ensure that domain control validation (DCV) will avoid redirects. Only the Comodo one should be strictly necessary, but the others are good ideas just in case.

 

[vikins]

Would you please provide an example scenario where this would be a problem? I want to make sure I'm understanding it correctly.

 

[cPanelMichael]

Would you please provide an example scenario where this would be a problem? I want to make sure I'm understanding it correctly.

Hello @vikins,

Essentially, SSL certificate installations handled by the AutoSSL feature can fail if a provider such as Comodo can't access "YOUR_DOMAIN.TLD/THE_TEXT_FILE.txt" to validate the certificate. The following thread offers more information on how the domain validation process works:

cPanel & WHM’s AutoSSL/SSL ordering process

Thank you.