Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

AutoSSL and HTTP Redirects

Discussion in 'Security' started by cPanelFelipe, Sep 1, 2016.

Tags:
  1. cPanelFelipe

    cPanelFelipe Member
    Staff Member

    Joined:
    Apr 10, 2013
    Messages:
    7
    Likes Received:
    5
    Trophy Points:
    78
    Hi everyone,

    We’ve been hard at work making the AutoSSL experience smoother for v60. While we can’t backport these updates to 58, I did want to share a bit of what we’ve been doing.

    HTTP redirects seem to be pretty troublesome: specifically, the default cPanel/Comodo provider will fail if it finds a redirect. To address this, we’re implementing logic in 60 to insert mod_redirect exclusions into a virtual host’s .htaccess file when necessary.

    You can do this in 58, but it will be a manual process. Here are the exclusions to add in:

    For cPanel’s internal DCV checks:
    RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
    RewriteCond %{REQUEST_URI} !^/\.well-known/cpanel-dcv/[0-9a-zA-Z_-]+$

    For Comodo:
    RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt$
    RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$

    For Let’s Encrypt:
    RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/

    Insert these lines before every “RewriteRule” directive to ensure that domain control validation (DCV) will avoid redirects. Only the Comodo one should be strictly necessary, but the others are good ideas just in case.
     
    #1 cPanelFelipe, Sep 1, 2016
    Last edited by a moderator: Feb 3, 2018
  2. vikins

    vikins Well-Known Member

    Joined:
    Oct 3, 2006
    Messages:
    105
    Likes Received:
    1
    Trophy Points:
    168
    Would you please provide an example scenario where this would be a problem? I want to make sure I'm understanding it correctly.
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,699
    Likes Received:
    1,790
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello @vikins,

    Essentially, SSL certificate installations handled by the AutoSSL feature can fail if a provider such as Comodo can't access "YOUR_DOMAIN.TLD/THE_TEXT_FILE.txt" to validate the certificate. The following thread offers more information on how the domain validation process works:

    cPanel & WHM’s AutoSSL/SSL ordering process

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    vikins likes this.
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice