The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

AutoSSL and HTTP Redirects

Discussion in 'Security' started by cPanelFelipe, Sep 1, 2016.

Tags:
  1. cPanelFelipe

    cPanelFelipe Member
    Staff Member

    Joined:
    Apr 10, 2013
    Messages:
    6
    Likes Received:
    5
    Trophy Points:
    3
    Hi everyone,

    We’ve been hard at work making the AutoSSL experience smoother for v60. While we can’t backport these updates to 58, I did want to share a bit of what we’ve been doing.

    HTTP redirects seem to be pretty troublesome: specifically, the default cPanel/Comodo provider will fail if it finds a redirect. To address this, we’re implementing logic in 60 to insert mod_redirect exclusions into a virtual host’s .htaccess file when necessary.

    You can do this in 58, but it will be a manual process. Here are the exclusions to add in:

    For cPanel’s internal DCV checks:
    RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$

    For Comodo:
    RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt$

    For Let’s Encrypt:
    RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/

    Insert these lines before every “RewriteRule” directive to ensure that domain control validation (DCV) will avoid redirects. Only the Comodo one should be strictly necessary, but the others are good ideas just in case.
     
  2. vikins

    vikins Well-Known Member

    Joined:
    Oct 3, 2006
    Messages:
    91
    Likes Received:
    1
    Trophy Points:
    8
    Would you please provide an example scenario where this would be a problem? I want to make sure I'm understanding it correctly.
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello @vikins,

    Essentially, SSL certificate installations handled by the AutoSSL feature can fail if a provider such as Comodo can't access "YOUR_DOMAIN.TLD/THE_TEXT_FILE.txt" to validate the certificate. The following thread offers more information on how the domain validation process works:

    cPanel & WHM’s AutoSSL/SSL ordering process

    Thank you.
     
    vikins likes this.
Loading...

Share This Page