AutoSSL and HTTP Redirects

cPanelFelipe

Member
Staff member
Apr 10, 2013
17
11
128
Hi everyone,

We’ve been hard at work making the AutoSSL experience smoother for v60. While we can’t backport these updates to 58, I did want to share a bit of what we’ve been doing.

HTTP redirects seem to be pretty troublesome: specifically, the default cPanel/Comodo provider will fail if it finds a redirect. To address this, we’re implementing logic in 60 to insert mod_redirect exclusions into a virtual host’s .htaccess file when necessary.

You can do this in 58, but it will be a manual process. Here are the exclusions to add in:

For cPanel’s internal DCV checks:
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/cpanel-dcv/[0-9a-zA-Z_-]+$

For Comodo:
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$

For Let’s Encrypt:
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/

Insert these lines before every “RewriteRule” directive to ensure that domain control validation (DCV) will avoid redirects. Only the Comodo one should be strictly necessary, but the others are good ideas just in case.
 
Last edited by a moderator:

vikins

Well-Known Member
Oct 3, 2006
120
1
168
Would you please provide an example scenario where this would be a problem? I want to make sure I'm understanding it correctly.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463
Would you please provide an example scenario where this would be a problem? I want to make sure I'm understanding it correctly.
Hello @vikins,

Essentially, SSL certificate installations handled by the AutoSSL feature can fail if a provider such as Comodo can't access "YOUR_DOMAIN.TLD/THE_TEXT_FILE.txt" to validate the certificate. The following thread offers more information on how the domain validation process works:

cPanel & WHM’s AutoSSL/SSL ordering process

Thank you.
 
  • Like
Reactions: vikins