Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

AutoSSL and Subdomains on Different IP

Discussion in 'Security' started by dazeck, Nov 10, 2016.

Tags:
  1. dazeck

    dazeck Well-Known Member

    Joined:
    Jul 19, 2014
    Messages:
    58
    Likes Received:
    11
    Trophy Points:
    8
    Location:
    England
    cPanel Access Level:
    Root Administrator
    I've noticed the following warnings in the AutoSSL log, they appear every night for every domain.

    Code:
    1:22:02 AM The website “yourdomain.co.uk”, owned by “yourdomain”, has a valid SSL certificate, but additional SSL coverage may be possible for the domain “mail.yourdomain.co.uk”. The system will attempt to replace this certificate with one that includes this additional domain.
     1:22:04 AM WARN The domain “mail.yourdomain.co.uk” failed domain control validation: The content “7” of the <abbr title="Domain Control Validation">DCV</abbr> file, as accessed at “<a href="http://www.myvpsaddress.co.uk/domainnotknown.html">http://www.myvpsaddress.co.uk/domainnotknown.html</a>” and redirected from “<a href="http://mail.yourdomain.co.uk/317957.BIN_AUTOSSL_CHECK_PL__.8ejJH0H0.cpaneldcv">http://mail.yourdomain.co.uk/317957.BIN_AUTOSSL_CHECK_PL__.8ejJH0H0.cpaneldcv</a>”, did not match the expected value. at bin/autossl_check.pl line 512.
     1:22:04 AM WARN All of “yourdomain.co.uk”’s unsecured domains failed domain control validation. AutoSSL skip this website. at bin/autossl_check.pl line 441.
    Now i'm not overly worried as they are warnings, but I know the support for proxy subdomains (mail only at this time) has been added to WHM 60 which I am running, so is this issue stopping that from working ?

    The IP Address for the mail.xxxx domains have been configured as a different IP to the www.xxx domains due to a negative reputation on the original ip address and mail getting rejected, I'm not sure if having this different ip is causing the problem.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello @dazeck,

    Could you let us know the steps you took to configure the mail subdomain on it's own IP address? Is it simply an "A" record change in the DNS zone? Did you explore changing the IP address used by Exim for sending email instead? There's a document on that at:

    How to Configure the Exim Outgoing IP Address - cPanel Knowledge Base - cPanel Documentation

    Also, just a slight correction regarding your reference of proxy subdomains for anyone else viewing this thread. cPanel version 60 introduced the Domain TLS functionality to provide SNI functionality for the following services (including mail.domain.tld subdomain):

    However, AutoSSL support for proxy subdomains is not yet available. That's planned for the future, and can be tracked at:

    Allow to make certificate for subdomains like cPanel.example.com and mail.Example.com

    Thank you.
     
  3. dazeck

    dazeck Well-Known Member

    Joined:
    Jul 19, 2014
    Messages:
    58
    Likes Received:
    11
    Trophy Points:
    8
    Location:
    England
    cPanel Access Level:
    Root Administrator
    I did add an entry to the /etc/mailips file to add *:1.2.3.4 (where 1.2.3.4 is the ip address used for the mail now). I have also modified the A records of all the domains to use this same ip address, but I'll be honest and say I have no idea why I did this. It might be that I changed DNS first to try and resolve the issue before finding out about the /etc/mailips file. Do you think I will be OK to set the mail dns record back to the main shared IP address ? They are all on the same VPS.

    My apologies for the incorrect reference of proxy subdomains, thank you for correcting me.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Yes, please revert to the default configuration and let us know if any additional issues with AutoSSL persist.

    Thanks!
     
  5. dazeck

    dazeck Well-Known Member

    Joined:
    Jul 19, 2014
    Messages:
    58
    Likes Received:
    11
    Trophy Points:
    8
    Location:
    England
    cPanel Access Level:
    Root Administrator
    OK I put the main IP back in for mail subdomains and everything still works, nobody has complained about emails not going. I checked the AutoSSL logs over the weekend and the warnings for mail.subdomain have gone but now I am getting a lot of proper errors (not warnings).

    Code:
    1:22:02 AM Checking websites for “domain” …
     1:22:03 AM The website “domainname.co.uk”, owned by “domain”, has a valid SSL certificate, but additional SSL coverage may be possible for the domain “mail.domainname.co.uk”. The system will attempt to replace this certificate with one that includes this additional domain.
     1:22:03 AM The system will attempt to renew SSL certificates for the following websites:
     1:22:03 AM domainname.co.uk (domainname.co.uk www.domainname.co.uk mail.domainname.co.uk)
     1:22:08 AM ERROR AutoSSL failed to request an SSL certificate for “domainname.co.uk” because of an error: Cpanel::Exception::cPStoreError/(XID vb7j8d) The cPanel Store returned an error (X::Item::ActivationFailure) in response to the request “POST ssl/certificate/free”: Generic exception at /usr/local/cpanel/Cpanel/Exception/CORE.pm line 77. Cpanel::Exception::create("cPStoreError", HASH(0x402a6f8)) called at /usr/local/cpanel/Cpanel/cPStore.pm line 231 Cpanel::cPStore::__ANON__(Cpanel::Exception::HTTP::Server=HASH(0x41f2430)) called at /usr/local/cpanel/3rdparty/perl/522/lib64/perl5/cpanel_lib/Try/Tiny.pm line 103 Try::Tiny::try(CODE(0x402bb30), Try::Tiny::Catch=REF(0x4029338)) called at /usr/local/cpanel/Cpanel/cPStore.pm line 239 Cpanel::cPStore::_request(Cpanel::cPStore::LicenseAuthn=HASH(0x19e94c0), "post", "ssl/certificate/free", "item_params", HASH(0x402db98)) called at /usr/local/cpanel/Cpanel/cPStore.pm line 178 Cpanel::cPStore::post(Cpanel::cPStore::LicenseAuthn=HASH(0x19e94c0), "ssl/certificate/free", "item_params", HASH(0x402db98)) called at /usr/local/cpanel/Cpanel/SSL/Auto/Provider/cPanel.pm line 169 Cpanel::SSL::Auto::Provider::cPanel::__ANON__() called at /usr/local/cpanel/3rdparty/perl/522/lib64/perl5/cpanel_lib/Try/Tiny.pm line 80 eval {...} called at /usr/local/cpanel/3rdparty/perl/522/lib64/perl5/cpanel_lib/Try/Tiny.pm line 71 Try::Tiny::try(CODE(0x362ca80), Try::Tiny::Catch=REF(0x401ff68)) called at /usr/local/cpanel/Cpanel/SSL/Auto/Provider/cPanel.pm line 193 Cpanel::SSL::Auto::Provider::cPanel::renew_ssl_for_vhosts(Cpanel::SSL::Auto::Provider::cPanel=HASH(0x2fb96f0), "domain", "domainname.co.uk", ARRAY(0x1926b20)) called at bin/autossl_check.pl line 259 bin::autossl_check::__ANON__() called at /usr/local/cpanel/3rdparty/perl/522/lib64/perl5/cpanel_lib/Try/Tiny.pm line 80 eval {...} called at /usr/local/cpanel/3rdparty/perl/522/lib64/perl5/cpanel_lib/Try/Tiny.pm line 71 Try::Tiny::try(CODE(0x355a4e8), Try::Tiny::Catch=REF(0x3559d98)) called at bin/autossl_check.pl line 266 bin::autossl_check::__ANON__() called at /usr/local/cpanel/Cpanel/PIDFile.pm line 101 Cpanel::PIDFile::do("Cpanel::PIDFile", "/var/cpanel/autossl_check.pid", CODE(0x3268850)) called at bin/autossl_check.pl line 287 bin::autossl_check::_run_maybe_captured("--all") called at bin/autossl_check.pl line 109 bin::autossl_check::__ANON__() called at /usr/local/cpanel/Cpanel/CaptureFH.pm line 50 Cpanel::CaptureFH::do_with_output_captured_to_path_if_non_tty("/usr/local/cpanel/logs/error_log", CODE(0x323e590)) called at bin/autossl_check.pl line 110 bin::autossl_check::run("--all") called at bin/autossl_check.pl line 78
     1:22:08 AM The system has completed the AutoSSL check for “domain”.
    
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page