AutoSSL certificate renew fail, pki-validation error 406 - file not acceptable

Operating System & Version
CENTOS 7.9
cPanel & WHM Version
v96.0.8

accafella

Member
Jan 1, 2018
24
5
3
cambridge uk
cPanel Access Level
Root Administrator
Hello cPanellers, your help would be most appreciated.

AutoSSL (running Sectigo) cannot find any file at .well-known/pki-validation/ but returns a 406 error rather than a 404 that other folk have experienced.
The .txt file does not exist, that I can verify, but also ...
"the web server responded with the following error: 406 (Not Acceptable). A DNS (Domain Name System) or web server misconfiguration may exist."

The AutoSSL log also reports that ;
WARN Local HTTP DCV error <mydomain> does not resolve to any IP addresses on the internet.
and
ERROR Impediment: TOTAL_DCV_FAILURE: Every domain failed DCV.

DNS is hosted externally by my WebHost and i've run the domain through leafDNS and intoDNS ; there are no apparent problems.
Disabling the relevant .htaccess files has also had no effect.

/proc/sys/net/ipv6/conf/all/disable_ipv6 is set to 1 in case that ipv6 is the cause.

I'm a little lost and would value some pointers in the right direction.

Thanks in advance,
Steve.
 
Last edited by a moderator:

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
6,062
775
313
cPanel Access Level
Root Administrator
Hey there! It sounds like there is an issue looking up the DNS from your specific server if there are no issues reported with IntoDNS or other external tools. Could you try running this command on your server, just replacing "google.com" with your specific domain name? This will show if the system is able to check the correct nameservers for that domain:

Code:
/usr/local/cpanel/3rdparty/bin/perl -MCpanel::DnsRoots -MData::Dumper -e 'print Dumper(Cpanel::DnsRoots->new()->get_nameservers_for_domain("google.com"));'
If that does return the correct information, feel free to submit a ticket to our team so we can do some additional testing.