AutoSSL constant issues

[nspecoza]

Morning All,

Could someone please advise me.
I hosting a Dedicated Server from my Home Office, with Fibre connectivity, with all the necessary main firewall ports that one would really need opened and pointed to the server which has it's own firewall (CSF).

But I just can not get the AutoSSL to work - constant issues, no matter what I try.

Log for the AutoSSL run for all users: Friday, July 17, 2020 10:10:34 AM GMT+0200 (cPanel (powered by Sectigo))
10:10:34 AM AutoSSL’s configured provider is “cPanel (powered by Sectigo)”.
This AutoSSL provider does not poll for certificate availability immediately after a certificate request submission. Instead, it submits certificate requests then periodically polls the cPanel Store for each requested certificate and installs it after a successful retrieval. The system will record all requests, retrievals, and installations for the current AutoSSL run in this log.
Looking for potential NAT (Network Address Translation) problems …

10:11:31 AM The system will attempt to renew the SSL certificate for the website
10:11:34 AM ERROR AutoSSL failed to request an SSL certificate for “domain.za” because of an error: (XID 8bee9d) The cPanel Store returned an error (X::AuthenticationFailure) in response to the request “POST ssl/certificate/free”: Unauthorized
The system has completed “nhsecco”’s AutoSSL check.
10:11:34 AM Processing “nspeco”’s local DCV results …
10:11:34 AM ERROR Local DNS DCV error (internet.domain.za): The DNS query to “_cpanel-dcv-test-record.domain.za” for the DCV challenge returned no “TXT” record that matches the value “_cpanel-dcv-test-record=jRgvvTc6WRy5wmvZwTdXgGgS4yeGfY84p8Djq6TsqQUtZSSaFZaMLCb64i4dOFiF”.
ERROR Local DNS DCV error (www.internet.domain.za): The DNS query to “_cpanel-dcv-test-record.nspe.co.za” for the DCV challenge returned no “TXT” record that matches the value “_cpanel-dcv-test-record=jRgvvTc6WRy5wmvZwTdXgGgS4yeGfY84p8Djq6TsqQUtZSSaFZaMLCb64i4dOFiF”.
Analyzing “bookin.install_lets_encrypt_autossl_provider.za”’s DCV results …

 

[cPanelLauren]

The output indicates that you are unauthorized. This isn't a DNS error, the accounts pass local DCV checks. cPanel partners resell licenses and they have the ability to turn off some features, in this instance, it looks like the feature is disabled. When you run an autossl check using the let's encrypt provider do you continue to experience issues? You can install the provider with the following:

/scripts/install_lets_encrypt_autossl_provider

 

[nspecoza]

i have disabled most of the domains, and re-ran it on the primary domain.co.za domain,. and this is the result





What PORTS would it need for verification? Could be a firewall?

 

[cPanelLauren]

I deleted the entire message with the Let's Encrypt output as well as the AutoSSL output from your last response because we do not allow domain names to be added which I notified you about but you continue to include them.

The error message when you run on the Let's Encrypt provider is:

ERROR CA forbidden

Which is not at all the same error. This indicates that your domains' CAA record does not authorize Let's Encrypt to issue the certificate. So, on the co.za domain which you've identified, and re-run autossl with the Sectigo provider the output is still the same. What you need to do on that domain is add a valid CAA record for Let's Encrypt and re-run AutoSSL with the Let's Encrypt provider for that domain.

From what you're showing me this does not look at all firewall related