AutoSSL DCV: CNAME entries from comodoca

WaldoPepper

Member
May 3, 2012
15
1
53
cPanel Access Level
Root Administrator
I just reviewed my DNS zones and noticed that there are more than 30 CNAME entries from comodoca. I thought each time AutoSSL ran the DCV through DNS the old CNAME would be deleted.

Is this a misunderstanding, a misconfiguration or just a bug? Is it safe to clear all record types referring to comodoca.com?

TIA. Sam.
 

PeteS

Well-Known Member
Jun 8, 2017
311
67
78
Oregon
cPanel Access Level
Root Administrator
Can I get some docs on this record?

I found a domain with 15 (three sets of 5, for cpcalendars, webmail, cpanel, cpcontacts, and webdisk). I checked some other DNS zones and they have none. All domains have autoSSL.
 

PeteS

Well-Known Member
Jun 8, 2017
311
67
78
Oregon
cPanel Access Level
Root Administrator
@PeteS - these would all be related to AutoSSL checks, and are safe to remove. They likely look something like this:

_7e3a11259b8306275bef9b1e59b150e1.testing 300 IN CNAME 6be5e17b5ac27acaae876259dfaeb409.7493a8970fa5d32a2644f719c00fd4ec.comodoca.com.
Thank you. Do you know what causes/how to prevent these?
 

PeteS

Well-Known Member
Jun 8, 2017
311
67
78
Oregon
cPanel Access Level
Root Administrator
In theory, these should get removed after the SSL verification process is complete. If that isn't happening, can you submit a ticket to our team so we can check your particular system?
Thanks.

#grep -l "comodoca.com" /var/named/*.db tells me there are only three other domain zone files with a CNAME like this, and they each have just one, not many. I will monitor for it and reach back here if it is ongoing.
 
  • Like
Reactions: cPRex

Metro2

Well-Known Member
May 24, 2006
572
94
178
USA
cPanel Access Level
Root Administrator
I just found this thread because I've noticed the same thing happening on several cPanel accounts recently as well. I just deleted 8 of these comodoca CNAME entries from an account. When I come across another one I'll likely leave the CNAME records in place and submit a ticket.
 
  • Like
Reactions: cPRex

thowden

Well-Known Member
May 17, 2013
88
15
58
Australia
cPanel Access Level
Root Administrator
Hi

The Comodo SSL issues have been occurring for some time.

I am sure (99.9%) it relates to the failing DNS resolution items as discussed (at length) in this thread
It can be summarised as " The Cpanel server assumes 100% ownership of the domain, for the purpose of AutoSSL. If you modify the DNS at all then you will break AutoSSL, and find the residue in these failed entries." Can I prove that ? Not really, but given the issues with AutoSSL and non-Cpanel IP DNS locations, it is the most likely cause.

All domains I have sampled on my servers that have all Cpanel default settings (ie standard account) work ok with no Comodo artefacts.

All domains I have sampled with modified DNS entries, for silly things like pointing mail to Office365, will get the CNAME entries that are not cleaned up.

My expectation is that the DNS Zone includes an A record(s) that is(are) not on the localhost, then SSL configuration errors. An example client I am looking at is hosted elsewhere for everything except a website. We have 30 failed Comodo CNAME records in that DNS.

We can "just delete them" which is just "another task" to be monitored and managed. PITA.