Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

SOLVED AutoSSL "does not own" errors for www.mail subdomains

Discussion in 'Security' started by 4u123, Jun 13, 2018.

Tags:
  1. 4u123

    4u123 Well-Known Member
    PartnerNOC

    Joined:
    Jan 2, 2006
    Messages:
    838
    Likes Received:
    14
    Trophy Points:
    168
    Customer contacted us saying his AutoSSL cert stopped working. It expired a week ago and wasn't auto renewed. Its the primary domain on his plan. All his addon domains have up to date certs.

    When I run a check from WHM, on his account it comes back with this...

    WARN (XID fzekvz) “username” does not own a domain named “www.mail.domain.com” on this server.

    That's just a warn - so it most likely isn't the cause of the cert not being renewed - unfortunately, it doesn't get any further on the domain and doesn't list anything else about his primary domain - and it doesn't get renewed. The ssl check proceeds to check the remaining addons as normal. It's like this...

    3:43:38 PM Checking “sub.domain.com” …
    3:43:38 PM SUCCESS TLS Status: OK
    Certificate expiry: 9/12/18, 12:00 AM UTC (90.39 days from now)
    3:43:38 PM Checking “domain.com” …
    3:43:38 PM WARN (XID fzekvz) “username” does not own a domain named “www.mail.domain.com” on this server.
    3:43:38 PM Checking “sub.domain.com” …
    3:43:38 PM SUCCESS TLS Status: OK

    So it seems to be skipping it. when I look in the SSL Host Manager in WHM the certificate is showing as expired.

    I'm wondering if anyone else has seen this before?
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,672
    Likes Received:
    1,788
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello @4u123,

    Can you check the /var/cpanel/userdata/username/domain.tld and /var/cpanel/userdata/username/domain.tld_SSL files to verify if the www.mail subdomain appears on the serveralias line? If so, can you remove the www.mail entry from these files and then try running the AutoSSL check for this account again to see if the issue persists? EX:

    Code:
    /usr/local/cpanel/bin/autossl_check --user=username
    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. 4u123

    4u123 Well-Known Member
    PartnerNOC

    Joined:
    Jan 2, 2006
    Messages:
    838
    Likes Received:
    14
    Trophy Points:
    168
    Thanks Michael, yes that resolved it but this could be a bigger issue for us.

    The "www.mail.domain" entries were added some time ago by the EA4 to EA3 downgrade script which must have contained a bug.

    Soon after EA4 was released, we updated our servers but we came up against a number of issues that meant we had to go back to EA3. We ran the downgrade script provided by cpanel, which for some reason created full subdomains of www.mail.domain - for every domain on every server.

    We used the "list subdomains" option in WHM to remove these manually. It was very time consuming.

    It seems even after doing that - these www.mail entries are still hanging around in those /var/cpanel/userdata/ files.

    If I look at "Manage SSL Hosts" in WHM I see lots of www.mail.domain entries - all showing red padlocks. If the SSL check script now skips primary domains that are in this situation, we will potentially see lots of certificates not being renewed when they are due.

    Can you suggest a way to remove these across all of our servers? I'd need to find a way to search for the www.mail.domain string for every domain on the server and remove the entries from those files.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,672
    Likes Received:
    1,788
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello @4u123,

    The following command is unsupported, but it should accomplish what you are attempting to do:

    Code:
    cp -a /var/cpanel/userdata /var/cpanel/userdata-backup
    grep -Rl www.mail /var/cpanel/userdata/*/* | grep -v \.cache | xargs perl -pi -e's/www\.mail\.\S+//'
    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. 4u123

    4u123 Well-Known Member
    PartnerNOC

    Joined:
    Jan 2, 2006
    Messages:
    838
    Likes Received:
    14
    Trophy Points:
    168
    Thanks for that Michael. i appreciate you taking the time to look into that for me. Looks good. Does it exclude deleting the entries from the cache files?
    I notice that the script removes the www.mail.domain entry from the "serveralias" section of the file. In some cases it seems the file is named like this -
    /var/cpanel/userdata/mail.domain.com and the serveralias line only contains www.mail.domain.com - so when the script would be run against that file, it would completely remove the text after serveralias: line - leaving it empty.

    Is that going to cause a problem?
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,672
    Likes Received:
    1,788
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello @4u123,

    1. Yes, the script excludes the removal of the entry from the .cache files. You can manually update the .cache files upon removing the entries by running the following command:

    Code:
    /usr/local/cpanel/bin/userdata_update
    2. Yes, it will remove the "www.mail" alias from the "mail.domain.com" userdata files, leaving the serveralias line empty. That won't cause any issues unless there's a need to access the "mail.domain.com" domain name with the "www" prefix. If you want to skip those specific userdata files, run the "grep" section of the command first with an added search for "mail" to see a list of every mail.domain.com userdata file the full command will update:

    Code:
    grep -Rl www.mail /var/cpanel/userdata/*/* | grep -v \.cache|grep mail
    Then, after running the full command referenced in the previous response, manually copy the userdata files you see in the output from the above command back into place from the /var/cpanel/userdata-backup/$username/ directory.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. 4u123

    4u123 Well-Known Member
    PartnerNOC

    Joined:
    Jan 2, 2006
    Messages:
    838
    Likes Received:
    14
    Trophy Points:
    168
    Yes that makes sense, thanks for your help.
     
    cPanelMichael likes this.
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice