SOLVED AutoSSL "does not own" errors for www.mail subdomains

[4u123]

Customer contacted us saying his AutoSSL cert stopped working. It expired a week ago and wasn't auto renewed. Its the primary domain on his plan. All his addon domains have up to date certs.

When I run a check from WHM, on his account it comes back with this...

WARN (XID fzekvz) “username” does not own a domain named “www.mail.domain.com” on this server.

That's just a warn - so it most likely isn't the cause of the cert not being renewed - unfortunately, it doesn't get any further on the domain and doesn't list anything else about his primary domain - and it doesn't get renewed. The ssl check proceeds to check the remaining addons as normal. It's like this...

3:43:38 PM Checking “sub.domain.com” …
3:43:38 PM SUCCESS TLS Status: OK
Certificate expiry: 9/12/18, 12:00 AM UTC (90.39 days from now)
3:43:38 PM Checking “domain.com” …
3:43:38 PM WARN (XID fzekvz) “username” does not own a domain named “www.mail.domain.com” on this server.
3:43:38 PM Checking “sub.domain.com” …
3:43:38 PM SUCCESS TLS Status: OK

So it seems to be skipping it. when I look in the SSL Host Manager in WHM the certificate is showing as expired.

I'm wondering if anyone else has seen this before?

 

[cPanelMichael]

Hello @4u123,

Can you check the /var/cpanel/userdata/username/domain.tld and /var/cpanel/userdata/username/domain.tld_SSL files to verify if the www.mail subdomain appears on the serveralias line? If so, can you remove the www.mail entry from these files and then try running the AutoSSL check for this account again to see if the issue persists? EX:

/usr/local/cpanel/bin/autossl_check --user=username

Thank you.

 

[4u123]

Thanks Michael, yes that resolved it but this could be a bigger issue for us.

The "www.mail.domain" entries were added some time ago by the EA4 to EA3 downgrade script which must have contained a bug.

Soon after EA4 was released, we updated our servers but we came up against a number of issues that meant we had to go back to EA3. We ran the downgrade script provided by cpanel, which for some reason created full subdomains of www.mail.domain - for every domain on every server.

We used the "list subdomains" option in WHM to remove these manually. It was very time consuming.

It seems even after doing that - these www.mail entries are still hanging around in those /var/cpanel/userdata/ files.

If I look at "Manage SSL Hosts" in WHM I see lots of www.mail.domain entries - all showing red padlocks. If the SSL check script now skips primary domains that are in this situation, we will potentially see lots of certificates not being renewed when they are due.

Can you suggest a way to remove these across all of our servers? I'd need to find a way to search for the www.mail.domain string for every domain on the server and remove the entries from those files.

 

[cPanelMichael]

Can you suggest a way to remove these across all of our servers? I'd need to find a way to search for the www.mail.domain string for every domain on the server and remove the entries from those files.

Hello @4u123,

The following command is unsupported, but it should accomplish what you are attempting to do:

cp -a /var/cpanel/userdata /var/cpanel/userdata-backup
grep -Rl www.mail /var/cpanel/userdata/*/* | grep -v \.cache | xargs perl -pi -e's/www\.mail\.\S+//'

Thank you.

 

[4u123]

Thanks for that Michael. i appreciate you taking the time to look into that for me. Looks good. Does it exclude deleting the entries from the cache files?
I notice that the script removes the www.mail.domain entry from the "serveralias" section of the file. In some cases it seems the file is named like this -
/var/cpanel/userdata/mail.domain.com and the serveralias line only contains www.mail.domain.com - so when the script would be run against that file, it would completely remove the text after serveralias: line - leaving it empty.

Is that going to cause a problem?

 

[cPanelMichael]

Hello @4u123,

1. Yes, the script excludes the removal of the entry from the .cache files. You can manually update the .cache files upon removing the entries by running the following command:

/usr/local/cpanel/bin/userdata_update

2. Yes, it will remove the "www.mail" alias from the "mail.domain.com" userdata files, leaving the serveralias line empty. That won't cause any issues unless there's a need to access the "mail.domain.com" domain name with the "www" prefix. If you want to skip those specific userdata files, run the "grep" section of the command first with an added search for "mail" to see a list of every mail.domain.com userdata file the full command will update:

grep -Rl www.mail /var/cpanel/userdata/*/* | grep -v \.cache|grep mail

Then, after running the full command referenced in the previous response, manually copy the userdata files you see in the output from the above command back into place from the /var/cpanel/userdata-backup/$username/ directory.

Thank you.

 

[4u123]

Yes that makes sense, thanks for your help.

 

[kmrinmoy07]

I am having a subdomain and AutoSSL is installed for the subdomain and www.subdomain only. How can I add AutoSSL to mail.subdomain