Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

SOLVED AutoSSL error 404

Discussion in 'Security' started by Teri Stricker, Apr 29, 2018.

Tags:
  1. Teri Stricker

    Teri Stricker Member

    Joined:
    Mar 21, 2018
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    grand haven, MI
    cPanel Access Level:
    Root Administrator
    I have several domains about to expire. I tried LetsEncrypt as well, I get the same error as the comodo on all of them.

    So I have reduced myself to working with a domain that is my own and have been applying the suggestions I found in these threads. The redirects problem is gone but now I get

    Log for the AutoSSL run for “user”: Sunday, April 29, 2018 8:54:59 PM GMT-0400 (cPanel (powered by Comodo))
    8:54:59 PM This system has AutoSSL set to use “cPanel (powered by Comodo)”.
    8:54:59 PM Checking websites for “user” …
    8:54:59 PM The website “domain.tld”, owned by “user”, has no SSL certificate. AutoSSL will attempt to obtain a new certificate and install it.
    8:54:59 PM WARN The domain “domain.tld” failed domain control validation: The system queried for a temporary file at “https://domain.tld/.well-known/pki-validation/A96176DA3229CF7577F359FAB0974E6A.txt”, which was redirected from “http://domain.tld/.well-known/pki-validation/A96176DA3229CF7577F359FAB0974E6A.txt”. The web server responded with the following error: 404 (Not Found). A DNS (Domain Name System) or web server misconfiguration may exist.

    I even deleted the .htaccess file entirely and restarted apache, no change.
    Permissions on the folders are correct, as well as the owner of the directories. (755)
    I know it is supposed to write a file and then query it, but I don't even know where to look to find out if the file was ever written.

    Thanks for your help.
    Teri
     
  2. Teri Stricker

    Teri Stricker Member

    Joined:
    Mar 21, 2018
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    grand haven, MI
    cPanel Access Level:
    Root Administrator
    It turned out that somehow somewhere that account got destroyed while I was working with it.
    Did the rewrites and redirects I'd learned about and that one completed.

    THEN I go to the next account, and it says cpanel. autodiscover. and webmail. don't resolve to IPS.
    Neither did the account I had terminated and created from scratch, and that worked.

    I can add those, but for 50 accounts? that worked last time no problem?
     
  3. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,749
    Likes Received:
    1,884
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello Teri,

    Check to make sure the following options are enabled under the "Domains" tab in "WHM >> Tweak Settings" on this system:

    Proxy subdomains
    Proxy subdomain creation


    Additionally, for your existing domain names, you can run the following command to add the missing proxy subdomain DNS entries:

    Code:
    /scripts/proxydomains add --ifenabled
    Note that in cPanel & WHM version 70, we automatically complete a one time check on the server to check for missing proxy subdomain entries:

    Fixed case CPANEL-17258: Do a one time check for missing proxy subdomains.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. Teri Stricker

    Teri Stricker Member

    Joined:
    Mar 21, 2018
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    grand haven, MI
    cPanel Access Level:
    Root Administrator
    adding the subdomains stopped THAT error but now I am back to 404 not found when it tries to query the file under the subdomains.

    did run the command you gave above, though, I will give it time to do its thing and then try the autossl again. Presently the provider is set to LetsEncrypt, as it gave no errors about redirects. :)

    Thank you for your help so far!
     
  5. Teri Stricker

    Teri Stricker Member

    Joined:
    Mar 21, 2018
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    grand haven, MI
    cPanel Access Level:
    Root Administrator
    Several of the domains were able to renew their certificates.

    One that did not is the one I'd added those proxies to manually, which I've undone and then run the command above, and we will see if that clears it up.

    The others erroring I will go through and see what is what. At first glance I think it is sites that are redirected to other sites on the machine. One has a .net for email whilst the .com does the site, for example. But I shall wade through and let you know.

    Thanks
    Teri
     
  6. Teri Stricker

    Teri Stricker Member

    Joined:
    Mar 21, 2018
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    grand haven, MI
    cPanel Access Level:
    Root Administrator
    The account I thought I destroyed in the first post above, wasn't destroyed, because it happened to another account. It turns out deleting the about to expire autossl cert was not a good idea.

    I was able to reinstall it via WHM - SSL/TLS - Install an SSL Certificate on a Domain
    Entered the domain name and browsed for the certificate.

    I put this here for anyone as clueless as I was. It was still complaining when I tried to renew, until I found my typo. I'd put autodiscovery instead of autodiscover. My bad!

    Thank you CPanel Micahel for your help.

    /scripts/proxydomains add --ifenabled command was a big help for all but the sites I had already mangled.

    Teri
     
  7. Teri Stricker

    Teri Stricker Member

    Joined:
    Mar 21, 2018
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    grand haven, MI
    cPanel Access Level:
    Root Administrator
    To sum up, autossl LetsEncrypt was failing because I didn't have proxy subdomains (autodiscover, webmail, webdisk, cpanel)

    Deleting the SSL certificate was NOT the way to go, it made the site unusable. I am forcing https so with no certificate it just went to the 404 page. I had to reinstall the certificates through WHM - SSL/TLS -
    Install an SSL Certificate on a Domain

    CPanel Michael's advice solved most of the errors. Quoted below:

    "Check to make sure the following options are enabled under the "Domains" tab in "WHM >> Tweak Settings" on this system:

    Proxy subdomains
    Proxy subdomain creation


    Additionally, for your existing domain names, you can run the following command to add the missing proxy subdomain DNS entries:

    Code:
    /scripts/proxydomains add --ifenabled"

    All the rest of the errors were 301 redirects.

    Interestingly, in order to make autossl work AFTER disabling the redirect, I had to install a self signed certificate, THEN it ran and installed.
    I suppose for the same reason as when you buy a cert you have to first do a CSR.

    This summary is just to put the answers in one place for the next poor soul looking for an answer to these particular problems

    Thanks for all your help CPanel Michael.

    Teri
     
  8. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,749
    Likes Received:
    1,884
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello Teri,

    I'm glad to see the issue is now sorted. Note that configuring a redirect to force SSL is generally okay as long as the Use a Global DCV Passthrough instead of .htaccess modification (requires EA4) option is enabled under the Domains tab in WHM >> Tweak Settings. If it's not enabled, you can enable it, or exclude the DCV requests from the redirect conditions by adding the following entries to your existing redirect rules for the domain name:

    Code:
    # For cPanel’s internal DCV checks:
    RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
    RewriteCond %{REQUEST_URI} !^/\.well-known/cpanel-dcv/[0-9a-zA-Z_-]+$
    
    # For Comodo:
    RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt$
    RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
    
    # For Let’s Encrypt:
    RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/
    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice