Teri Stricker

Member
Mar 21, 2018
6
0
1
grand haven, MI
cPanel Access Level
Root Administrator
I have several domains about to expire. I tried LetsEncrypt as well, I get the same error as the comodo on all of them.

So I have reduced myself to working with a domain that is my own and have been applying the suggestions I found in these threads. The redirects problem is gone but now I get

Log for the AutoSSL run for “user”: Sunday, April 29, 2018 8:54:59 PM GMT-0400 (cPanel (powered by Comodo))
8:54:59 PM This system has AutoSSL set to use “cPanel (powered by Comodo)”.
8:54:59 PM Checking websites for “user” …
8:54:59 PM The website “domain.tld”, owned by “user”, has no SSL certificate. AutoSSL will attempt to obtain a new certificate and install it.
8:54:59 PM WARN The domain “domain.tld” failed domain control validation: The system queried for a temporary file at “https://domain.tld/.well-known/pki-validation/A96176DA3229CF7577F359FAB0974E6A.txt”, which was redirected from “http://domain.tld/.well-known/pki-validation/A96176DA3229CF7577F359FAB0974E6A.txt”. The web server responded with the following error: 404 (Not Found). A DNS (Domain Name System) or web server misconfiguration may exist.

I even deleted the .htaccess file entirely and restarted apache, no change.
Permissions on the folders are correct, as well as the owner of the directories. (755)
I know it is supposed to write a file and then query it, but I don't even know where to look to find out if the file was ever written.

Thanks for your help.
Teri
 

Teri Stricker

Member
Mar 21, 2018
6
0
1
grand haven, MI
cPanel Access Level
Root Administrator
It turned out that somehow somewhere that account got destroyed while I was working with it.
Did the rewrites and redirects I'd learned about and that one completed.

THEN I go to the next account, and it says cpanel. autodiscover. and webmail. don't resolve to IPS.
Neither did the account I had terminated and created from scratch, and that worked.

I can add those, but for 50 accounts? that worked last time no problem?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,254
463
Hello Teri,

Check to make sure the following options are enabled under the "Domains" tab in "WHM >> Tweak Settings" on this system:

Proxy subdomains
Proxy subdomain creation


Additionally, for your existing domain names, you can run the following command to add the missing proxy subdomain DNS entries:

Code:
/scripts/proxydomains add --ifenabled
Note that in cPanel & WHM version 70, we automatically complete a one time check on the server to check for missing proxy subdomain entries:

Fixed case CPANEL-17258: Do a one time check for missing proxy subdomains.

Thank you.
 

Teri Stricker

Member
Mar 21, 2018
6
0
1
grand haven, MI
cPanel Access Level
Root Administrator
adding the subdomains stopped THAT error but now I am back to 404 not found when it tries to query the file under the subdomains.

did run the command you gave above, though, I will give it time to do its thing and then try the autossl again. Presently the provider is set to LetsEncrypt, as it gave no errors about redirects. :)

Thank you for your help so far!
 

Teri Stricker

Member
Mar 21, 2018
6
0
1
grand haven, MI
cPanel Access Level
Root Administrator
Several of the domains were able to renew their certificates.

One that did not is the one I'd added those proxies to manually, which I've undone and then run the command above, and we will see if that clears it up.

The others erroring I will go through and see what is what. At first glance I think it is sites that are redirected to other sites on the machine. One has a .net for email whilst the .com does the site, for example. But I shall wade through and let you know.

Thanks
Teri
 

Teri Stricker

Member
Mar 21, 2018
6
0
1
grand haven, MI
cPanel Access Level
Root Administrator
The account I thought I destroyed in the first post above, wasn't destroyed, because it happened to another account. It turns out deleting the about to expire autossl cert was not a good idea.

I was able to reinstall it via WHM - SSL/TLS - Install an SSL Certificate on a Domain
Entered the domain name and browsed for the certificate.

I put this here for anyone as clueless as I was. It was still complaining when I tried to renew, until I found my typo. I'd put autodiscovery instead of autodiscover. My bad!

Thank you CPanel Micahel for your help.

/scripts/proxydomains add --ifenabled command was a big help for all but the sites I had already mangled.

Teri
 

Teri Stricker

Member
Mar 21, 2018
6
0
1
grand haven, MI
cPanel Access Level
Root Administrator
To sum up, autossl LetsEncrypt was failing because I didn't have proxy subdomains (autodiscover, webmail, webdisk, cpanel)

Deleting the SSL certificate was NOT the way to go, it made the site unusable. I am forcing https so with no certificate it just went to the 404 page. I had to reinstall the certificates through WHM - SSL/TLS -
Install an SSL Certificate on a Domain

CPanel Michael's advice solved most of the errors. Quoted below:

"Check to make sure the following options are enabled under the "Domains" tab in "WHM >> Tweak Settings" on this system:

Proxy subdomains
Proxy subdomain creation


Additionally, for your existing domain names, you can run the following command to add the missing proxy subdomain DNS entries:

Code:
/scripts/proxydomains add --ifenabled"

All the rest of the errors were 301 redirects.

Interestingly, in order to make autossl work AFTER disabling the redirect, I had to install a self signed certificate, THEN it ran and installed.
I suppose for the same reason as when you buy a cert you have to first do a CSR.

This summary is just to put the answers in one place for the next poor soul looking for an answer to these particular problems

Thanks for all your help CPanel Michael.

Teri
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,254
463
Hello Teri,

I'm glad to see the issue is now sorted. Note that configuring a redirect to force SSL is generally okay as long as the Use a Global DCV Passthrough instead of .htaccess modification (requires EA4) option is enabled under the Domains tab in WHM >> Tweak Settings. If it's not enabled, you can enable it, or exclude the DCV requests from the redirect conditions by adding the following entries to your existing redirect rules for the domain name:

Code:
# For cPanel’s internal DCV checks:
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/cpanel-dcv/[0-9a-zA-Z_-]+$

# For Comodo:
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$

# For Let’s Encrypt:
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/
Thank you.