Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

AutoSSL Errors Due to HTTP Redirects in cPanel v68.0 Despite Domain Validation Exclusion Conditions

Discussion in 'Security' started by schwartzy18510, Feb 3, 2018.

  1. schwartzy18510

    schwartzy18510 Registered

    Joined:
    Feb 3, 2018
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    U.S.
    cPanel Access Level:
    Website Owner
    Hello, I am on a shared web hosting environment which incorporates cPanel v68.0 (build 28.0).

    I am experiencing AutoSSL renewal exclusion warnings which began immediately after I implemented URL 301 redirects in .htaccess to force non-www and non-https URL versions of my website's domain to a URL which includes https and www.

    The specific error I am receiving is as follows and applies to both the http:// and http:// www URL versions of the domain:

    "The validation required 1 HTTP redirect, but the AutoSSL provider “cPanel (powered by Comodo)” does not permit HTTP redirects. When the system accessed the “http:// example.com/.well-known/pki-validation/7A2FD4D19D76C2BED16311E2C77471F0.txt” URL, it redirected to the “https:// www .example.com/.well-known/pki-validation/7A2FD4D19D76C2BED16311E2C77471F0.txt” URL."

    I have checked my .htaccess file for the presence of the mod_redirect exclusions referenced in this thread in regard to cPanel v60 and do not see them.

    I therefore manually added the three RewriteCond exclusions as listed in the thread linked above prior to my two existing URL 301 Rewrite Conditions and Rewrite Rule, but am still experiencing these errors.

    Is there any updated work-around for this issue in relation to cPanel v68? Or is there perhaps a simpler solution that I have overlooked?
     
  2. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,468
    Likes Received:
    21
    Trophy Points:
    148
    cPanel Access Level:
    DataCenter Provider
    The rewrite rules in that thread were outdated. The latest ones are:

    For cPanel’s internal DCV checks:
    RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
    RewriteCond %{REQUEST_URI} !^/\.well-known/cpanel-dcv/[0-9a-zA-Z_-]+$

    For Comodo:
    RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt$
    RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$

    For Let’s Encrypt:
    RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/

    I have also edited the post in that thread to update them.
     
    schwartzy18510 likes this.
  3. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,675
    Likes Received:
    73
    Trophy Points:
    28
    Location:
    India
    cPanel Access Level:
    Root Administrator
    You will have to disable the redirect rule, and then again execute the AutoSSL check because with this redirect, the verification will not work and that SSL will not be generated..
     
  4. schwartzy18510

    schwartzy18510 Registered

    Joined:
    Feb 3, 2018
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    U.S.
    cPanel Access Level:
    Website Owner
    Many thanks, cPanelNick! After subbing in those conditions for those I was attempting to use previously, the two redirect-related AutoSSL errors resolved and the domains validated successfully.

    Unfortunately, I now have a new error presenting for just my autodiscover subdomain:

    "The system queried for a temporary file at “http://autodiscover.example.com/.well-known/pki-validation/745E786B921D18B07F2EE66397D27CE8.txt”, but the web server responded with the following error: 404 (Not Found). A DNS (Domain Name System) or web server misconfiguration may exist."

    I can't seem to escape this error even after reverting to my previous RewriteCond within .htaccess, so it appears unlikely this is related to the change in domain validation exclusion conditions. It may simply be a new gremlin.

    Any advice on resolving this new 404?
     
  5. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,468
    Likes Received:
    21
    Trophy Points:
    148
    cPanel Access Level:
    DataCenter Provider
    You can force a check of all proxy domains config and DNS entries with the following command:

    Code:
    /scripts/checkproxysubdomains --force
    
     
Loading...

Share This Page