AutoSSL failed to issue certificate

[David Barter]

I'm new to WHM/cpanel so excuse me if I'm doing something obviously wrong.

We're trying to migrate web sites to a new WHM server and the first site is failing to receive a certificate with AutoSSL. Here is the log output (hostname changed to example.com);

9:14:18 AM Analyzing “example.com” …

9:14:18 AM ERROR TLS Status: Defective

Certificate expiry: 7/8/20, 6:30 PM UTC (348.22 days from now)

ERROR Defect: OPENSSL_VERIFY: The certificate chain failed OpenSSL’s verification (0:18:DEPTH_ZERO_SELF_SIGNED_CERT).

9:14:18 AM Performing DCV (Domain Control Validation) …

9:14:42 AM WARN Local HTTP DCV error (example.com): “example.com” does not resolve to any IP addresses on the internet.

9:15:18 AM WARN Local HTTP DCV error (www.example.com): “www.example.com” does not resolve to any IP addresses on the internet.

9:15:54 AM WARN Local HTTP DCV error (mail.example.com): “mail.example.com” does not resolve to any IP addresses on the internet.

9:16:30 AM WARN Local HTTP DCV error (cpanel.example.com): “cpanel.example.com” does not resolve to any IP addresses on the internet.

9:17:06 AM WARN Local HTTP DCV error (webdisk.example.com): “webdisk.example.com” does not resolve to any IP addresses on the internet.

9:17:42 AM WARN Local HTTP DCV error (webmail.example.com): “webmail.example.com” does not resolve to any IP addresses on the internet.

9:18:06 AM ERROR Local DNS DCV error (example.com): The DNS query to “_cpanel-dcv-test-record.example.com” for the DCV challenge returned no “TXT” record that matches the value “_cpanel-dcv-test-record=bQwAmWFRlW60ZsYkiTdLMG2mScfscyaoo0KgbS86aa9aJOb10XFxl4f2yxV4sZhy”.

ERROR Local DNS DCV error (www.example.com): The DNS query to “_cpanel-dcv-test-record.example.com” for the DCV challenge returned no “TXT” record that matches the value “_cpanel-dcv-test-record=bQwAmWFRlW60ZsYkiTdLMG2mScfscyaoo0KgbS86aa9aJOb10XFxl4f2yxV4sZhy”.

ERROR Local DNS DCV error (mail.example.com): The DNS query to “_cpanel-dcv-test-record.example.com” for the DCV challenge returned no “TXT” record that matches the value “_cpanel-dcv-test-record=bQwAmWFRlW60ZsYkiTdLMG2mScfscyaoo0KgbS86aa9aJOb10XFxl4f2yxV4sZhy”.

ERROR Local DNS DCV error (cpanel.example.com): The DNS query to “_cpanel-dcv-test-record.example.com” for the DCV challenge returned no “TXT” record that matches the value “_cpanel-dcv-test-record=bQwAmWFRlW60ZsYkiTdLMG2mScfscyaoo0KgbS86aa9aJOb10XFxl4f2yxV4sZhy”.

ERROR Local DNS DCV error (webdisk.example.com): The DNS query to “_cpanel-dcv-test-record.example.com” for the DCV challenge returned no “TXT” record that matches the value “_cpanel-dcv-test-record=bQwAmWFRlW60ZsYkiTdLMG2mScfscyaoo0KgbS86aa9aJOb10XFxl4f2yxV4sZhy”.

ERROR Local DNS DCV error (webmail.example.com): The DNS query to “_cpanel-dcv-test-record.example.com” for the DCV challenge returned no “TXT” record that matches the value “_cpanel-dcv-test-record=bQwAmWFRlW60ZsYkiTdLMG2mScfscyaoo0KgbS86aa9aJOb10XFxl4f2yxV4sZhy”.

9:18:06 AM Analyzing “example.com”’s DCV results …

9:18:06 AM ERROR Impediment: TOTAL_DCV_FAILURE: Every domain failed DCV.

I assume the warnings are because the server is using NAT and is retrieving the private IP address which is not routable (192.168.55.23)

DNS is being hosted on 2 servers using cpanel DNS-Only and has the TXT reported in the errors.

Where am I going wrong?

 

[cPanelLauren]

HI @David Barter

According to this its unable to get an IP address return for the domain. Does it resolve properly on the server? If you are NAT routing can you run the following and let me know the output?

/scripts/build_cpnat

 

[David Barter]

Lauren-

Script output;

info [build_cpnat] 192.168.55.23 => <IPRemoved>​

Which is the correct public IP for this site.

 

[cPanelLauren]

Hi @David Barter


Now if you attempt to run AutoSSL once more do you get the same error?

 

[David Barter]

Lauren-

Yes, same error.

 

[cPanelLauren]

Hi @David Barter

Thanks for that, I primarily wanted to ensure there that the issue wasn't with the NAT routing configuration. It doesn't sound like there's any issues with that, it sounds like there may be an issue with DNS on the server.

When you run the following for your domain do you get any errors?

dig +trace domain.tld

 

[David Barter]

Lauren-

No error was produced and the domain was correctly resolved.

 

[cPanelLauren]

Can you please open a ticket using the link in my signature? Once open please reply with the Ticket ID here so that we can update this thread with the resolution once the ticket is resolved.


Thanks!

 

[David Barter]

Support Ticket ID; 12979657

 

[cPanelLauren]

Hello @David Barter

I just checked in on the ticket and it looks like the sites were set up with the internal IP address (which is unusual) the analyst provided instructions on how to resolve this as well as offered to assist with the conversion using the IP address migration tool - please let us know if you continue to experience issues with this once the IP address issue is resolved.