Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

AutoSSL failing because of www being added to sub domains

Discussion in 'Security' started by meta7gear, Jun 4, 2018.

  1. meta7gear

    meta7gear Registered

    Joined:
    Jun 4, 2018
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Russia
    cPanel Access Level:
    Root Administrator
    Hi all,

    I've taken over management of a group of sites running on a server with cPanel. On one of the accounts the clients previous developer added a number of sub-domains eg..

    secure.website.com
    support.website.com
    affiliate.website.com


    However, for AutoSSL check, it's attempting to access versions of these subdomains with www appended to them eg.

    www.secure.website.com

    Obviously, this doesn't resolve and it's causing problems. Will this cause the renewal of the SSL certificates for the actual subdomains to fail? How can this be fixed?

    Here is the log file...

    10:01:58 PM AutoSSL’s configured provider is “Let’s Encrypt™”.
    Checking websites for “realbeauty” …
    10:01:59 PM Checking “affiliate.example1.com” …
    10:01:59 PM TLS Status: Ready for Renewal
    WARN Certificate expiry: 6/9/18, 4:23 AM UTC (4.39 days from now)
    WARN Local DCV error (www.affiliate.example1.com): “www.affiliate.example1.com” does not resolve to any IPv4 addresses on the internet.

    ERROR Impediment: SECURED_DOMAIN_DCV_FAILURE: One or more currently-secured domains failed DCV.
    10:01:59 PM Checking “contact.example1.com” …
    10:01:59 PM TLS Status: Ready for Renewal
    WARN Certificate expiry: 6/9/18, 4:23 AM UTC (4.39 days from now)
    WARN Local DCV error (www.contact.example1.com): “www.contact.example1.com” does not resolve to any IPv4 addresses on the internet.

    ERROR Impediment: SECURED_DOMAIN_DCV_FAILURE: One or more currently-secured domains failed DCV.
    10:01:59 PM Checking “join.example1.com” …
    10:01:59 PM TLS Status: Ready for Renewal
    WARN Certificate expiry: 7/2/18, 3:23 AM UTC (27.35 days from now)
    WARN Local DCV error (www.join.example1.com): “www.join.example1.com” does not resolve to any IPv4 addresses on the internet.

    ERROR Impediment: SECURED_DOMAIN_DCV_FAILURE: One or more currently-secured domains failed DCV.
    10:01:59 PM Checking “example1.com” …
    10:01:59 PM SUCCESS TLS Status: OK
    Certificate expiry: 9/1/18, 3:23 AM UTC (88.35 days from now)
    10:01:59 PM Checking “secure.example1.com” …
    10:01:59 PM TLS Status: Ready for Renewal
    WARN Certificate expiry: 6/24/18, 3:23 AM UTC (19.35 days from now)
    WARN Local DCV error (www.secure.example1.com): “www.secure.example1.com” does not resolve to any IPv4 addresses on the internet.

    ERROR Impediment: SECURED_DOMAIN_DCV_FAILURE: One or more currently-secured domains failed DCV.
    10:01:59 PM Checking “support.example1.com” …
    10:01:59 PM TLS Status: Incomplete
    Certificate expiry: 9/1/18, 3:23 AM UTC (88.35 days from now)
    Number of domains: 2
    Number of secured domains: 1
    WARN Local DCV error (www.support.example1.com): “www.support.example1.com” does not resolve to any IPv4 addresses on the internet.
    ERROR Impediment: NO_UNSECURED_DOMAIN_PASSED_DCV: Every unsecured domain failed DCV.
    10:01:59 PM The system has completed the AutoSSL check for “realbeauty”.
     
    #1 meta7gear, Jun 4, 2018
    Last edited by a moderator: Jun 4, 2018
  2. cPanelLauren

    cPanelLauren Forums Analyst II
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    3,838
    Likes Received:
    276
    Trophy Points:
    193
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @meta7gear

    Based on this the autoSSL check is only failing for the www. subdomains it's not failing for the actual subdomain. Note that only the www. subdomains are only listed here. While I did remove the actual domain name I took a look at the status of the certificate for the domain name before I removed it at SSL Checker - SSL Certificate Verify and the certificate for the subdomains seems to be good for another 187 days.


    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. meta7gear

    meta7gear Registered

    Joined:
    Jun 4, 2018
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Russia
    cPanel Access Level:
    Root Administrator
    Is there a way to remove these www entries so we stop getting the errors and email notification of failure. Will they remove themselves after the listed expiry in a few days?

    Weirdly enough, I notice there are also dns zones listed for each subdomain with www (see attached file)
     

    Attached Files:

  4. cPanelLauren

    cPanelLauren Forums Analyst II
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    3,838
    Likes Received:
    276
    Trophy Points:
    193
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @meta7gear

    You should actually be able to exclude them for AutoSSL checks by going to cPanel>>Security>>SSL/TLS Status and selecting the domains you don't want checked.

    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice