Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

AutoSSL Failing to issue a SSL certificate

Discussion in 'Security' started by madnoob2, Oct 2, 2017.

Tags:
  1. madnoob2

    madnoob2 Member

    Joined:
    Apr 18, 2017
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Croatia
    cPanel Access Level:
    Root Administrator
    Hello lads. I've been having problems with my autoSSL certificates (the free ones ^_^). While it works for my main domain and for my mail. subdomain , it does not work for whm. and cpanel. subdomains. Not really sure what the issue is but here's what it says in the logs :
    Code:
    10:24:08 AM WARN The domain “cpanel.mydomain.com” failed domain control validation: The system failed to fetch the <abbr title="Domain Control Validation">DCV</abbr> file at “<a href="http://cpanel.mydomain.com/.well-known/pki-validation/2C2CB780FD94474D4C9861F9BEFDD92B.txt">http://cpanel.mydomain.com/.well-known/pki-validation/2C2CB780FD94474D4C9861F9BEFDD92B.txt</a>” because of an error: The system failed to send an <abbr title="Hypertext Transfer Protocol">HTTP</abbr> “GET” request to “http://cpanel.mydomain.com/.well-known/pki-validation/2C2CB780FD94474D4C9861F9BEFDD92B.txt” because of an error: Size of response body exceeds the maximum allowed of 16384 . 
     
    #1 madnoob2, Oct 2, 2017
    Last edited by a moderator: Oct 2, 2017
  2. Larkolag

    Larkolag Active Member

    Joined:
    May 22, 2017
    Messages:
    35
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Trabzon
    cPanel Access Level:
    Root Administrator
    Twitter:
    which one do you use as the auto SSL provider? cPanel or let's encrypt?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,802
    Likes Received:
    1,895
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    Are any custom Apache templates utilized in the /var/cpanel/templates/apache2 or /var/cpanel/templates/apache2_4 directories on this server? Also, is the Engintron application installed on this server (there was another thread where it was the culprit for this error)? If neither of those are the case, it's possible a redirect rule is directing requests to the DCV file to another file that exceeds 16-KiB response limit. Are any other rewrite rules configured for this domain name?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. madnoob2

    madnoob2 Member

    Joined:
    Apr 18, 2017
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Croatia
    cPanel Access Level:
    Root Administrator
    I do have Engintron app installed and have already searched on Engin's github page for this error. It seems already reported here
    github.com/engintron/engintron/issues/652
    But they say it's cPanel's problem? I'm confused.
     
    #4 madnoob2, Oct 3, 2017
    Last edited by a moderator: Oct 3, 2017
  5. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,802
    Likes Received:
    1,895
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    Can you verify if the issue persists when temporarily disabling Engintron? This should help to rule it out as the cause of the issue.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. Flyer

    Flyer Member

    Joined:
    Jun 15, 2007
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    51
    I've got the same problem generating a certificate for webmail.mydomain.net, whereas mydomain.net was generated ok. This is the log entry:

    Code:
    The website “webmail.mydomain.net”, owned by “mydomain”, has no SSL certificate. AutoSSL will attempt to obtain a new certificate and install it.
    
    WARN The domain “webmail.mydomain.net” failed domain control validation: The system failed to fetch the <abbr title="Domain Control Validation">DCV</abbr> file at “<a href="[URL]http://webmail.mydomain.net/.well-known/pki-validation/BF61AE81A1B4F2D69329A26747CCA1A2.txt[/URL]">[URL]http://webmail.mydomain.net/.well-known/pki-validation/BF61AE81A1B4F2D69329A26747CCA1A2.txt[/URL]</a>” because of an error: The system failed to send an <abbr title="Hypertext Transfer Protocol">HTTP</abbr> “GET” request to “[URL]http://webmail.mydomain.net/.well-known/pki-validation/BF61AE81A1B4F2D69329A26747CCA1A2.txt”[/URL] because of an error: Size of response body exceeds the maximum allowed of 16384
    The referenced file does not exist, neither does Engintron.
     
    #6 Flyer, Oct 16, 2017
    Last edited by a moderator: Oct 16, 2017
  7. jwogrady

    jwogrady Member

    Joined:
    Jul 9, 2014
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    DataCenter Provider
    I'm seeing the same thing. webdisk, webmail, ipv6 subdomains not generating let's encrypt certs because of the acme key fails to validate.
     
  8. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,802
    Likes Received:
    1,895
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    Feel free to open a support ticket using the link in my signature if you'd like us to take a closer look.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. 4u123

    4u123 Well-Known Member
    PartnerNOC

    Joined:
    Jan 2, 2006
    Messages:
    842
    Likes Received:
    14
    Trophy Points:
    168
    I've noticed the same problems with AutoSSL when using Engintron and when using Cachewall (xvarnish) - both being reverse proxies. We've been unable to resolve this with xvarnish and unfortunately they don't offer any support for the product. It's a shame because both of those products are good - but completely unusable with AutoSSL at this point in time. (we dont use custom Apache templates).

    For us the main problems are the issues described above with the proxy subdomains but also successfully installed AutoSSL certs don't actually work in many cases, with a totally different certificate being referenced in the browser to the one that is configured for the domain in question. It doesn't even go to the default certificate that is configured for that IP. Very strange.

    I think this is down to Engintron and CacheWall to resolve, as an addon, their software needs to work with the way cpanel is set up - not the other way around. When their software is removed, SSL works as intended.
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice