Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

autoSSL fails because of 301 redirect?

Discussion in 'Security' started by Arvil Mena, Feb 26, 2018.

Tags:
  1. Arvil Mena

    Arvil Mena Registered

    Joined:
    Feb 26, 2018
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Philippines
    cPanel Access Level:
    Reseller Owner
    Hello cPanel, can you help me with this, I'd been debugging this for a half day already.

    So apparently, autoSSL fails because when checking for validation, the `Cpanel-HTTP-Client/1.0` is getting 301 code on the response, but I just can't fathom why it is getting such output

    yesterday:
    Code:
    [26/Feb/2018:23:46:52 +1100] "GET /.well-known/acme-challenge/BEKT19DL9JIG9S5GPP50XAL9ZSPAV54J HTTP/1.1" 200 64 "-" "Cpanel-HTTP-Client/1.0"
    [26/Feb/2018:23:46:53 +1100] "GET /.well-known/acme-challenge/M2JTRKP9EJA72ODL49X9S76K2VXNVPEX HTTP/1.1" 301 617 "-" "Cpanel-HTTP-Client/1.0"
    [26/Feb/2018:23:46:53 +1100] "GET /.well-known/acme-challenge/M2JTRKP9EJA72ODL49X9S76K2VXNVPEX HTTP/1.1" 200 64 "-" "Cpanel-HTTP-Client/1.0"
    
    today:

    Code:
    [27/Feb/2018:12:44:37 +1100] "GET /.well-known/acme-challenge/3JKBTU7K1SWU5C2A-TTMFIUW7AAJ2BIK HTTP/1.1" 200 64 "-" "Cpanel-HTTP-Client/1.0"
    [27/Feb/2018:12:44:37 +1100] "GET /.well-known/acme-challenge/3PQLEMVJ__W39X1D-HBLELHP2I5_CRE6 HTTP/1.1" 301 617 "-" "Cpanel-HTTP-Client/1.0"
    [27/Feb/2018:12:44:37 +1100] "GET /.well-known/acme-challenge/3PQLEMVJ__W39X1D-HBLELHP2I5_CRE6 HTTP/1.1" 200 64 "-" "Cpanel-HTTP-Client/1.0"
    if I issue `curl -i` to a dummy file inside `/.well-known/acme-challenge` directory, its getting 200 NOT 301

    Here is the rule in my `.htaccess` whitelisting the access to hidden directory (in respect with autoSSL)

    Code:
    # allow autoSSL from cPanel
    <IfModule mod_rewrite.c>
        RewriteCond %{REQUEST_URI} ^\/[A-F0-9]{32}.txt(?:\ Comodo\ DCV)?$ [OR]
        RewriteCond %{REQUEST_URI} ^\/[0-9]+\..+\.cpaneldcv$ [OR]
        RewriteCond %{REQUEST_URI} /\.well\-known\/acme\-challenge
        RewriteCond %{REQUEST_FILENAME} -f
        RewriteRule (.*) - [L]
    </IfModule>
    
    # disable accessing hidden directories, such as ".git", ".config", etc.
    <IfModule mod_rewrite.c>
        RewriteRule "(^|/)\." - [F]
    </IfModule>
    As you can see, the block for the access to verification directory was set to [L] and not redirected.

    In case posting my full .htaccess is required to help debug, here it is [removed due to external URL]

    Am I missing any requirements for autoSSL to work?

    Hope you guys can help.

    Regards,
     
    #1 Arvil Mena, Feb 26, 2018
    Last edited by a moderator: Feb 26, 2018
  2. Tearabite

    Tearabite Well-Known Member

    Joined:
    Nov 28, 2010
    Messages:
    76
    Likes Received:
    11
    Trophy Points:
    58
    Location:
    Southern California
    cPanel Access Level:
    Root Administrator
    Are you using CloudFlare?
     
  3. Arvil Mena

    Arvil Mena Registered

    Joined:
    Feb 26, 2018
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Philippines
    cPanel Access Level:
    Reseller Owner
    Nope, I am not
     
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,749
    Likes Received:
    1,884
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    Do you have root access to this server? If so, I recommend removing the AutoSSL exclusion rules from the .htaccess file and instead enabling the following option under the "Domains" tab in "WHM >> Tweak Settings":

    Use a Global DCV Passthrough instead of .htaccess modification (requires EA4)

    Per it's description:

    When you enable this option, Apache adds global rewrite rules to the webserver configuration so that the system does not process additional rewrite rules for DCV filenames. These global rules make it unnecessary for cPanel & WHM to modify each virtual host’s .htaccess file. Note: When you enable this option, the system receives a trivial performance penalty because all of the HTTP requests must be matched against the DCV filename regular expressions.

    Let us know if this helps.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice