The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SOLVED AutoSSL Fails for all accounts

Discussion in 'Security' started by Bluemerlin, Nov 17, 2016.

Tags:
  1. Bluemerlin

    Bluemerlin Member

    Joined:
    Dec 8, 2010
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    51
    Hi All

    I am using
    CENTOS 6.8 x86_64 hyper-v – server WHM 60.0 (build 24)
    23 accounts, some with internal only websites and some public facing.
    AutoSSL enabled for all user accounts.
    Some have existing good SSL certificates
    Some have expired SSL certificates
    The rest don't have any SSL certificates

    My problem is that AutoSSL is failing on every website, all with the common message, saying that the domain does not resolve to any IPv4 addresses on the internet. at bin/autossl_check.pl line 512.

    In the snip below it also states that the certificate has expired which is correct. So I would like it to be replaced.

    Code:
    12:35:55 AM Checking websites for “xxxxxxxx” …
    12:35:55 AM The website “example.com”, owned by “xxxxxxxx”, has a faulty SSL certificate (OPENSSL_VERIFY:0:10:CERT_HAS_EXPIRED NOT_ALL_DOMAINS ALMOST_EXPIRED). AutoSSL will attempt to replace this certificate.
    12:36:47 AM WARN The domain “example.com” failed domain control validation: “retiredbutable.com” does not resolve to any IPv4 addresses on the internet. at bin/autossl_check.pl line 512.
    12:36:47 AM WARN The domain “www.example.com” failed domain control validation: “www.example.com” does not resolve to any IPv4 addresses on the internet. at bin/autossl_check.pl line 512.
    12:36:47 AM WARN The domain “mail.example.com” failed domain control validation: “mail.example.com” does not resolve to any IPv4 addresses on the internet. at bin/autossl_check.pl line 512.
    12:36:47 AM The system has completed the AutoSSL check for “xxxxxxxx”.
    I have left the domain name in so you can see that it does resolve.

    FYI I have looked through other AutoSSL problems on this forum but can't see any relevant, so apologise in advance if it has been covered.
     
    #1 Bluemerlin, Nov 17, 2016
    Last edited by a moderator: Nov 17, 2016
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,029
    Likes Received:
    1,277
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello @Bluemerlin,

    There are a few potential causes of this problem. For instance, I've seen a case where the data center blocked UDP connections to the root name servers. Could you open a support ticket using the link in my signature so we can take a closer look and figure out what's happening? You can post the ticket number here and we will update this thread with the outcome.

    Thanks!
     
  3. Bluemerlin

    Bluemerlin Member

    Joined:
    Dec 8, 2010
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    51
    Thanks I will do that.
     
  4. Mads Nordholm

    Mads Nordholm Member

    Joined:
    Jun 7, 2015
    Messages:
    20
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    Thailand
    cPanel Access Level:
    Root Administrator
    I have exactly the same issue. Have tried with both DC provided name servers and Google's public DNS. Same result.

    I would greatly appreciate a list of common reasons, since I know that all the domains in question resolve just fine.
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,029
    Likes Received:
    1,277
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello @Mads Nordholm,

    Feel free to open a support ticket so we can take a closer look and verify why the DNS resolution is failing.

    Thank you.
     
  6. Bluemerlin

    Bluemerlin Member

    Joined:
    Dec 8, 2010
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    51
    It is looking like I have found the problem.

    The Cisco that the server is sitting behind was using the default DNS packet length of 512. I have increased this to 1500 using.

    fixup protocol dns maximum-length 1500

    The console message that gave me the clue was

    Dropped UDP DNS reply from outside:192.5.5.241/53 to Servers:xxx.xxx.xxx.xx/46173; packet length 517 bytes exceeds configured limit of 512 bytes

    This appears to have fixed it for most of all the sites (once a quota issue was fixed).
     
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,029
    Likes Received:
    1,277
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    I'm happy to see the issue is now resolved. Thank you for updating this thread with the outcome.
     
Loading...

Share This Page