AutoSSL is generating a self signed certificate

[Jafar Muhammed]

I have enabled AutoSSL for all my domains using the Feature Manager. My primary domain is certified by cPanel (powered by Comodo). This domain is working perfectly fine.

However, other domains are self-signed, not cPanel (powered by Comodo), and this is causing trust issues across the browsers.

Below is a log file for one of the domains.

Checking websites for “pmjcreations” …

The website “pmjcreations.com”, owned by “pmjcreations”, has a valid SSL certificate, but additional SSL coverage may be possible for the domains “webdisk.domain.tld”, “cpanel.pmjcreations.com”, and “webmail.domain.tld””. The system will attempt to replace this certificate with one that includes these additional domains.

WARN The domain “webdisk.domain.tld”” failed domain control validation: The system queried for a temporary file at “<a href="http://webdisk.domain.tld”/09EE236241960CE67BC10DEBD5B9C532.txt">http://webdisk.domain.tld”/09EE236241960CE67BC10DEBD5B9C532.txt</a>”, but the web server responded with the following error: 401 (Unauthorized). A <abbr title="Domain Name System">DNS</abbr> or web server misconfiguration may exist.

WARN The domain “cpanel.domain.tld”” failed domain control validation: The system queried for a temporary file at “<a href="http://cpanel.domain.tld”/FE8A9A2259887B167FDC9822489CE041.txt">http://cpanel.domain.tld”/FE8A9A2259887B167FDC9822489CE041.txt</a>”, but the web server responded with the following error: 401 (Access Denied). A <abbr title="Domain Name System">DNS</abbr> or web server misconfiguration may exist.

WARN The domain “webmail.domain.tld”” failed domain control validation: The system queried for a temporary file at “<a href="http://webmail.domain.tld”/744F1C450D0AF230D785F66E9C533F36.txt">http://webmail.domain.tld”/744F1C450D0AF230D785F66E9C533F36.txt</a>”, but the web server responded with the following error: 401 (Access Denied). A <abbr title="Domain Name System">DNS</abbr> or web server misconfiguration may exist.

AutoSSL cannot add any new domains to SSL coverage for the website .domain.tld””.
The system has completed the AutoSSL check for “pmjcreations”.

 

[cPanelMichael]

Hello,

Have you blocked access to the document roots of the additional domain names added under this account? If so, you'd need to temporarily allow access to those websites in order for the AutoSSL validation process to succeed.

Thank you.

 

[Jafar Muhammed]

I am not sure about that @cPanelMichael. Could you please tell me how I can confirm that?
And please note, the same issue is with all the domains. AutoSSL is working for only the primary domain.

 

[cPanelMichael]

Hello,

You could review the .htaccess file in the document root of one of the affected domain names to see what entries are added. Feel free to post the entries here in CODE tags, ensuring to remove any real domain names or IP addresses.

Thank you.

 

[Jafar Muhammed]

One of the domains which I was testing had a .htaccess file.
I wrote conditions taken from Redirect HTTP to HTTPS automatically | GoDaddy Help IN

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

But that condition is overwritten now with

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Other domains don't have any .htaccess file

 

[cPanelMichael]

Hello,

Could you open a support ticket using the link in my signature so we can take a closer look and see why the domain validation process is failing for those domain names?

Thank you.

 

[Jafar Muhammed]

Hi @cPanelMichael, I have created a Support Request and provided access to my server.
I have received an access confirmation email as well.

Thank you so much