The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

AutoSSL issues

Discussion in 'Security' started by Ryan Condict, Jul 24, 2017.

Tags:
  1. Ryan Condict

    Ryan Condict Registered

    Joined:
    Jul 24, 2017
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Indiana
    cPanel Access Level:
    Root Administrator
    I use the AutoSSL cPanel signed certificates for all my domains that don't run e-commerce or don't need a paid SSL certificate. I ran into an issue last week when one of those AutoSSL certificates did not renew. It took a week of discussion with support for where I have my dedicated server to figure out the issue. It had something to do with the .htaccess file making it fail.

    So we removed that file and ran it again and it installed but I noticed today it just did it for the domain with and without www but when you look at SSL/TLS Status in cPanel it does not have a green icon for mail, webmail, webdisk and cpanel. Next to those it says "The installed certificate does not cover this domain. The certificate will renew via AutoSSL."

    So then I looked at the Logs and for the domain having the issue it says (replaced domain with example):
    4:46:18 AM Checking websites for “example” …
    4:46:18 AM The website “example.com”, owned by “example”, has a valid SSL certificate, but additional SSL coverage may be possible for the domains “mail.example.com”, “cpanel.example.com”, “webmail.example.com”, and “webdisk.example.com”. The system will attempt to replace this certificate with one that includes these additional domains.
    4:46:31 AM WARN The domain “example.com” failed domain control validation: “example.com” does not resolve to any IPv4 addresses on the internet.
    4:46:31 AM WARN The current SSL certificate for “example.com” secures the domain “example.com”. However, this domain failed local domain control validation. In order to maintain SSL domain coverage for this domain, the system will not attempt to replace the current certificate.
    4:46:31 AM The system has completed the AutoSSL check for “example”.

    All sites are running Drupal and the only thing I have added to the bottom of .htaccess file is:

    RewriteCond %{HTTP_HOST} !^example\.com$ [NC,OR]
    RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://example.com/$1 [R=301,L]

    I am open to any ideas or suggestions on how to fix this issue so that it does not mess up the AutoSSL.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,064
    Likes Received:
    1,287
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    I recommend browsing to "WHM >> Tweak Settings" and enabling the following option under the "Domains" tab:

    "Use a Global DCV Passthrough instead of .htaccess modification (requires EA4)"

    Here's the description for this option:

    When you enable this option, Apache adds global rewrite rules to the webserver configuration so that the system does not process additional rewrite rules for DCV filenames. These global rules make it unnecessary for cPanel & WHM to modify each virtual host’s .htaccess file. Note: When you enable this option, the system receives a trivial performance penalty because all of the HTTP requests must be matched against the DCV filename regular expressions.

    Note this option is enabled by default in cPanel version 66. Additionally, I noticed the following in your AutoSSL log output:

    Can you confirm the domain name resolves to an IP address associated with the cPanel server?

    Thank you.
     
  3. Ryan Condict

    Ryan Condict Registered

    Joined:
    Jul 24, 2017
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Indiana
    cPanel Access Level:
    Root Administrator
    I did just test the site for the IP and it came back as the same IP WHM lists for it as well as the other sites on the dedicated server.

    I did look at the setting you are talking about but it is italicized and greyed out. It is set as Off which is the default. Does something else need to be turned on for it to be available to be turned on or should I contact my hosting company?
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,064
    Likes Received:
    1,287
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    That option requires EasyApache 4. Are you currently using EasyApache 3 on this system? If so, is there anything we can do to help you migrate over to EasyApache 4?

    Thank you.
     
  5. Ryan Condict

    Ryan Condict Registered

    Joined:
    Jul 24, 2017
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Indiana
    cPanel Access Level:
    Root Administrator
    Looks like my server is running 3. I will ask my provider about moving to 4.
     
Loading...

Share This Page