AutoSSL not creating http .well-known/pki-validation files

alopu

Registered
May 31, 2020
2
0
1
Australia
cPanel Access Level
Root Administrator
I'm trying to get my AutoSSL working, I believe it was working at some stage, but now every domain on my account is failing.

I mange my DNS through GoDaddy as I only use cPanel for email purposes. So I forward all of my mail domains to the cPanel server IP address.

This means I have to use HTTP DCV, but it doesn't seem to be working.

You can go to any of the following domain names .well-known/pki-validation URLs and fine them open and accessible, so the only reason that a 404 error would occur is because AutoSSL isn't creating the temporary validation file.


this is the exact error:

Code:
DNS DCV: The DNS query to “_cpanel-dcv-test-record.domain.com” for the DCV challenge returned no “TXT” record that matches the value “_cpanel-dcv-test-record=ddgSjLas_Ifn4ecuSudBvCGwn7qQ0Gw5liOB4ObdSC50UZ9Vw7_d6j0nBiRqlgAV”.; HTTP DCV: The system queried for a temporary file at “http://mail.domain.com/.well-known/pki-validation/093C93CC7EEB8EF91F40C7C1CD5E4B33.txt”, but the web server responded with the following error: 404 (Not Found). A DNS (Domain Name System) or web server misconfiguration may exist
I worked out that that actual directory of the pki-validation directory on my server is under /var/www/html/.well-known/pki-validation

and all domains that point to the server and have DNS records on the server will end up there.

So I'm wondering why AutoSSL wouldn't be creating the temporary file there? Is there any way I can trouble shoot this?

I've enabled the automatic service domain creation formally known as automatic proxy domain creation in WHM settings.

I've tried deleting/renaming .htaccess files but there is no .htaccess file in /var/www/html or /var/www

I've also tried making the permissions for the HTML folder recursively set to 777 just so anyone can write into the pki-validation folder including any potential AutoSSL processes which I don't know the running user for

Also I can't make a ticket because apparently I forgot the password to my cpanel account and I can't reset it because my email doesn't work due to this SSL issue

Help would be greatly appreciated as one of my main email's is down because it can't get a valid SSL certificate :(
 
Last edited by a moderator:

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,252
313
Houston
It should be /home/$user/public_html/.well-known/pki-validation/ where these are created but they are purged after they are checked in case of either a pass or a fail.

Furthermore, I believe I need a bit more information. From what I see the domains point to an Amazon server where the Mail points to a GoDaddy instance is that correct? Where are you running AutoSSL from? I ask only because GoDaddy disables the ability of users who purchase cPanel licenses through them to obtain AutoSSL certificates through the Sectigo provider.