Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

AutoSSL provider could not renew the SSL certificate

Discussion in 'Security' started by Steve8, Jan 19, 2018.

Tags:
  1. Steve8

    Steve8 Member

    Joined:
    Jan 19, 2018
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Oshawa,Ontaio,Canada
    cPanel Access Level:
    Website Owner
    cPanel 68.0.26
    My site was hacked about a month back. The .com site was a pointer to my actual page. When I became aware of the hack I called my hosting co. They reset the password and I logged on though my web browser. I had not logged on for years because all my changes were to the site that was pointed to. The support person said to delete all files in public_html except for index.html which contained the pointer. I did so, this was Jan.10. The site is working fine except for constant emails from cPanel-mydomain. It started (Dec.17) with

    "Good news, AutoSSL has successfully renewed the Domain Validated (DV) certificate for “example.com”. This does not require any further action by you."
    I noticed at the bottom that cPanel.example and webdisk.example were not included in the certificate.

    Now I get 6 emails this year. This one Jan.18
    Code:
     "The “cPanel” AutoSSL provider could [B]not[/B] renew the SSL certificate without a reduction of coverage because of the following problems:
    The system queried for a temporary file at “http://example.com/.well-known/pki-validation/614F50B49052A2C14F6AA91B9BD3268E.txt']http://example.com/.well-known/pki-validation/614F50B49***************.txt”, but the web server responded with the following error: 403 (Forbidden). A DNS (Domain Name System) or web server misconfiguration may exist.
    
    For the most current status, navigate to the SSL/TLS Status” interface. You can also exclude domains from future renewal attempts, which would cease future notifications.
    
    You can fix these problems within 3 days of the certificate expiry date (2018-03-18 at 00:00:00 UTC) or take other actions. If you do not, this certificate will automatically renew without these domains.
    
    The next time that the “cPanel” AutoSSL provider attempts to renew the SSL certificate, the system will attempt to add the following domains to that certificate:
    [LIST]
    [*]cpanel.example.com
    [*]webdisk.example.com
    [/LIST]
    
    All files that were deleted are still in the trash. I read other posts but could relate them my situation. I could not see the requested file in other posts. Apologize for length of post.

    other info
    Code:
    example.com
    mail.example.com
    www.example.com
    - Self Signed -
    12/16/18
    2048
    Cert for “example.com”
    
    example.com
    mail.example.com
    webmail.example.com
    www.example.com
    cPanel, Inc.
    3/18/18
    2048
    Cert for “example.com” 151*******.0
    
     
    #1 Steve8, Jan 19, 2018
    Last edited by a moderator: Jan 19, 2018
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    42,802
    Likes Received:
    1,714
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Could you let us know the contents of the .htaccess file if it exists under the public_html directory? Ensure to replace any real domain names with examples.

    Thank you.
     
  3. Steve8

    Steve8 Member

    Joined:
    Jan 19, 2018
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Oshawa,Ontaio,Canada
    cPanel Access Level:
    Website Owner
    I clicked on file manager and searched for .htaccess and got (Search Results for:
    .htaccess
    Double click on a file or folder to open the folder (or the folder it is contained in if it is a file).

    /public_html/.htaccess)

    There's two files in that folder, Index.html(the pointer) and a google file I put there to prove my ownership.
    Can the file be invisible? I clicked on /public_html/.htaccess and it brought me to my folder with the two files I stated.
     
    #3 Steve8, Jan 19, 2018
    Last edited by a moderator: Jan 19, 2018
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    42,802
    Likes Received:
    1,714
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    In the upper-right of the File Manager interface, click on "Settings" and enable "Show Hidden Files" to see the .htaccess file.

    Additionally, it's also possible the required DNS entries for the proxy subdomains are missing from the DNS zones associated with your domain name. I recommend reaching out to your hosting provider to see if they can check this for you, as if that's the case, they should be able to automatically add the required DNS records with a command like this:

    Code:
    /usr/local/cpanel/scripts/proxydomains --domain=domain.tld add
    Otherwise, you can add any missing subdomain records using "cPanel >> Zone Editor >> Add Record >> Add "A" Record". EX:

    Code:
    cpanel 14400 IN A $IP
    Thank you.
     
  5. Steve8

    Steve8 Member

    Joined:
    Jan 19, 2018
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Oshawa,Ontaio,Canada
    cPanel Access Level:
    Website Owner
    I can see the htaccess.dms file with show invisible. When click on it, it downloads. I view it with TextWrangler.

    <Files 403.shtml>
    order allow,deny
    allow from all
    </Files>

    Below that are 43 ip addresses that I blocked because they looked suspicious, I viewed these through "Visitors" and "Awstats". When I googled, some results showed phishing activity. Looks like the traffic is reducing.

    Reporting Period: 1/19/18, 7:03 AM – 1/20/18, 1:31 AM
    Total Data Sent: 13.54 KB
    507 records match.

    Here's some samples

    /login.php.tar.bz2
    /home/login.php/home.zip
    /editor/home/login.php?cmd=login_submit
    /(long list of numbers and letters)/login.php When google these my domain comes up on phishing registries like urlscan. I see other domains with the same numbers.

    I mention this just in case you see a connection. Received another email from cPanel.
     
    #5 Steve8, Jan 20, 2018
    Last edited by a moderator: Jan 20, 2018
  6. Steve8

    Steve8 Member

    Joined:
    Jan 19, 2018
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Oshawa,Ontaio,Canada
    cPanel Access Level:
    Website Owner
    I figured out to view and edit the htaccess.dms file within cPanel. Taking into account my previous post is

    <Files 403.shtml>
    order allow,deny
    allow from all
    </Files>

    OK
     
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    42,802
    Likes Received:
    1,714
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    That entry alone shouldn't prevent the AutoSSL domain control validation from succeeding. I recommend reaching out to your hosting provider so they can take a closer look at the AutoSSL logs to determine why it's failing.

    Thank you.
     
  8. Steve8

    Steve8 Member

    Joined:
    Jan 19, 2018
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Oshawa,Ontaio,Canada
    cPanel Access Level:
    Website Owner
    You were right it was the .htaccess file. I inadvertently blocked the IP address for pki validation. My first warning email arrived on Dec.18 (below) and did not include a 404 error. It must have been caused by the hack. My next email arrived on Jan.14 and almost every day after because of a 404 error.

    because of an error: Timed out while waiting for socket to become ready for reading

    I changed my password Jan.10 and blocked a bunch of ip addresses which included the IP for pki validation. I corrected this on the 23rd and the emails stopped.

    My question is the fact that cpanel.example.com and webdisk.example.com cannot get certified, will this cause me a problem? Can I ignore this considering this a pointer to my site? Example.com is my main email address though.

    To comment on the hack, I was able to remove my site from blacklists buy asking them on their web pages. Kaspersky was the last to lift their block with my request. I joined Search Console on google and proving ownership of my site so hopefully when google see's hacking signs it will email me. I was removed from google search but now I'm back. All browsers no longer block the site.
     
    #8 Steve8, Jan 30, 2018
    Last edited by a moderator: Jan 31, 2018
  9. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    42,802
    Likes Received:
    1,714
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hi Steve,

    You can actually exclude domains that you don't want included as part of the AutoSSL feature using the "SSL TLS Status" option in cPanel:

    SSL TLS Status - Version 70 Documentation - cPanel Documentation

    It's a good idea to exclude the domain names you don't want certificates for, or to resolve any issues that prevent the validation from succeeding.

    Thank you.
     
Loading...

Share This Page