SOLVED AutoSSL Proxy Subdomain Validation [case CPANEL-18074]

jamiepenner

Member
Aug 30, 2016
16
3
3
Vancouver Island, BC
cPanel Access Level
Root Administrator
We've discovered a similar problem where, due to authentication, cpanel.domain.com can't validate and holds up the validation process. Now we have a bunch of certs that, for the first time since using AutoSSL, aren't renewing automatically. I fixed one by going into the user's cPanel account and turning off the proxy subdomains that would require authentication and it then updated. That kind of defeats the purpose though.

9:14:29 AM WARN The domain “cpanel.******.***” failed domain control validation: The system failed to fetch the DCV (Domain Control Validation) file at “http://cpanel.*****.***/.well-known/pki-validation/8BD71991E9521971A5AC289031BE1B5E.txt” because of an error: The system failed to send an HTTP (Hypertext Transfer Protocol) “GET” request to “http://cpanel.*****.***/.well-known/pki-validation/8BD71991E9521971A5AC289031BE1B5E.txt” because of an error: Size of response body exceeds the maximum allowed of 16384 .

9:14:29 AM WARN The current SSL certificate for “*****.***” secures the domain “cpanel.*****.***”. However, this domain failed local domain control validation. In order to maintain SSL domain coverage for this domain, the system will not attempt to replace the current certificate.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,880
2,267
463
We've discovered a similar problem where, due to authentication, cpanel.domain.com can't validate and holds up the validation process.
Hello @jamiepenner,

I've moved this post to it's own thread.

Are any custom Apache templates utilized in the /var/cpanel/templates/apache2 or /var/cpanel/templates/apache2_4 directories on this server? Also, is the Engintron application installed on this server (there was another thread where it was the culprit for this error)? If neither of those are the case, it's possible a redirect rule is directing requests to the DCV file to another file that exceeds 16-KiB response limit. Are any other rewrite rules configured for this domain name?

Thank you.
 
  • Like
Reactions: jamiepenner

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,880
2,267
463
Hello,

I'm glad to see you were able to determine the cause of the issue. Thank you for sharing the outcome.
 
  • Like
Reactions: jamiepenner