Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

SOLVED AutoSSL Proxy Subdomain Validation [case CPANEL-18074]

Discussion in 'General Discussion' started by jamiepenner, Feb 21, 2018.

Tags:
  1. jamiepenner

    jamiepenner Member

    Joined:
    Aug 30, 2016
    Messages:
    12
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Vancouver Island, BC
    cPanel Access Level:
    Root Administrator
    We've discovered a similar problem where, due to authentication, cpanel.domain.com can't validate and holds up the validation process. Now we have a bunch of certs that, for the first time since using AutoSSL, aren't renewing automatically. I fixed one by going into the user's cPanel account and turning off the proxy subdomains that would require authentication and it then updated. That kind of defeats the purpose though.

    9:14:29 AM WARN The domain “cpanel.******.***” failed domain control validation: The system failed to fetch the DCV (Domain Control Validation) file at “http://cpanel.*****.***/.well-known/pki-validation/8BD71991E9521971A5AC289031BE1B5E.txt” because of an error: The system failed to send an HTTP (Hypertext Transfer Protocol) “GET” request to “http://cpanel.*****.***/.well-known/pki-validation/8BD71991E9521971A5AC289031BE1B5E.txt” because of an error: Size of response body exceeds the maximum allowed of 16384 .

    9:14:29 AM WARN The current SSL certificate for “*****.***” secures the domain “cpanel.*****.***”. However, this domain failed local domain control validation. In order to maintain SSL domain coverage for this domain, the system will not attempt to replace the current certificate.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,903
    Likes Received:
    1,814
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello @jamiepenner,

    I've moved this post to it's own thread.

    Are any custom Apache templates utilized in the /var/cpanel/templates/apache2 or /var/cpanel/templates/apache2_4 directories on this server? Also, is the Engintron application installed on this server (there was another thread where it was the culprit for this error)? If neither of those are the case, it's possible a redirect rule is directing requests to the DCV file to another file that exceeds 16-KiB response limit. Are any other rewrite rules configured for this domain name?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    jamiepenner likes this.
  3. jamiepenner

    jamiepenner Member

    Joined:
    Aug 30, 2016
    Messages:
    12
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Vancouver Island, BC
    cPanel Access Level:
    Root Administrator
    Ah, I wondered where it went.

    I've discovered the solution. Cachewall inhibits the AutoSSL process causing proxy domains to kill the update process. As soon as I disable Cachewall, certificate updates are going through.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,903
    Likes Received:
    1,814
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    I'm glad to see you were able to determine the cause of the issue. Thank you for sharing the outcome.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    jamiepenner likes this.
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice