AutoSSL renew Let’s Encrypt failure , DNS DCV error and HTTP DCV error

[MichaelCropper]

Ok, so I've been running Let's Encrypt Certbot v1 on a CentOS6 box for many many years without issue, but unfortunately Let's Encrypt are now binning that off and forcing users to update to v2. And this is where I've come across this issue.

Setup, WHM + cPanel v86, which has an Apache Tomcat application running.

Whenever I try to run the auto-ssl in WHM I get the following error coming back via email;

----------------------------
DNS DCV: The DNS query to “_cpanel-dcv-test-record.example.com” for the DCV challenge returned no “TXT” record that matches the value “_cpanel-dcv-test-record=HrzBH5NvzVbSnB_vQ5FsOnIvjdun_cvGVvfY__LzkTLeDGyj6iwaLHaqKiN3Udgd”.; HTTP DCV: The system failed to create the directory “/home/example/public_html/.well-known/acme-challenge” because of an error: Permission denied
----------------------------

What I've noticed though is that the TXT Value changes on every email I receive, so when I try to add that to the DNS it still fails again next time. It is like the unique string is generated at runtime, so not sure how you can add that to the DNS for that to work.

I have a feeling this issue relates to this, SOLVED - AutoSSL renew Let’s Encrypt failure , Local DNS DCV error and Local HTTP DCV error but that hasn't solved the issue for myself.

Any ideas of steps to resolve so I can get this working?


Regards,
Michael

 

[cPanelLauren]

Hello,

The TXT value will change every time it attempts to run because it is a hash reference. What that error shows:

HTTP DCV: The system failed to create the directory “/home/example/public_html/.well-known/acme-challenge” because of an error: Permission denied

Is that the system doesn't have access to create the directory. What are the permissions for /home/user/public_html? Does /home/user/public_html/.well-known/ exist? If so what are its permissions? Do you have any .htaccess entries?

As far as the other thread goes, it's probably something similar that's causing this but the answers to the above will be telling. When you use the Comodo provider for autossl we also do DNS validation so if your domain's DNS is hosted on the cPanel server it should be able to use that to complete the DCV.

 

[MichaelCropper]

Hi Lauren,

Could you explain that a little further please, it's not clear what you are saying.

When you say the "the system doesn't have access to create the directory" - How could cPanel not have access to itself?

The setup I'm working on has externally managed DNS. Is this why cPanel is struggling to cope perhaps?


Regards
Michael

 

[cPanelLauren]

Hello,

The autoSSL process does not have unlimited access to the Operating System. If the permissions do not allow for folder creation it will not be able to create the folder. Which is why I requested you provide the permissions of the folder. If there is an issue with where the DNS points (or where cPanel sees the DNS pointing) It also wouldn't have permission to write to that folder, which is why I asked if /home/$user/public_html/.well_known/ existed. In order to troubleshoot this issue with you, I do need that information. Otherwise, you're welcome to open a ticket where our analysts would be able to access the server directly.