SOLVED AutoSSL renew Let’s Encrypt failure , Local DNS DCV error and Local HTTP DCV error

[globaljt]

Hello everyone
When the AutoSSL try to renew the certificate of Let’s Encrypt, the log show below:

Local HTTP DCV error (****.com): The system queried for a temporary file at “http://****.com/.well-known/acme-challenge/45TN8M74-I6JJBE1N44933TDY4DPCSIY”, but the web server responded with the following error: 404 (Not Found). A DNS (Domain Name System) or web server misconfiguration may exist.

Local DNS DCV error (****.com): The DNS query to “_cpanel-dcv-test-record.****.com” for the DCV challenge returned no “TXT” record that matches the value “_cpanel-dcv-test-record=IzNNbScLxSm6lJMCEra4rPc9XrC2iFMgS1BZ0bEgcmh_LKvVwlkl1ahR2IJfM_Oa”.

so some domain is failure for renew the certificate, BUT not all of them, some domain are success and show:
Analyzing “****.com”’s DCV results …
[2019-09-06T05:31:33Z] No CAA record added because there is no CAA record from another provider in the DNS for ****.com.
[2019-09-06T05:31:37Z] “Let’s Encrypt™” HTTP DCV OK: ****.com
--------------
I using the cloudflare DNS only for DNS, and only using Ipv4 point to the domain, should I add the Ipv6 to the DNS?

Thanks advance here
Jun

 

[docw]

You should find out why http://****.com/.well-known/acme-challenge/45TN8M74-I6JJBE1N44933TDY4DPCSIY returns an error 404 and/or why there is no TXT record for _cpanel-dcv-test-record.****.com with the value _cpanel-dcv-test-record=IzNNbScLxSm6lJMCEra4rPc9XrC2iFMgS1BZ0bEgcmh_LKvVwlkl1ahR2IJfM_Oa

There's no need to add IPv6 records. The issue is that Let's Encrypt currently can't validate the domain because the validation file returns and error 404 and the DNS TXT record doesn't exist.

 

[Jcats]

“http://****.com/.well-known/acme-challenge/45TN8M74-I6JJBE1N44933TDY4DPCSIY”, but the web server responded with the following error: 404 (Not Found).

I would ensure that the IP you have set in CloudFlare is indeed the correct IP that shows in WHM > List Account

Pretty rare it would throw the 404 otherwise.. unless you recently switched over to CF and had it pointing to a different IP before switching in which case you just need to give LE more time to see the DNS change.

Could be a rule in your .htaccess as well, you can try renaming .htaccess to anything else and run another test, but pretty rare that is the case.

 

[globaljt]

I would ensure that the IP you have set in CloudFlare is indeed the correct IP that shows in WHM > List Account

Pretty rare it would throw the 404 otherwise.. unless you recently switched over to CF and had it pointing to a different IP before switching in which case you just need to give LE more time to see the DNS change.

Could be a rule in your .htaccess as well, you can try renaming .htaccess to anything else and run another test, but pretty rare that is the case.

Hello Jcats
Thanks for your help,all the Ip is correct in the CloudFlare and they are not new, almost 2 years there, Im search the internet and someone say maybe have to add the ipv6 adress in the DNS,
I will checking again and nice day
Jun

 

[globaljt]

And how to setup a shared IPv6 at WHM/ IP Functions / IPv6 Ranges
The server give me 2607:5300:120:25a::/64, I think I have to setup a shared Ipv6 then assigning to all the domain,

2607:5300:120:25a:0000:0000:0000:0000 what is correct go change the 0000:0000:0000:0000

Thanks
Jun

 

[cPanelLauren]

I'm not sure why you'd want to add an IPv6 address to resolve an issue with Let's Encrypt being unable to validate the SSL as has been noted previously. The instances in which this occurs is either an .htaccess issue or a DNS issue. What's noted in the .htaccess for this domain/account?

If you do want to continue with ipv6 you'll want to check out the documentation here:
Assign IPv6 Address - Version 82 Documentation - cPanel Documentation

Guide to IPv6 - Version 82 Documentation - cPanel Documentation

documentation.cpanel.net

 

[globaljt]

I'm not sure why you'd want to add an IPv6 address to resolve an issue with Let's Encrypt being unable to validate the SSL as has been noted previously. The instances in which this occurs is either an .htaccess issue or a DNS issue. What's noted in the .htaccess for this domain/account?

If you do want to continue with ipv6 you'll want to check out the documentation here:
Assign IPv6 Address - Version 82 Documentation - cPanel Documentation

Guide to IPv6 - Version 82 Documentation - cPanel Documentation

documentation.cpanel.net

Yes, Sir you are right, NO need IPV6 address to resolve the issue,
finally the issue is SOLVED,
All the subdomain like webdisk.domain, mail.domain, cpanel.domain etc. must pint to the server ip. so the cpanel autoSSL will checking the DCV with out any error, then renew successful.

Thank you Sir and all
June