SOLVED AutoSSL renew Let’s Encrypt failure , Local DNS DCV error and Local HTTP DCV error

globaljt

Member
Dec 15, 2016
19
2
1
germany
cPanel Access Level
Website Owner
Hello everyone
When the AutoSSL try to renew the certificate of Let’s Encrypt, the log show below:

Local HTTP DCV error (****.com): The system queried for a temporary file at “http://****.com/.well-known/acme-challenge/45TN8M74-I6JJBE1N44933TDY4DPCSIY”, but the web server responded with the following error: 404 (Not Found). A DNS (Domain Name System) or web server misconfiguration may exist.

Local DNS DCV error (****.com): The DNS query to “_cpanel-dcv-test-record.****.com” for the DCV challenge returned no “TXT” record that matches the value “_cpanel-dcv-test-record=IzNNbScLxSm6lJMCEra4rPc9XrC2iFMgS1BZ0bEgcmh_LKvVwlkl1ahR2IJfM_Oa”.

so some domain is failure for renew the certificate, BUT not all of them, some domain are success and show:
Analyzing “****.com”’s DCV results …
[2019-09-06T05:31:33Z] No CAA record added because there is no CAA record from another provider in the DNS for ****.com.
[2019-09-06T05:31:37Z] “Let’s Encrypt™” HTTP DCV OK: ****.com
--------------
I using the cloudflare DNS only for DNS, and only using Ipv4 point to the domain, should I add the Ipv6 to the DNS?

Thanks advance here
Jun
 

docw

Member
Aug 31, 2019
7
1
1
4&Xv>q7cC%[email protected]=Q
cPanel Access Level
Root Administrator
You should find out why http://****.com/.well-known/acme-challenge/45TN8M74-I6JJBE1N44933TDY4DPCSIY returns an error 404 and/or why there is no TXT record for _cpanel-dcv-test-record.****.com with the value _cpanel-dcv-test-record=IzNNbScLxSm6lJMCEra4rPc9XrC2iFMgS1BZ0bEgcmh_LKvVwlkl1ahR2IJfM_Oa

There's no need to add IPv6 records. The issue is that Let's Encrypt currently can't validate the domain because the validation file returns and error 404 and the DNS TXT record doesn't exist.
 

Jcats

Well-Known Member
PartnerNOC
May 25, 2011
741
135
168
32
New Jersey
www.bigscoots.com
cPanel Access Level
DataCenter Provider
“http://****.com/.well-known/acme-challenge/45TN8M74-I6JJBE1N44933TDY4DPCSIY”, but the web server responded with the following error: 404 (Not Found).
I would ensure that the IP you have set in CloudFlare is indeed the correct IP that shows in WHM > List Account

Pretty rare it would throw the 404 otherwise.. unless you recently switched over to CF and had it pointing to a different IP before switching in which case you just need to give LE more time to see the DNS change.

Could be a rule in your .htaccess as well, you can try renaming .htaccess to anything else and run another test, but pretty rare that is the case.
 

globaljt

Member
Dec 15, 2016
19
2
1
germany
cPanel Access Level
Website Owner
I would ensure that the IP you have set in CloudFlare is indeed the correct IP that shows in WHM > List Account

Pretty rare it would throw the 404 otherwise.. unless you recently switched over to CF and had it pointing to a different IP before switching in which case you just need to give LE more time to see the DNS change.

Could be a rule in your .htaccess as well, you can try renaming .htaccess to anything else and run another test, but pretty rare that is the case.
Hello Jcats
Thanks for your help,all the Ip is correct in the CloudFlare and they are not new, almost 2 years there, Im search the internet and someone say maybe have to add the ipv6 adress in the DNS,
I will checking again and nice day
Jun
 

globaljt

Member
Dec 15, 2016
19
2
1
germany
cPanel Access Level
Website Owner
And how to setup a shared IPv6 at WHM/ IP Functions / IPv6 Ranges
The server give me 2607:5300:120:25a::/64, I think I have to setup a shared Ipv6 then assigning to all the domain,

2607:5300:120:25a:0000:0000:0000:0000 what is correct go change the 0000:0000:0000:0000

Thanks
Jun
 

cPanelLauren

Forums Analyst II
Staff member
Nov 14, 2017
7,090
559
263
Houston
cPanel Access Level
DataCenter Provider
I'm not sure why you'd want to add an IPv6 address to resolve an issue with Let's Encrypt being unable to validate the SSL as has been noted previously. The instances in which this occurs is either an .htaccess issue or a DNS issue. What's noted in the .htaccess for this domain/account?

If you do want to continue with ipv6 you'll want to check out the documentation here:
Assign IPv6 Address - Version 82 Documentation - cPanel Documentation
 

globaljt

Member
Dec 15, 2016
19
2
1
germany
cPanel Access Level
Website Owner
I'm not sure why you'd want to add an IPv6 address to resolve an issue with Let's Encrypt being unable to validate the SSL as has been noted previously. The instances in which this occurs is either an .htaccess issue or a DNS issue. What's noted in the .htaccess for this domain/account?

If you do want to continue with ipv6 you'll want to check out the documentation here:
Assign IPv6 Address - Version 82 Documentation - cPanel Documentation
Yes, Sir you are right, NO need IPV6 address to resolve the issue,
finally the issue is SOLVED,
All the subdomain like webdisk.domain, mail.domain, cpanel.domain etc. must pint to the server ip. so the cpanel autoSSL will checking the DCV with out any error, then renew successful.

Thank you Sir and all
June
 
  • Like
Reactions: cPanelLauren