Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

AutoSSL Renewal Issues

Discussion in 'Security' started by Scott Greczkows, May 24, 2019.

  1. Scott Greczkows

    Scott Greczkows Well-Known Member

    Joined:
    Feb 5, 2004
    Messages:
    61
    Likes Received:
    1
    Trophy Points:
    158
    Not sure what changed, but I am getting errors on my server on all the domains on the server when I try (or it runs on its own) to update the autoSSL certificates for all domains on the machine.

    I have searched for answers and have not found a solution. I do not have IPV6 enabled on the server, nor is there a .htaccess redirect to SSL only... however I do notice when I go to an unsecure site it takes me to the secure site, so there is a redirect happening somewhere.

    In this example I have a domain of example.com which is an email only account, if I go to
    Code:
    http://www.example.com
    it takes me to his index.html homepage. (and that is the only file in there for that site.) there is no .htaccess file or anything... yet when I go to the website it takes me to the https version of the site.

    When the certificate tries renewing on this site (or ANY site hosted on this server I am getting the following errors...


    Code:
    Log for the AutoSSL run for “example”: Friday, May 24, 2019 10:36:59 AM GMT-0400 (cPanel (powered by Sectigo))
     10:36:59 AM AutoSSL’s configured provider is “cPanel (powered by Sectigo)”.
     This AutoSSL provider does not poll for certificate availability immediately after a certificate request submission. Instead, it submits certificate requests then periodically polls the cPanel Store for each requested certificate and installs it after a successful retrieval. The system will record all requests, retrievals, and installations for the current AutoSSL run in this log.
     Checking websites for “example” …
     10:36:59 AM Analyzing “example.com” …
     10:36:59 AM TLS Status: Ready for Renewal
     WARN Certificate expiry: 5/31/19, 12:00 AM UTC (6.39 days from now)
     10:36:59 AM Performing DCV (Domain Control Validation) …
     10:36:59 AM WARN Local HTTP DCV error (example.com): An internal error occurred. Check the system log. (XID: mtzj8k)
     WARN Local HTTP DCV error (http://www.example.com): An internal error occurred. Check the system log. (XID: 57fnt8)
     WARN Local HTTP DCV error (mail.example.com): An internal error occurred. Check the system log. (XID: 63tq66)
     10:37:06 AM ERROR Local DNS DCV error (example.com): The DNS query to “_cpanel-dcv-test-record.example.com” for the DCV challenge returned no “TXT” record that matches the value “_cpanel-dcv-test-record=0iurcV04P0tQFRxqAj2ruVfbLYCPcuJQ_oTnzwMBNAgtd5NifiTL6VeAG5zilnCh”.
     ERROR Local DNS DCV error (http://www.example.com): The DNS query to “_cpanel-dcv-test-record.exmple.com” for the DCV challenge returned no “TXT” record that matches the value “_cpanel-dcv-test-record=0iurcV04P0tQFRxqAj2ruVfbLYCPcuJQ_oTnzwMBNAgtd5NifiTL6VeAG5zilnCh”.
     ERROR Local DNS DCV error (mail.example.com): The DNS query to “_cpanel-dcv-test-record.example.com” for the DCV challenge returned no “TXT” record that matches the value “_cpanel-dcv-test-record=0iurcV04P0tQFRxqAj2ruVfbLYCPcuJQ_oTnzwMBNAgtd5NifiTL6VeAG5zilnCh”.
     10:37:06 AM Analyzing “example.com”’s DCV results …
     10:37:06 AM ERROR Impediment: TOTAL_DCV_FAILURE: Every domain failed DCV.
     10:37:06 AM The system has completed the AutoSSL check for “example”.
    
    Any idea why this is happening? We have not changed anything and autoSSL renewal before always worked flawlessly.

    Thanks
     
    #1 Scott Greczkows, May 24, 2019
    Last edited by a moderator: May 24, 2019
  2. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,254
    Likes Received:
    479
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @Scott Greczkows

    Have you added an forced redirect to https? I was able to see the pre-edit version of the post prior to the domain name removal and when I run the following I show it's being redirected to https which would cause a failure on the DCV:

    Code:
    curl -kvv domain.tld 
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. Scott Greczkows

    Scott Greczkows Well-Known Member

    Joined:
    Feb 5, 2004
    Messages:
    61
    Likes Received:
    1
    Trophy Points:
    158
    It does seem to be getting force redirected from http to https but I can't figure out where as there is now .htaccess file which is where I have put forced redirects for other domains on the server. But this domain has nothing.

    This server is running apache.

    Thanks
     
  4. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,254
    Likes Received:
    479
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @Scott Greczkows

    Are you using a CMS like WordPress? These are actually manageable through the WordPress Dashboard as well as through an .htaccess file.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. Scott Greczkows

    Scott Greczkows Well-Known Member

    Joined:
    Feb 5, 2004
    Messages:
    61
    Likes Received:
    1
    Trophy Points:
    158
    Nope... the entire directory is empty except for a simple html file.

    I can not figure out where the redirect is coming from. Its driving me nuts.

    Code:
    [root@vps public_html]# curl -kvv domain.com
    
    * About to connect() to domain.com port 80 (#0)
    
    *   Trying <IPREMOVED>... connected
    
    * Connected to domain.com (<IPREMOVED>) port 80 (#0)
    
    > GET / HTTP/1.1
    
    > User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.27.1 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
    
    > Host: domain.com
    
    > Accept: */*
    
    >
    
    < HTTP/1.1 301 Moved Permanently
    
    < Date: Fri, 24 May 2019 16:58:01 GMT
    
    < Server: Apache
    
    < Location: Untitled Document
    
    < Content-Length: 230
    
    < Content-Type: text/html; charset=iso-8859-1
    
    <
    
    <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
    
    <html><head>
    
    <title>301 Moved Permanently</title>
    
    </head><body>
    
    <h1>Moved Permanently</h1>
    
    <p>The document has moved <a href="Untitled Document">here</a>.</p>
    
    </body></html>
    
    * Connection #0 to host domain.com left intact
    
    * Closing connection #0
    ***EDITED*** to remove domain names/IP address and add code blocks
     
    #5 Scott Greczkows, May 24, 2019
    Last edited by a moderator: May 24, 2019
  6. Scott Greczkows

    Scott Greczkows Well-Known Member

    Joined:
    Feb 5, 2004
    Messages:
    61
    Likes Received:
    1
    Trophy Points:
    158
    Cant figure out why this domain is auto redirected to ssl. There is no .htaccess and in the channel Force HTTPS is off. I am pulling my hair out here (what is left of it) :D

    Screen Shot 2019-05-24 at 1.16.29 PM.png
     
    #6 Scott Greczkows, May 24, 2019
    Last edited by a moderator: May 24, 2019
  7. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,254
    Likes Received:
    479
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. Scott Greczkows

    Scott Greczkows Well-Known Member

    Joined:
    Feb 5, 2004
    Messages:
    61
    Likes Received:
    1
    Trophy Points:
    158
    Nope all empty in there...

    I am stumped.

    I just put in a ticket. support request ID: 12387795 as I am going on vacation and this SSL expires while I am away. Spent a few hours on this already...

    I do thank you for your help... this should have been an easy one. And its only on this domain which is so strange.
     
    cPanelLauren likes this.
  9. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,254
    Likes Received:
    479
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @Scott Greczkows

    That was going to be my next suggestion as well! I'll take a look at the ticket and update here when it's complete. Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,254
    Likes Received:
    479
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @Scott Greczkows

    I took a quick look at the home directory for the user and found that there is an .htaccess in place and the only thing inside it is a redirect to https:

    Code:
    [14:03:33 vps root@12387795 /home/$youruser/public_html]cPs# cat .htaccess
    RewriteEngine On
    RewriteCond %{HTTPS} !=on
    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice