AutoSSL Renewal Issues

[Scott Greczkows]

Not sure what changed, but I am getting errors on my server on all the domains on the server when I try (or it runs on its own) to update the autoSSL certificates for all domains on the machine.

I have searched for answers and have not found a solution. I do not have IPV6 enabled on the server, nor is there a .htaccess redirect to SSL only... however I do notice when I go to an unsecure site it takes me to the secure site, so there is a redirect happening somewhere.

In this example I have a domain of example.com which is an email only account, if I go to

http://www.example.com

it takes me to his index.html homepage. (and that is the only file in there for that site.) there is no .htaccess file or anything... yet when I go to the website it takes me to the https version of the site.

When the certificate tries renewing on this site (or ANY site hosted on this server I am getting the following errors...

Log for the AutoSSL run for “example”: Friday, May 24, 2019 10:36:59 AM GMT-0400 (cPanel (powered by Sectigo))
 10:36:59 AM AutoSSL’s configured provider is “cPanel (powered by Sectigo)”.
 This AutoSSL provider does not poll for certificate availability immediately after a certificate request submission. Instead, it submits certificate requests then periodically polls the cPanel Store for each requested certificate and installs it after a successful retrieval. The system will record all requests, retrievals, and installations for the current AutoSSL run in this log.
 Checking websites for “example” …
 10:36:59 AM Analyzing “example.com” …
 10:36:59 AM TLS Status: Ready for Renewal
 WARN Certificate expiry: 5/31/19, 12:00 AM UTC (6.39 days from now)
 10:36:59 AM Performing DCV (Domain Control Validation) …
 10:36:59 AM WARN Local HTTP DCV error (example.com): An internal error occurred. Check the system log. (XID: mtzj8k)
 WARN Local HTTP DCV error (http://www.example.com): An internal error occurred. Check the system log. (XID: 57fnt8)
 WARN Local HTTP DCV error (mail.example.com): An internal error occurred. Check the system log. (XID: 63tq66)
 10:37:06 AM ERROR Local DNS DCV error (example.com): The DNS query to “_cpanel-dcv-test-record.example.com” for the DCV challenge returned no “TXT” record that matches the value “_cpanel-dcv-test-record=0iurcV04P0tQFRxqAj2ruVfbLYCPcuJQ_oTnzwMBNAgtd5NifiTL6VeAG5zilnCh”.
 ERROR Local DNS DCV error (http://www.example.com): The DNS query to “_cpanel-dcv-test-record.exmple.com” for the DCV challenge returned no “TXT” record that matches the value “_cpanel-dcv-test-record=0iurcV04P0tQFRxqAj2ruVfbLYCPcuJQ_oTnzwMBNAgtd5NifiTL6VeAG5zilnCh”.
 ERROR Local DNS DCV error (mail.example.com): The DNS query to “_cpanel-dcv-test-record.example.com” for the DCV challenge returned no “TXT” record that matches the value “_cpanel-dcv-test-record=0iurcV04P0tQFRxqAj2ruVfbLYCPcuJQ_oTnzwMBNAgtd5NifiTL6VeAG5zilnCh”.
 10:37:06 AM Analyzing “example.com”’s DCV results …
 10:37:06 AM ERROR Impediment: TOTAL_DCV_FAILURE: Every domain failed DCV.
 10:37:06 AM The system has completed the AutoSSL check for “example”.

Any idea why this is happening? We have not changed anything and autoSSL renewal before always worked flawlessly.

Thanks

 

[cPanelLauren]

Hi @Scott Greczkows

Have you added an forced redirect to https? I was able to see the pre-edit version of the post prior to the domain name removal and when I run the following I show it's being redirected to https which would cause a failure on the DCV:

curl -kvv domain.tld

 

[Scott Greczkows]

It does seem to be getting force redirected from http to https but I can't figure out where as there is now .htaccess file which is where I have put forced redirects for other domains on the server. But this domain has nothing.

This server is running apache.

Thanks

 

[cPanelLauren]

Hi @Scott Greczkows

Are you using a CMS like WordPress? These are actually manageable through the WordPress Dashboard as well as through an .htaccess file.

 

[Scott Greczkows]

Nope... the entire directory is empty except for a simple html file.

I can not figure out where the redirect is coming from. Its driving me nuts.

[[email protected] public_html]# curl -kvv domain.com

* About to connect() to domain.com port 80 (#0)

*   Trying <IPREMOVED>... connected

* Connected to domain.com (<IPREMOVED>) port 80 (#0)

> GET / HTTP/1.1

> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.27.1 zlib/1.2.3 libidn/1.18 libssh2/1.4.2

> Host: domain.com

> Accept: */*

>

< HTTP/1.1 301 Moved Permanently

< Date: Fri, 24 May 2019 16:58:01 GMT

< Server: Apache

< Location: Untitled Document

< Content-Length: 230

< Content-Type: text/html; charset=iso-8859-1

<

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">

<html><head>

<title>301 Moved Permanently</title>

</head><body>

<h1>Moved Permanently</h1>

<p>The document has moved <a href="Untitled Document">here</a>.</p>

</body></html>

* Connection #0 to host domain.com left intact

* Closing connection #0

***EDITED*** to remove domain names/IP address and add code blocks

 

[Scott Greczkows]

Cant figure out why this domain is auto redirected to ssl. There is no .htaccess and in the channel Force HTTPS is off. I am pulling my hair out here (what is left of it) :D

 

[cPanelLauren]

Hi @Scott Greczkows

There is also the possibility that there is a VirtualHost entry in the Apache configuration that's doing this. You would need to check in WHM>>Service Configuration>>Apache Configuration -> Include Editor or the domain-specific include. The documentation on this may be helpful for locations to check: Modify Apache Virtual Hosts with Include Files - EasyApache 4 - cPanel Documentation


Thanks!

 

[Scott Greczkows]

Nope all empty in there...

I am stumped.

I just put in a ticket. support request ID: 12387795 as I am going on vacation and this SSL expires while I am away. Spent a few hours on this already...

I do thank you for your help... this should have been an easy one. And its only on this domain which is so strange.

 

[cPanelLauren]

Hi @Scott Greczkows

That was going to be my next suggestion as well! I'll take a look at the ticket and update here when it's complete. Thanks!

 

[cPanelLauren]

Hi @Scott Greczkows

I took a quick look at the home directory for the user and found that there is an .htaccess in place and the only thing inside it is a redirect to https:

[14:03:33 vps [email protected] /home/$youruser/public_html]cPs# cat .htaccess
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]