The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SOLVED autossl - subdomain - not creating ssl?

Discussion in 'Security' started by katmai, Nov 22, 2016.

Tags:
  1. katmai

    katmai Well-Known Member

    Joined:
    Mar 13, 2006
    Messages:
    530
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Brno, Czech Republic
    Hey guys, so if this issue is solved, i wasn't able to find it by searching.

    1 - i have a domain, which got the ssl alright. then i added yesterday a subdomain: "forums.domainname.com" and the autossl hasn't created a ssl for it.

    is there any way i can force create it from the cli or do i have to move the forum to a new account forums.domainname... and let it create the ssl cert ?

    2 - is there any cli at all for the autossl feature, as i find it rather cumbersome to have to wait for it to generate the certificate as opposed to being able to run it from the console ? (didn't find anything in the documentation about cli)
     
  2. katmai

    katmai Well-Known Member

    Joined:
    Mar 13, 2006
    Messages:
    530
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Brno, Czech Republic
    can anyone tell me if this is a PEBKAC or if what i am asking for really isn't implemented and i should just separate the 2 sites to get the ssl?
     
  3. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    15,617
    Likes Received:
    296
    Trophy Points:
    433
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Lots of certs being generated these days:
    Securing your site; Comodo, cPanel, & AutoSSL | cPanel Blog


    Have you checked your log for signs of issues?
    WebHost Manager »SSL/TLS »Manage AutoSSL
     
  4. katmai

    katmai Well-Known Member

    Joined:
    Mar 13, 2006
    Messages:
    530
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Brno, Czech Republic
    ow. silly me not to check the logs:

    Code:
    5:35:52 AM Checking websites for “example” …
    5:35:52 AM The website “forums.example.com”, owned by “example”, has no SSL certificate. AutoSSL will attempt to obtain a new certificate and install it.
    5:35:52 AM The website “example.com”, owned by “example”, has a valid SSL certificate, but additional SSL coverage may be possible for the domain “mail.example.com”. The system will attempt to replace this certificate with one that includes this additional domain.
    5:35:52 AM WARN The domain “www.forums.example.com” failed domain control validation: “www.forums.example.com” does not resolve to any IPv4 addresses on the internet. at bin/autossl_check.pl line 512.
    5:35:52 AM WARN The domain “mail.example.com” failed domain control validation: “mail.example.com” does not resolve to any IPv4 addresses on the internet. at bin/autossl_check.pl line 512.
    5:35:52 AM WARN All of “example.com”’s unsecured domains failed domain control validation. AutoSSL skip this website. at bin/autossl_check.pl line 441.
    5:35:52 AM The system will attempt to renew SSL certificates for the following websites:
    5:35:52 AM forums.example.com (forums.example.com)
    5:35:55 AM ERROR AutoSSL failed to request an SSL certificate for “forums.example.com” because of an error: Cpanel::Exception::cPStoreError/(XID uqzsqn) The cPanel Store returned an error (X::Item::ActivationFailure) in response to the request “POST ssl/certificate/free”: Generic exception at /usr/local/cpanel/Cpanel/Exception/CORE.pm line 77. Cpanel::Exception::create("cPStoreError", HASH(0x427ee88)) called at /usr/local/cpanel/Cpanel/cPStore.pm line 231 Cpanel::cPStore::__ANON__(Cpanel::Exception::HTTP::Server=HASH(0x30db9d8)) called at /usr/local/cpanel/3rdparty/perl/522/lib64/perl5/cpanel_lib/Try/Tiny.pm line 103 Try::Tiny::try(CODE(0x42754e0), Try::Tiny::Catch=REF(0x3d48de0)) called at /usr/local/cpanel/Cpanel/cPStore.pm line 239 Cpanel::cPStore::_request(Cpanel::cPStore::LicenseAuthn=HASH(0x4307d48), "post", "ssl/certificate/free", "item_params", HASH(0x42819c8)) called at /usr/local/cpanel/Cpanel/cPStore.pm line 178 Cpanel::cPStore::post(Cpanel::cPStore::LicenseAuthn=HASH(0x4307d48), "ssl/certificate/free", "item_params", HASH(0x42819c8)) called at /usr/local/cpanel/Cpanel/SSL/Auto/Provider/cPanel.pm line 169 Cpanel::SSL::Auto::Provider::cPanel::__ANON__() called at /usr/local/cpanel/3rdparty/perl/522/lib64/perl5/cpanel_lib/Try/Tiny.pm line 80 eval {...} called at /usr/local/cpanel/3rdparty/perl/522/lib64/perl5/cpanel_lib/Try/Tiny.pm line 71 Try::Tiny::try(CODE(0x4264e68), Try::Tiny::Catch=REF(0x4296ae0)) called at /usr/local/cpanel/Cpanel/SSL/Auto/Provider/cPanel.pm line 193 Cpanel::SSL::Auto::Provider::cPanel::renew_ssl_for_vhosts(Cpanel::SSL::Auto::Provider::cPanel=HASH(0x2dbae00), "example", "forums.example.com", ARRAY(0x427ced0)) called at bin/autossl_check.pl line 259 bin::autossl_check::__ANON__() called at /usr/local/cpanel/3rdparty/perl/522/lib64/perl5/cpanel_lib/Try/Tiny.pm line 80 eval {...} called at /usr/local/cpanel/3rdparty/perl/522/lib64/perl5/cpanel_lib/Try/Tiny.pm line 71 Try::Tiny::try(CODE(0x41702d0), Try::Tiny::Catch=REF(0x4150d98)) called at bin/autossl_check.pl line 266 bin::autossl_check::__ANON__() called at /usr/local/cpanel/Cpanel/PIDFile.pm line 101 Cpanel::PIDFile::do("Cpanel::PIDFile", "/var/cpanel/autossl_check.pid", CODE(0x2dbb298)) called at bin/autossl_check.pl line 287 bin::autossl_check::_run_maybe_captured("--all") called at bin/autossl_check.pl line 109 bin::autossl_check::__ANON__() called at /usr/local/cpanel/Cpanel/CaptureFH.pm line 50 Cpanel::CaptureFH::do_with_output_captured_to_path_if_non_tty("/usr/local/cpanel/logs/error_log", CODE(0x2d916d0)) called at bin/autossl_check.pl line 110 bin::autossl_check::run("--all") called at bin/autossl_check.pl line 78
    5:35:55 AM The system has completed the AutoSSL check for “example”.
    
     
    #4 katmai, Nov 23, 2016
    Last edited by a moderator: Nov 23, 2016
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    36,995
    Likes Received:
    1,275
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Check to ensure "forums.example.com" resolves to the IP address associated with the cPanel account it's added on.

    Your server will automatically order the free signed certificate when the server runs the /usr/local/cpanel/bin/checkallsslcerts tool as part of the upcp maintenance script. However, you can run the script manually if you'd like to see if the error messages still appear:

    Code:
    /usr/local/cpanel/bin/checkallsslcerts
    Please also note the information from the following thread:

    Errors from cPanel Store API when requesting autossl certs

    Thanks!
     
  6. katmai

    katmai Well-Known Member

    Joined:
    Mar 13, 2006
    Messages:
    530
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Brno, Czech Republic
    thank you oh generous god. adding the www entry in the dns pushed the ssl creation. thank you.
     
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    36,995
    Likes Received:
    1,275
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    I'm happy to see the issue is now resolved. Thank you for updating us with the outcome.
     
  8. Maknet Corp

    Maknet Corp Member

    Joined:
    Jul 14, 2015
    Messages:
    24
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    Canada
    cPanel Access Level:
    Root Administrator
    I have a similar issue with my sub-domain. (I just noticed this new auto-SSL feature today, so I've been playing around with it).

    Both sub.domain.com and www.sub.domain.com resolve properly, but I'm unable to install the SSL.

    Any other ideas on where I could look? (or logs?)

    Thanks.

    I'm running: WHM 60.0 (build 25)
    In addition, I have other sub.domains.com that work, just not this one. (Self-signing doesn't work either).

    Any ideas would be appreciated.
     
    #8 Maknet Corp, Nov 24, 2016
    Last edited by a moderator: Nov 25, 2016
  9. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    36,995
    Likes Received:
    1,275
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    You can find the AutoSSL logs to determine why it failed at:

    "WHM >> Manage AutoSSL >> Logs"

    Thanks!
     
  10. Maknet Corp

    Maknet Corp Member

    Joined:
    Jul 14, 2015
    Messages:
    24
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    Canada
    cPanel Access Level:
    Root Administrator
    Thanks a lot, I'm a _few_ steps closer (this is to help others as well):

    1) I added sub.domain.com, so that the server can find the right IP.

    2) I temporarily removed the .htaccess file. I may have fixed this error:

    Code:
    12:57:43 AM The website “sub.domain.com”, owned by “user”, has no SSL certificate. AutoSSL will attempt to obtain a new certificate and install it.
    12:57:43 AM WARN The domain “sub.domain.com” failed domain control validation: The system queried for a temporary file at “<a href="[URL]http://sub.domain.com/24803.BIN_AUTOSSL_CHECK_PL__.IFcVwy6u.cpaneldcv[/URL]">[URL]http://sub.domain.com/24803.BIN_AUTOSSL_CHECK_PL__.IFcVwy6u.cpaneldcv</a>”[/URL], but the web server responded with the following error: 401 (Unauthorized). A <abbr title="Domain Name System">DNS</abbr> or web server misconfiguration may exist. at bin/autossl_check.pl line 512.
    12:57:43 AM WARN The domain “[URL='http://www.sub.domain.com”']www.sub.domain.com”[/URL] failed domain control validation: The system queried for a temporary file at “<a href="[URL]http://www.sub.domain.com/24803.BIN_AUTOSSL_CHECK_PL__.YfLpxrqy.cpaneldcv[/URL]">[URL]http://www.sub.domain.com/24803.BIN_AUTOSSL_CHECK_PL__.YfLpxrqy.cpaneldcv</a>”[/URL], but the web server responded with the following error: 401 (Unauthorized). A <abbr title="Domain Name System">DNS</abbr> or web server misconfiguration may exist. at bin/autossl_check.pl line 512.
    3) Oddly enough, when I go to ttps://sub.example.com, it looks like it's going to the main ttps://w ww.example.com and then it errors.

    Any other ideas on where to go from here?

    I can confirm that the other sub-domains work. Just not these two. It's very confusing.

    Thanks,
     
    #10 Maknet Corp, Nov 28, 2016
    Last edited by a moderator: Nov 28, 2016
  11. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    36,995
    Likes Received:
    1,275
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello @Maknet Corp,

    Could you open a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
  12. Maknet Corp

    Maknet Corp Member

    Joined:
    Jul 14, 2015
    Messages:
    24
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    Canada
    cPanel Access Level:
    Root Administrator
    OK, it works now. Ticket created.
     
    #12 Maknet Corp, Nov 29, 2016
    Last edited: Nov 29, 2016
  13. Maknet Corp

    Maknet Corp Member

    Joined:
    Jul 14, 2015
    Messages:
    24
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    Canada
    cPanel Access Level:
    Root Administrator
    Update: Both SSLs are now working correctly. A few notes for future people to debug:

    1) Remove .htaccess authorization because it prevents Auto-SSL from placing a file and verifying the DCV
    2) Changed SSL providers from Cpanel to Let's Encrypt:
    # /scripts/install_lets_encrypt_autossl_provider​
    3) I also removed some auto-SSLs, assuming that the 100 domain limit is affecting something.

    Hope this help someone and thanks to Cpanel for the help!
     
  14. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    36,995
    Likes Received:
    1,275
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    It's generally a good idea to first review the AutoSSL logs at "WHM >> Manage AutoSSL >> Logs" to determine the specific reason why domain validation failed.

    Regarding password-protected directories, you can also exclude Comodo from the .htaccess authorization deny rule with an entry like this within the rule block:

    Code:
    allow from secure.comodo.net
    Thanks!
     
  15. Maknet Corp

    Maknet Corp Member

    Joined:
    Jul 14, 2015
    Messages:
    24
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    Canada
    cPanel Access Level:
    Root Administrator
    For reference, here were the logs before it was corrected. Nothing really jumped out at me as to the correct course of action:
    Code:
    2:11:49 AM This system has AutoSSL set to use “cPanel (powered by Comodo)”.
    2:11:49 AM Checking websites for “domaincorp” …
    2:11:53 AM WARN OCSP response failed: internalerror at /usr/local/cpanel/Cpanel/SSL/OCSP.pm line 93.
    2:11:59 AM The website “sub.domain.com”, owned by “domaincorp”, has no SSL certificate. AutoSSL will attempt to obtain a new certificate and install it.
    2:11:59 AM The system will attempt to renew SSL certificates for the following websites:
    2:11:59 AM sub.domain.com (sub.domain.com www.sub.domain.com)
    2:11:59 AM The system has completed the AutoSSL check for “domaincorp”.
    2:11:59 AM The system has finished checking 1 user.
    
     
    #15 Maknet Corp, Dec 7, 2016
    Last edited by a moderator: Dec 7, 2016
  16. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    36,995
    Likes Received:
    1,275
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    You'd have to wait for additional log entries once the validation attempt fails, as indicated with the message referenced in your previous post:

    Code:
    12:57:43 AM WARN The domain “sub.domain.com” failed domain control validation: The system queried for a temporary file at “<a href="http://sub.domain.com/24803.BIN_AUTOSSL_CHECK_PL__.IFcVwy6u.cpaneldcv">”" target="_blank" class="externalLink ProxyLink" data-proxy-href="http://sub.domain.com/24803.BIN_AUTOSSL_CHECK_PL__.IFcVwy6u.cpaneldcv”" rel="nofollow">http://sub.domain.com/24803.BIN_AUTOSSL_CHECK_PL__.IFcVwy6u.cpaneldcv</a>”, but the web server responded with the following error: 401 (Unauthorized). A <abbr title="Domain Name System">DNS</abbr> or web server misconfiguration may exist. at bin/autossl_check.pl line 512.
    
    Thank you.
     
  17. Maknet Corp

    Maknet Corp Member

    Joined:
    Jul 14, 2015
    Messages:
    24
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    Canada
    cPanel Access Level:
    Root Administrator
    Sorry, i didn't mean to create any confusion. I had two sub-domains with two separate issues.

    The log i just posted was for the issue that was corrected using Let's Encrypt.

    The log you referenced was due to the .htaccess.

    I just posted the logs for completeness. There isn't any issue on my end anymore.

    Thanks.
     
    cPanelMichael likes this.
Loading...

Share This Page