The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SOLVED AutoSSL Validation Text File

Discussion in 'Security' started by IanD, Dec 13, 2016.

Tags:
  1. IanD

    IanD Member

    Joined:
    Jun 18, 2013
    Messages:
    11
    Likes Received:
    2
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    Am I correct in saying the temporary file created by AutoSSL is now suffixed with .cpaneldcv instead of .tmp? Is that a change as a result of this issue?

    Also, I am not sure if this was the case for the people above, but I am also having to allow for text files at the route of my domain to allow AutoSSL verification to succeed (for apparently random file names such as DBX5F9D00C98A8EACAD30E2CE75A1F4A.txt).
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,037
    Likes Received:
    1,278
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello @IanD,

    I've moved this post to it's own thread.

    Yes, however the TXT files will exist as well to allow for validation. The following case was included with cPanel version 60:

    Fixed case CPANEL-6147: Exclude SSL DCV checks from .htaccess RewriteRule.

    The GET request to validate the certificate was updated to this format:

    Code:
    localIPAddress.here - [02/Nov/2016:16:08:44 -0400] "GET /32143.BIN_AUTOSSL_CHECK_PL__.OzcZVbb1.cpaneldcv HTTP/1.1" 200 64 "-" "Cpanel-HTTP-Client/1.0"
    Additionally, the following rules are now automatically added before each RewriteRule in the .htaccess file to exclude the GET request used in cPanel 60. These create exceptions (note the preceding !) so that matching REQUEST_URIs do not get rewritten:

    Code:
    RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}.txt(?:\ Comodo\ DCV)?$
    RewriteCond %{REQUEST_URI} !^[0-9]+\..+\.cpaneldcv$
    This should address most instances where domain validation failed due to existing rewrite rules.

    Could you let us know the specific rules in the .htaccess that prevents validation? I can check if an existing case or workaround exists to address the specific rules.

    Thank you.
     
  3. IanD

    IanD Member

    Joined:
    Jun 18, 2013
    Messages:
    11
    Likes Received:
    2
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    Thanks Michael.

    Sure, I followed some docs somewhere and created a new .conf file in /usr/local/apache/conf/userdata/std, which I believe is built into httpd.conf (non SSL). It's just a blanket rewrite rule:

    Code:
    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L,QSA]
    Would be useful if the implementation you outline above could be extended to include this case usage?

    Ian
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,037
    Likes Received:
    1,278
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Could you let us know if domain validation still fails in cPanel version 60 when removing that custom entry? The new rewrite rules automatically populated in the .htaccess files in cPanel version 60 might already address the issue. If not, could you let us know the contents within the account's .htaccess file that's blocking TXT files?

    Thank you.
     
  5. IanD

    IanD Member

    Joined:
    Jun 18, 2013
    Messages:
    11
    Likes Received:
    2
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    Sorry, I am confused as to what you are asking? It is the rule that I am including that forces the domain validation to fail. I am happily working around it with the RewriteConds (enhanced with your code sample - thanks). I think because I am not including in a .htaccess file, instead going direct into the virtual host (using this method), it is not being prepended with the RewriteCond automatically as you suggest above. I have no idea if it is possible to catch this case usage in the existing setup, just merely commenting it would be useful :)

    /usr/local/apache/conf/userdata/std/forcehttps.conf:
    Code:
    RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}.txt(?:\ Comodo\ DCV)?$
    RewriteCond %{REQUEST_URI} !^[0-9]+\..+\.cpaneldcv$
    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L,QSA]
    
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,037
    Likes Received:
    1,278
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    For instance, if you were to remove all custom changes made when domain validation failed for your domain names in cPanel version 58, does validation still fail in cPanel version 60?

    Thank you.
     
  7. IanD

    IanD Member

    Joined:
    Jun 18, 2013
    Messages:
    11
    Likes Received:
    2
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    Hi

    This was only a change I've added since I upgraded to cPanel 60 so I can't answer that I'm afraid.

    As I say my workaround is working fine. But if I can help you more please let me know. I'll be upgrading to EasyApache 4 soon which I don't believe (at least on first glance) supports the .conf include system I've used which is available in 3. Hopefully I'll not be back soon!
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,037
    Likes Received:
    1,278
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    I believe the workaround you are using is no longer required as of cPanel version 60, but feel free to let us know if you encounter any additional issues if you choose to disable those workaround rules. Regarding custom EA4 Apache configuration changes, this document provides a list of supported methods:

    Advanced Apache Configuration - EasyApache 4 - cPanel Documentation

    Thanks!
     
  9. Informaticacoslada

    Informaticacoslada Registered

    Joined:
    May 30, 2017
    Messages:
    1
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Coslada - MADRID
    cPanel Access Level:
    DataCenter Provider
    cPanelMichael likes this.
Loading...

Share This Page