Check All SSL Certs script

madnoob2

Active Member
Apr 18, 2017
35
0
6
Austria
cPanel Access Level
Root Administrator
Hi folks,

the script at /usr/local/cpanel/bin/checkallsslcerts , does it use custom nameservers (NOT the ones in /etc/resolv.conf) to resolve domains to Ipv4?
I'm having issues as it's saying that my domain does not resolve to any IPv4 address on the internet.
Server is behind NAT, and only custom NS are allowed.
 

cPanelLauren

Forums Analyst II
Staff member
Nov 14, 2017
8,012
648
263
Houston
cPanel Access Level
DataCenter Provider
Hi folks,

the script at /usr/local/cpanel/bin/checkallsslcerts , does it use custom nameservers (NOT the ones in /etc/resolv.conf) to resolve domains to Ipv4?
I'm having issues as it's saying that my domain does not resolve to any IPv4 address on the internet.
Server is behind NAT, and only custom NS are allowed.
Hi @madnoob2

It is not required to have local nameservers to resolve your domain name to the server but it does require properly configured DNS and it sounds like based on this that you may have an issue. You might try running the hostname through one of the sites like leafdns.com or intodns.com to see where any potential failures are coming from.
 

madnoob2

Active Member
Apr 18, 2017
35
0
6
Austria
cPanel Access Level
Root Administrator
Hi @madnoob2

It is not required to have local nameservers to resolve your domain name to the server but it does require properly configured DNS and it sounds like based on this that you may have an issue. You might try running the hostname through one of the sites like leafdns.com or intodns.com to see where any potential failures are coming from.
everything is fine with the hostname, it resolves to the right address and all is good there.
I need to know what exactly does that script do, what connections are being made towards which server on what port so that I could troubleshoot further.
 

cPanelLauren

Forums Analyst II
Staff member
Nov 14, 2017
8,012
648
263
Houston
cPanel Access Level
DataCenter Provider
Hi @madnoob2

Since it's a compiled binary I'm not able to tell you precisely what it does, but I can tell you it uses DnsRoots to check the parent nameservers for a valid A record that resolves to your server, it also places a .txt file for comodo to validate in the docroot for the hostname /var/www/html/.well-known/pki-validation.

A lot of times I'll try running a curl request from outside the server to see if I can resolve a test .txt

Code:
curl -kvv hostname.tld/.well-known/pki-validation/test.txt