Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Check All SSL Certs script

Discussion in 'Security' started by madnoob2, Feb 4, 2019.

  1. madnoob2

    madnoob2 Active Member

    Joined:
    Apr 18, 2017
    Messages:
    35
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Austria
    cPanel Access Level:
    Root Administrator
    Hi folks,

    the script at /usr/local/cpanel/bin/checkallsslcerts , does it use custom nameservers (NOT the ones in /etc/resolv.conf) to resolve domains to Ipv4?
    I'm having issues as it's saying that my domain does not resolve to any IPv4 address on the internet.
    Server is behind NAT, and only custom NS are allowed.
     
  2. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,161
    Likes Received:
    474
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @madnoob2

    It is not required to have local nameservers to resolve your domain name to the server but it does require properly configured DNS and it sounds like based on this that you may have an issue. You might try running the hostname through one of the sites like leafdns.com or intodns.com to see where any potential failures are coming from.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. madnoob2

    madnoob2 Active Member

    Joined:
    Apr 18, 2017
    Messages:
    35
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Austria
    cPanel Access Level:
    Root Administrator
    everything is fine with the hostname, it resolves to the right address and all is good there.
    I need to know what exactly does that script do, what connections are being made towards which server on what port so that I could troubleshoot further.
     
  4. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,161
    Likes Received:
    474
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @madnoob2

    Since it's a compiled binary I'm not able to tell you precisely what it does, but I can tell you it uses DnsRoots to check the parent nameservers for a valid A record that resolves to your server, it also places a .txt file for comodo to validate in the docroot for the hostname /var/www/html/.well-known/pki-validation.

    A lot of times I'll try running a curl request from outside the server to see if I can resolve a test .txt

    Code:
    curl -kvv hostname.tld/.well-known/pki-validation/test.txt 
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice