Cloudflare + AutoSSL DSV failures - Can I remove these checks?

Dec 6, 2020
24
3
3
NA
cPanel Access Level
Website Owner
I have LetsEncrypt auto SSL enabled on the server and am using latest version of cPanel + nginx and have the following issue when trying to run

/usr/local/cpanel/bin/autossl_check --user example
Code:
AutoSSL’s configured provider is “Let’s Encrypt™”.
Analyzing “example”’s domains …
        Analyzing “dev.example.com” (website) …
                TLS Status: OK
                Certificate expiry: 6/15/21, 9:11 PM UTC (81.95 days from now)
        Analyzing “example.com” (website) …
                TLS Status: Incomplete
                Certificate expiry: 4/24/21, 5:34 PM UTC (29.8 days from now)
        Attempting to ensure the existence of necessary CAA records …
                No CAA records were created.
        Verifying 4 domains’ management status …
        Verifying “Let’s Encrypt™”’s authorization on 4 domains via DNS CAA records …
                CA authorized: “example.com”
                CA authorized: “*.example.com”
                CA authorized: “www.example.com”
                “example.com” is managed.
                “www.example.com” is managed.
                “mail.example.com” is managed.
                “*.example.com” is managed.
                All of this user’s 4 domains are managed.
                CA authorized: “mail.example.com”
                “Let’s Encrypt™” is authorized to issue certificates for 4 of this user’s 4 domains.
        Performing HTTP DCV (Domain Control Validation) on 3 domains …
                Local HTTP DCV error (example.com): The system queried for a temporary file at “http://example.com/.well-known/acme-challenge/25ZT-QVSOVPDDW_OIA75V_CPXOGEXT15”, but the web server responded with the following error: 404 (Not Found). A DNS (Domain Name System) or web server misconfiguration may exist.
                Local HTTP DCV error (www.example.com): The system queried for a temporary file at “http://www.example.com/.well-known/acme-challenge/J6TBMI78A_7LUS1DJ462ZI_QW8R84D-L”, but the web server responded with the following error: 404 (Not Found). A DNS (Domain Name System) or web server misconfiguration may exist.
                Local HTTP DCV error (mail.example.com): The system queried for a temporary file at “http://mail.example.com/.well-known/acme-challenge/0J2LVB_T3IIB3UJC0H709WZ8MO-X-U_7”, but the web server responded with the following error: 404 (Not Found). A DNS (Domain Name System) or web server misconfiguration may exist.
        Enqueueing 4 domains (1 zone) for local DNS DCV …
Publishing DNS changes for local DNS DCV (1 zone) …
Querying DNS to confirm DCV changes …
[1616797348] libunbound[20497:0] info: response for l.root-servers.net. AAAA IN
[1616797348] libunbound[20497:0] info: reply from <root-servers.net.> 192.58.128.30#53
[1616797348] libunbound[20497:0] info: query response was ANSWER
[1616797348] libunbound[20497:0] info: response for l.root-servers.net. AAAA IN
[1616797348] libunbound[20497:0] info: reply from <root-servers.net.> 202.12.27.33#53
[1616797348] libunbound[20497:0] info: query response was ANSWER
[1616797348] libunbound[20497:0] info: response for m.root-servers.net. AAAA IN
[1616797348] libunbound[20497:0] info: reply from <.> 199.7.91.13#53
[1616797348] libunbound[20497:0] info: query response was REFERRAL
[1616797348] libunbound[20497:0] info: error sending query to auth server 2001:501:b1f9::30 port 53
[1616797348] libunbound[20497:0] info: response for m.root-servers.net. A IN
[1616797348] libunbound[20497:0] info: reply from <.> 192.203.230.10#53
[1616797348] libunbound[20497:0] info: query response was REFERRAL
[1616797348] libunbound[20497:0] info: error sending query to auth server 2001:500:856e::30 port 53
[1616797348] libunbound[20497:0] info: response for m.root-servers.net. A IN
[1616797348] libunbound[20497:0] info: reply from <net.> 192.43.172.30#53
[1616797348] libunbound[20497:0] info: query response was REFERRAL
[1616797348] libunbound[20497:0] info: response for m.root-servers.net. AAAA IN
[1616797348] libunbound[20497:0] info: reply from <net.> 192.54.112.30#53
[1616797348] libunbound[20497:0] info: query response was REFERRAL
[1616797348] libunbound[20497:0] info: response for m.root-servers.net. A IN
[1616797348] libunbound[20497:0] info: reply from <root-servers.net.> 192.203.230.10#53
[1616797348] libunbound[20497:0] info: query response was ANSWER
Processing “example”’s local DCV results …
        Local DNS DCV error (example.com): The DNS query to “_cpanel-dcv-test-record.example.com” for the DCV challenge returned no “TXT” record that matches the value “_cpanel-dcv-test-record=8aYkZyaVVyJD3DqOUmFQhg5VWDpr47jfqJHGb3pQoZupPXn3ReuzC3bBrK55h6Cs”.
        Local DNS DCV error (www.example.com): The DNS query to “_cpanel-dcv-test-record.example.com” for the DCV challenge returned no “TXT” record that matches the value “_cpanel-dcv-test-record=8aYkZyaVVyJD3DqOUmFQhg5VWDpr47jfqJHGb3pQoZupPXn3ReuzC3bBrK55h6Cs”.
        Local DNS DCV error (mail.example.com): The DNS query to “_cpanel-dcv-test-record.example.com” for the DCV challenge returned no “TXT” record that matches the value “_cpanel-dcv-test-record=8aYkZyaVVyJD3DqOUmFQhg5VWDpr47jfqJHGb3pQoZupPXn3ReuzC3bBrK55h6Cs”.
        Local DNS DCV error (*.example.com): The DNS query to “_cpanel-dcv-test-record.example.com” for the DCV challenge returned no “TXT” record that matches the value “_cpanel-dcv-test-record=8aYkZyaVVyJD3DqOUmFQhg5VWDpr47jfqJHGb3pQoZupPXn3ReuzC3bBrK55h6Cs”.
        Analyzing “example.com”’s DCV results …
                Impediment: TOTAL_DCV_FAILURE: Every domain failed DCV.
        The system has completed “example”’s AutoSSL check.
I have come across multiple threads that have suggested I "Pause Cloudflare on site" which does nothing as _cpanel-dcv-test-record.example.com still resolves to nothing is there a way to simply skip these DSV checks by disabling something? Also I have no idea why Local HTTP DCV fails could it be nginx issue? I have deleted the .well-known folder it gets created again so it doesn't appears to be a permission issue.

The last time I did this I just simply added the _cpanel-dcv-test-record=8aYkZyaVVyJD3DqOUmFQhg5VWDpr47jfqJHGb3pQoZupPXn3ReuzC3bBrK55h6Cs code to Cloudflare but now it appears to change every time to something new.
 
Last edited:

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
4,883
606
273
cPanel Access Level
Root Administrator
Hey there! There isn't a way to disable the checks that happen as those are completely automated and built in to the AutoSSL process. No matter what tools are in use on the machine, it will run those checks, and just wait for them to time out or fail before moving on.