SOLVED Correct DNS settings but AutoSSL Domain Validation failing

caroseuk

Member
Aug 4, 2015
24
5
3
United kingdom
cPanel Access Level
Root Administrator
Hi cPanel,

We have a range of accounts on our WHM server (v.60 build 28). and have enabled AutoSSL for some of the accounts.

The DNS records are all set up and correctly resolving for the domains (checked with dig and thrugh Google DNS)
example.co.uk
www.example.co.uk
mail.example.co.uk


However when running the autossl_check process (both through WHM gui and linux command line), we are returned with the following message:

Code:
Checking websites for “user” …

The website “example.co.uk”, owned by “user”, has no SSL certificate. AutoSSL will attempt to obtain a new certificate and install it.

The domain “example.co.uk” failed domain control validation: “example.co.uk” does not resolve to any IPv4 addresses on the internet. at bin/autossl_check.pl line 526.

The domain “www.example.co.uk" failed domain control validation: “www.example.co.uk” does not resolve to any IPv4 addresses on the internet. at bin/autossl_check.pl line 526.

The domain “mail.example.co.uk” failed domain control validation: “mail.example.co.uk” does not resolve to any IPv4 addresses on the internet. at bin/autossl_check.pl line 526.

The system has completed the AutoSSL check for “user”.
After the check runs, there is a .well-known folder in in public_html, though it is empty. I can navigate to example.co.uk/.well-known and access it without issues.

We have checked all cPanel documentation and we are at a loose end.

Any advice?
 
Last edited by a moderator:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,202
363
Hello,

Feel free to open a support ticket using the link in my signature so we can take a closer look to see why domain validation is failing for that domain name.

Thanks!
 

caroseuk

Member
Aug 4, 2015
24
5
3
United kingdom
cPanel Access Level
Root Administrator
Hi Michael, thanks.

For anyone else who may have the same issue, we had someone from support log in and do some troubleshooting. From cPanel's perspective there was an issue with resolving the majority of root-servers.net so performing the DNS queries were failing. A check for this was done by running the following command on the server:

Code:
for i in {a..m}; do echo -n "$i: "; dig +short $i.root-servers.net @$i.root-servers.net; done

a: ;; connection timed out; no servers could be reached
b: ;; connection timed out; no servers could be reached
c: ;; connection timed out; no servers could be reached
d: ;; connection timed out; no servers could be reached
e: ;; connection timed out; no servers could be reached
f: 192.5.5.241
g: ;; connection timed out; no servers could be reached
h: ;; connection timed out; no servers could be reached
i: ;; connection timed out; no servers could be reached
j: ;; connection timed out; no servers could be reached
k: 193.0.14.129
l: ;; connection timed out; no servers could be reached
m: ;; connection timed out; no servers could be reached
----------------------------------------------------
Which pointed us back to our server providers, who did some further investigation. It turns out the firewall was configured to only allow the first 512b in a response. Increasing this (1500b) fixed the issue and all domains now resolve as they should.

Thanks for the support :)