Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

In Progress [CPANEL-21024] IPv6 Subdomain fails AutoSSL verification

Discussion in 'General Discussion' started by Nirjonadda, Feb 8, 2018.

Tags:
  1. Nirjonadda

    Nirjonadda Well-Known Member

    Joined:
    May 8, 2013
    Messages:
    597
    Likes Received:
    15
    Trophy Points:
    68
    cPanel Access Level:
    Root Administrator
    IPv6 Subdomain are not install Certificate. Please let me know this fix.

    Code:
    Log for the AutoSSL run for “user”: Thursday, February 8, 2018 10:52:00 PM GMT+0100 (cPanel (powered by Comodo))
    10:52:00 PM This system has AutoSSL set to use “cPanel (powered by Comodo)”.
    10:52:00 PM Checking websites for “user” …
    10:52:00 PM The website “mysite.com”, owned by “user”, has a valid SSL certificate, but additional SSL coverage may be possible for the domain “ipv6.mysite.com”. The system will attempt to replace this certificate with one that includes this additional domain.
    10:52:01 PM WARN The domain “ipv6.mysite.com” failed domain control validation: “ipv6.mysite.com” does not resolve to any IPv4 addresses on the internet.
    10:52:01 PM AutoSSL cannot add any new domains to SSL coverage for the website “mysite.com”.
    10:52:01 PM The system has completed the AutoSSL check for “user”. 
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. cPWilliamL

    cPWilliamL cP Technical Analyst II
    Staff Member

    Joined:
    May 15, 2017
    Messages:
    257
    Likes Received:
    29
    Trophy Points:
    103
    Location:
    America
    cPanel Access Level:
    Root Administrator
    Hi @Nirjonadda,

    Unfortunately, AAAA requests are not currently supported with AutoSSL. We started working on adding support for it; however, we had to delay the feature because we need to ensure our SSL vendors support AAAA lookups/DCV checks first. We hope to see it implemented soon.

    Thanks,
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    Nirjonadda likes this.
  3. Nirjonadda

    Nirjonadda Well-Known Member

    Joined:
    May 8, 2013
    Messages:
    597
    Likes Received:
    15
    Trophy Points:
    68
    cPanel Access Level:
    Root Administrator
    OK wait for AAAA AutoSSL Support. Does Let’s Encrypt support AAAA AutoSSL?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,928
    Likes Received:
    1,819
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    No, AAAA requests are not supported with through AutoSSL with either provider (Comodo/Let's Encrypt) at this time.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. orudge

    orudge Member

    Joined:
    Oct 31, 2004
    Messages:
    17
    Likes Received:
    2
    Trophy Points:
    153
    Location:
    United Kingdom
    Is there a way of disabling the "ipv6" subdomain that is automatically added to all IPv6-enabled sites? It's not something that we or any of our clients need as far as I'm aware, but it causes annoying AutoSSL e-mails for every client's domain. (I don't want to disable the generic AutoSSL 'missing domains' notification as this can be useful when a client genuinely does have domains that aren't included, and I of course don't want to disable IPv6 entirely either.) An option to enable/disable the IPv6 proxy subdomain would be very helpful if there isn't already a way of doing so.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,928
    Likes Received:
    1,819
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello @orudge,

    There's actually an internal case open (CPANEL-21024) to address the issue where enabling IPv6 for an account leads to the following error during subsequent AutoSSL checks, even after excluding the ipv6 subdomain from AutoSSL using the SSL/TLS Status option in cPanel:

    I'll monitor this case and update this thread once it's published. In the meantime, the workaround is to manually create an A record for the ipv6 subdomain so that it points to an IPv4 address.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. keencs

    keencs Member

    Joined:
    Feb 16, 2013
    Messages:
    13
    Likes Received:
    2
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    Hello,

    I am also experiencing this issue. I added an A record for the ipv6 sub-domain, but autossl will still not proceed past the warning. Are there any other suggested workarounds for this issue?

    Thank you.
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,928
    Likes Received:
    1,819
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello @keencs,

    Did you confirm that ipv6.domain.tld resolves to the IPv4 address associated with the account from a remote location? If so, another workaround is to temporarily disable IPv6 on the affected account until the AutoSSL certificates are issued, and then enable it again. Feel free to open a support ticket so we can take a closer look if neither of these workarounds help. You can post the ticket number here and we will link it to this forums thread.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. keencs

    keencs Member

    Joined:
    Feb 16, 2013
    Messages:
    13
    Likes Received:
    2
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    Yes, I've confirmed it resolves.

    The AAAA record has a 4hr TTL, so I will wait for that to expire and then try again before logging a ticket. Perhaps whatever server is doing the lookup has a cached version of only the AAAA record and is not retrieving the A record.

    Thank you.
     
    cPanelMichael likes this.
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice