SOLVED [CPANEL-22560] AutoSSL Warning - Skipping duplicate domains (misconfigured?)

rs200

Active Member
Dec 4, 2017
39
9
8
Italy
cPanel Access Level
Root Administrator
Hi to all,

last week, on 8 Aug, cPanel on my VPS upgraded automatically to the version 74.0.4

Now i have noticed this warn on the logs of AutoSSL

Code:
12:59:42 AM WARN Skipping duplicate domains (misconfigured?): mydomain.it www.mydomain.it mail.mydomain.it cpanel.mydomain.it cpanel.mydomain.it webdisk.mydomain.it webdisk.mydomain.it webmail.mydomain.it webmail.mydomain.it
The warn is repeated for all my domains and subdomains.

Logs prior of 8 Aug didn't show that, so what does it mean? Maybe is related to the duplicate cpanel.mydomain.it webdisk.mydomain.it etc...
 
  • Like
Reactions: Olof

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,203
363
Hello @rs200,

The warning message you see stems from the following case noted in the cPanel & WHM version 74 Change Log:

Fixed case CPANEL-21400: Deduplicate domains in AutoSSL.

It's to notify you that AutoSSL detected duplicate domains and skipped them to avoid errors during the attempt to issue a certificate for the domains added to the account.

As far as why it's detecting duplicate domains, it's likely due to the existence of proxy subdomains in the SSL userdata files associated with your domain names (entries for proxy subdomains should not exist on the serveralias lines in these files). You can confirm this by running the following command:

Code:
grep serveralias /var/cpanel/userdata/username/domain.tld_SSL
Replace "username" and "domain.tld" with a username and domain name on your server that's receiving the warning message. Do you see entries for proxy subdomains on the serveralias line in the output?

Thank you.
 
  • Like
Reactions: Olof

rs200

Active Member
Dec 4, 2017
39
9
8
Italy
cPanel Access Level
Root Administrator
Hello @rs200,

The warning message you see stems from the following case noted in the cPanel & WHM version 74 Change Log:

Fixed case CPANEL-21400: Deduplicate domains in AutoSSL.

It's to notify you that AutoSSL detected duplicate domains and skipped them to avoid errors during the attempt to issue a certificate for the domains added to the account.

As far as why it's detecting duplicate domains, it's likely due to the existence of proxy subdomains in the SSL userdata files associated with your domain names (entries for proxy subdomains should not exist on the serveralias lines in these files). You can confirm this by running the following command:

Code:
grep serveralias /var/cpanel/userdata/username/domain.tld_SSL
Replace "username" and "domain.tld" with a username and domain name on your server that's receiving the warning message. Do you see entries for proxy subdomains on the serveralias line in the output?

Thank you.
Hi Michael and thanks for the reply,

this is the output of the grep command for one of the accounts on the VPS

Code:
serveralias: mail.domain.tld www.domain.tld cpanel.domain.tld webdisk.domain.tld webmail.domain.tld
I didn't understand what it's wrong? Why the warn says "duplicate domains"? Where are duplicate domains?

I tried another accounts and i have not seen duplicate records.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,203
363
Hello @rs200,

The proxy subdomain entries should not appear on the serveralias line in the userdata files for the domain names because the entries are already configured in the default Apache configuration templates. To solve the issue, you can manually edit the file referenced in your last response so that "cpanel.domain.tld webdisk.domain.tld webmail.domain.tld" is removed from the serveralias line. Then, remove the /var/cpanel/userdata/username/domain.tld_SSL.cache file and run the following command:

Code:
/scripts/rebuildhttpdconf
Thank you.
 
  • Like
Reactions: Olof

rs200

Active Member
Dec 4, 2017
39
9
8
Italy
cPanel Access Level
Root Administrator
Hello @rs200,

The proxy subdomain entries should not appear on the serveralias line in the userdata files for the domain names because the entries are already configured in the default Apache configuration templates. To solve the issue, you can manually edit the file referenced in your last response so that "cpanel.domain.tld webdisk.domain.tld webmail.domain.tld" is removed from the serveralias line. Then, remove the /var/cpanel/userdata/username/domain.tld_SSL.cache file and run the following command:

Code:
/scripts/rebuildhttpdconf
Thank you.
So i have to edit the file domain.tld_SSL on the line serveralias: ... removing "cpanel.domain.tld webdisk.domain.tld webmail.domain.tld", after i've to delete the cache file and run the command /scripts/rebuildhttpdconf

Is this correct?

It's a problem if i leave that warn on AutoSSL?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,203
363
So i have to edit the file domain.tld_SSL on the line serveralias: ... removing "cpanel.domain.tld webdisk.domain.tld webmail.domain.tld", after i've to delete the cache file and run the command /scripts/rebuildhttpdconf

Is this correct?
Yes, this is correct.

It's a problem if i leave that warn on AutoSSL?
The warning messages are only warnings as opposed to errors, but ultimately it's something you should fix using the steps noted above as it has the potential to lead to other problems.

Thank you.
 

rs200

Active Member
Dec 4, 2017
39
9
8
Italy
cPanel Access Level
Root Administrator
Yes, this is correct.



The warning messages are only warnings as opposed to errors, but ultimately it's something you should fix using the steps noted above as it has the potential to lead to other problems.

Thank you.
Thanks Michael, i confirm that following those steps that you suggested me, the warn doesn't appear anymore. But i should repeat it for any domains.

My doubt is if i have to do it for every future domain added? It's just a warning but i hope no :)
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,203
363
Hello @rs200,

I've not seen any recent reports of this happening on new accounts (it seems to relate to an issue that was already addressed in the past), but feel free to let us know if you notice it on new accounts.

Thank you.
 

rs200

Active Member
Dec 4, 2017
39
9
8
Italy
cPanel Access Level
Root Administrator
Hello @rs200,

I've not seen any recent reports of this happening on new accounts (it seems to relate to an issue that was already addressed in the past), but feel free to let us know if you notice it on new accounts.

Thank you.
Ok thank you so much Michael.
 
  • Like
Reactions: cPanelMichael

sneader

Well-Known Member
Aug 21, 2003
1,178
57
178
La Crosse, WI
cPanel Access Level
Root Administrator
"WARN Skipping duplicate domains (misconfigured?)" appears 581 times in my nightly AutoSSL log. cPanel... there MUST be a better way to fix this problem then to manually edit every single _SSL file, remove every .SSL_cache file, and rebuildhttpconf??

- Scott
 
  • Like
Reactions: rs200

SamL

Member
Jul 30, 2018
8
1
1
United Kingdom
cPanel Access Level
Root Administrator
I have a CMS installed which manages a multisite installation.
Under Public HTML I have the main CMS installed which is accessible at example.com. The CMS is then used to created subdomains, site1.example.com, site2.example.com etc. I then point URLs to each subdomain, so site1.com loads site1.example.com, site2.com loads site2.example.com.

The auto SSL seemed to work to begin with but I have recently added a new site but auto SSL does not work for this site.

I have checked the logs and see this error.
Code:
Analyzing “site3.example.net” …
9:33:03 PM WARN Skipping duplicate domains (misconfigured?): site3.example.net www.site3.example.net example.com whm.example.com whm.example.com www.example.com mail.example.com cpanel.example.com cpanel.example.com webdisk.example.com webdisk.example.com webmail.example.com webmail.example.com
TLS Status: Incomplete
Certificate expiry: 11/19/18, 12:00 AM UTC (32.14 days from now)
9:33:03 PM Performing DCV (Domain Control Validation) …
9:33:04 PM Local HTTP DCV OK: example.com
Local HTTP DCV OK: whm.example.com (via example.com)
Local HTTP DCV OK: www.example.com (via example.com)
Local HTTP DCV OK: mail.example.com (via example.com)
Local HTTP DCV OK: cpanel.example.com (via example.com)
Local HTTP DCV OK: webdisk.example.com (via example.com)
Local HTTP DCV OK: webmail.example.com (via example.com)
I don't understand. How can my domain be misconfigured. What is the problem?

Thanks
For any help
 
Last edited by a moderator:

cPanelFelipe

Member
Staff member
Apr 10, 2013
14
10
78
Rest easy … this isn’t a problem on your end, and AutoSSL appears to be working as expected.

There was a bug in our software that caused duplicate domain entries in some of the configuration files. The bug is fixed in v76, and any duplicates in the configuration files will be corrected.
 

sneader

Well-Known Member
Aug 21, 2003
1,178
57
178
La Crosse, WI
cPanel Access Level
Root Administrator
I opened a ticket on this, and cPanel Support responded with the following background information, as well as a one-liner to fix the userdata issue (remove the proxy domains):

This issue relates to internal case CPANEL-22560 in which the domains' userdata files contained the proxy subdomains in it (causing duplicate domains in the AutoSSL requests). The EasyApache 3 distiller looks to have been what was causing the userdata to have this in them. Internal case CPANEL-22560 addresses this and will fix any userdata that was affected by the issue.

I have made a backup of the /var/cpanel/userdata/ directory (stored in /root/cptechs/). We have seen the following one liner fixes the existing userdata:

Code:
awk -F '(: |==)' '{ print $2, $1; }' /etc/userdatadomains | while read FIXUSER FIXDOMAIN; do [ -z ${FIXUSER} ] && continue; [ -z ${FIXDOMAIN} ] && continue; echo "== Checking ${FIXUSER} ${FIXDOMAIN}"; [ ! -f /var/cpanel/userdata/${FIXUSER}/${FIXDOMAIN}_SSL ] && echo "-- Skipping ${FIXUSER} ${FIXDOMAIN} because userdata SSL file doesn't exist" && continue || ( echo "++ Repairing ${FIXUSER} ${FIXDOMAIN}"; cd /var/cpanel/userdata/${FIXUSER}; FIXDOMAIN=${FIXDOMAIN} /usr/local/cpanel/3rdparty/bin/perl -MYAML::Syck -e 'use strict; use warnings; die "no FIXDOMAIN" unless $ENV{FIXDOMAIN}; my $domain=$ENV{FIXDOMAIN}; my $ssl_file=$domain."_SSL"; my $non_ssl=YAML::Syck::LoadFile($domain); my $ssl=YAML::Syck::LoadFile($ssl_file); die "undefined yaml" unless defined $ssl->{serveralias} and defined $non_ssl->{serveralias}; $ssl->{serveralias} = $non_ssl->{serveralias}; YAML::Syck::DumpFile($ssl_file,$ssl);'); done
 
  • Like
Reactions: cPanelMichael

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,203
363
Hello,

To update, internal case CPANEL-22560 is included with cPanel & WHM version 76 to address this issue:

Fixed case CPANEL-22560: Ensure service subdomains do not end up in userdata on distill.

The case is also scheduled for inclusion with a future cPanel & WHM version 74 build.

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,203
363
Hello,

To update, the case was published to cPanel & WHM version 74.0.10 today.

Thanks!