Pending Publication [CPANEL-27188] AutoSSL - issues with gov.co domains

mateita

Member
Oct 13, 2005
7
0
151
Hello

We released 78.0.23 which included a fix for this issue, the case is also listed in the changelogs. You can check them here: Change Logs - Change Logs - cPanel Documentation

Please let us know if anyone continues to experience issues related to this.

Thanks!
The problem continue on 78.0.23 with domains .gov.co

An error occurred the last time AutoSSL ran, on 15 de mayo de 2019:
HTTP DCV: “anydomain.gov.co” is not a registered internet domain.

Also for subdomain.anydomain.gov.co
 

mateita

Member
Oct 13, 2005
7
0
151
Hello @mateita

That's actually a separate issue related to upstream DNS issues specific to gov.co domains. To look into this further you'll need to discuss the issue with your registrar.

Hello,

The registrar for the .gov.co domains for the government of Colombia (Cointernet) answers the following:

(1) The main problem for the SSL validation is the script that is being used for it, by the DNS provider/hosting/certificates of yours, since said script assumes - erroneously - that there are name servers (NS's) specific/separate for the GOV.CO zone, which is incorrect, as all domains under GOV.CO are within the (root) zone of ".CO"

(2) From what is indicated in number (1), when this script was made to validate the domain XYZ.GOV.CO (for example), the following happens:

(i) The paragraph .CO = the NS Query script finds them OK

(ii) Query of NS for GOV.CO = the script FAIL because GOV.CO is not a delegated zone (XYZ.GOV.CO is registered directly in the [root] zone .CO)

(iii) For XYZ.GOV.CO of NS Query = the script does not arrive, from the ERROR of step (ii)

This has been happening for more than 40 days with the new certificates or certificate renewals of .gov.co domains in different servers with cPanel. The installed version is the latest v78.0.24.

Regards
 

cPanelLauren

Forums Analyst II
Staff member
Nov 14, 2017
8,110
659
263
Houston
cPanel Access Level
DataCenter Provider
Hi @mateita

Since this is a completely separate issue than the previous thread I've moved this out to its own thread. I've added your latest response to the internal case we have to track this issue. If/when it is transitioned to a cPanel case as opposed to an upstream case I'll update here. I'll also update here with any new information as it becomes available.
 

mateita

Member
Oct 13, 2005
7
0
151
Hi @mateita

Since this is a completely separate issue than the previous thread I've moved this out to its own thread. I've added your latest response to the internal case we have to track this issue. If/when it is transitioned to a cPanel case as opposed to an upstream case I'll update here. I'll also update here with any new information as it becomes available.
Hello,

Is there any progress on this issue ?.
 

hmartian

Registered
Jun 26, 2019
1
0
1
Colombia
cPanel Access Level
Root Administrator
I have the same problem with .gov.co domains.

When getting nameservers using DnsRoots perl module it returns a void result.

Code:
 /usr/local/cpanel/3rdparty/bin/perl -MCpanel::DnsRoots -MData::Dumper -e 'print Dumper(Cpanel::DnsRoots->new()->get_nameservers_for_domain("x.gov.co"));'
$VAR1 = {};
But if we try with a .edu.co domain it returns the right result.

Code:
[email protected] [~]# /usr/local/cpanel/3rdparty/bin/perl -MCpanel::DnsRoots -MData::Dumper -e 'print Dumper(Cpanel::DnsRoots->new()->get_nameservers_for_domain("edu.co"));'
$VAR1 = {
          'ns6.cctld.co' => '156.154.xxx.xx',
          'ns3.cctld.co' => '156.154.xxx.xx',
          'ns4.cctld.co' => '156.154.xxx.xx',
          'ns5.cctld.co' => '156.154.xxx.xx',
          'ns1.cctld.co' => '156.154.xxx.xx',
          'ns2.cctld.co' => '156.154.xxx.xx'
        };
 
Last edited by a moderator:

Oscar Serrano

Registered
May 26, 2016
3
0
1
Colombia
cPanel Access Level
Root Administrator
Dear cPanel, we really need to fix this issue with .GOV domains. We just cant purchase individual certificates and install them manually on every single .GOV client account. How can web renew expired domain if the autoSSL feature wont issue a new certificate.
 

cPanelLauren

Forums Analyst II
Staff member
Nov 14, 2017
8,110
659
263
Houston
cPanel Access Level
DataCenter Provider
Hey guys,


I'm really excited to let you all know that we've made some changes in how we're doing DNS resolution and we've got a resolution for this issue in testing right now. We're looking at v84 of cPanel/WHM for this to be included in the product.

I'll update here again when this is added into a RELEASE version or if there is any new information in relation to this.


Thanks!
 

alegreiff

Registered
Sep 13, 2019
1
0
1
Bogotá
cPanel Access Level
Website Owner
Hey guys,


I'm really excited to let you all know that we've made some changes in how we're doing DNS resolution and we've got a resolution for this issue in testing right now. We're looking at v84 of cPanel/WHM for this to be included in the product.

I'll update here again when this is added into a RELEASE version or if there is any new information in relation to this.


Thanks!
When will be the release v84 installed?
 

Oscar Serrano

Registered
May 26, 2016
3
0
1
Colombia
cPanel Access Level
Root Administrator
It's really incredible all the time that cPanel takes to solve this issue. It looks like you guys wont take this problem seriously. We justa cant afford to purchase individual SSL certificates for all our .gov.co clients.

If you guys have this problem identified and fixed, you should consider release a fix asap.

Please let us know any eta so we can provide a serious answer to our clients.