Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

In Progress [CPANEL-27188] AutoSSL - issues with gov.co domains

Discussion in 'Security' started by mateita, May 15, 2019.

  1. mateita

    mateita Member

    Joined:
    Oct 13, 2005
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    151
    The problem continue on 78.0.23 with domains .gov.co

    An error occurred the last time AutoSSL ran, on 15 de mayo de 2019:
    HTTP DCV: “anydomain.gov.co” is not a registered internet domain.

    Also for subdomain.anydomain.gov.co
     
  2. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,464
    Likes Received:
    505
    Trophy Points:
    263
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hello @mateita

    That's actually a separate issue related to upstream DNS issues specific to gov.co domains. To look into this further you'll need to discuss the issue with your registrar.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. mateita

    mateita Member

    Joined:
    Oct 13, 2005
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    151

    Hello,

    The registrar for the .gov.co domains for the government of Colombia (Cointernet) answers the following:

    (1) The main problem for the SSL validation is the script that is being used for it, by the DNS provider/hosting/certificates of yours, since said script assumes - erroneously - that there are name servers (NS's) specific/separate for the GOV.CO zone, which is incorrect, as all domains under GOV.CO are within the (root) zone of ".CO"

    (2) From what is indicated in number (1), when this script was made to validate the domain XYZ.GOV.CO (for example), the following happens:

    (i) The paragraph .CO = the NS Query script finds them OK

    (ii) Query of NS for GOV.CO = the script FAIL because GOV.CO is not a delegated zone (XYZ.GOV.CO is registered directly in the [root] zone .CO)

    (iii) For XYZ.GOV.CO of NS Query = the script does not arrive, from the ERROR of step (ii)

    This has been happening for more than 40 days with the new certificates or certificate renewals of .gov.co domains in different servers with cPanel. The installed version is the latest v78.0.24.

    Regards
     
  4. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,464
    Likes Received:
    505
    Trophy Points:
    263
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @mateita

    Since this is a completely separate issue than the previous thread I've moved this out to its own thread. I've added your latest response to the internal case we have to track this issue. If/when it is transitioned to a cPanel case as opposed to an upstream case I'll update here. I'll also update here with any new information as it becomes available.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. mateita

    mateita Member

    Joined:
    Oct 13, 2005
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    151
    Hello,

    Is there any progress on this issue ?.
     
  6. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,464
    Likes Received:
    505
    Trophy Points:
    263
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hello @mateita


    Unfortunately no, there is no update as of right now though there is an internal case now opened for this CPANEL-27188 I'm adding that case to this thread and I'll update when there is more information but as of now, there has been no movement on either case.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. hmartian

    hmartian Registered

    Joined:
    Jun 26, 2019
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Colombia
    cPanel Access Level:
    Root Administrator
    I have the same problem with .gov.co domains.

    When getting nameservers using DnsRoots perl module it returns a void result.

    Code:
     /usr/local/cpanel/3rdparty/bin/perl -MCpanel::DnsRoots -MData::Dumper -e 'print Dumper(Cpanel::DnsRoots->new()->get_nameservers_for_domain("x.gov.co"));'
    $VAR1 = {};
    
    But if we try with a .edu.co domain it returns the right result.

    Code:
    [email protected] [~]# /usr/local/cpanel/3rdparty/bin/perl -MCpanel::DnsRoots -MData::Dumper -e 'print Dumper(Cpanel::DnsRoots->new()->get_nameservers_for_domain("edu.co"));'
    $VAR1 = {
              'ns6.cctld.co' => '156.154.xxx.xx',
              'ns3.cctld.co' => '156.154.xxx.xx',
              'ns4.cctld.co' => '156.154.xxx.xx',
              'ns5.cctld.co' => '156.154.xxx.xx',
              'ns1.cctld.co' => '156.154.xxx.xx',
              'ns2.cctld.co' => '156.154.xxx.xx'
            };
    
     
    #7 hmartian, Jun 26, 2019
    Last edited by a moderator: Jun 26, 2019
  8. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,464
    Likes Received:
    505
    Trophy Points:
    263
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    This is an issue with only gov.co domains as far as I am aware no other TLD's were affected. The issue remains unresolved at this time as well.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. Oscar Serrano

    Oscar Serrano Registered

    Joined:
    May 26, 2016
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Colombia
    cPanel Access Level:
    Root Administrator
    Dear cPanel, we really need to fix this issue with .GOV domains. We just cant purchase individual certificates and install them manually on every single .GOV client account. How can web renew expired domain if the autoSSL feature wont issue a new certificate.
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice