[CPANEL-27188] AutoSSL - issues with gov.co domains

mateita

Member
Oct 13, 2005
7
0
151
Hello

We released 78.0.23 which included a fix for this issue, the case is also listed in the changelogs. You can check them here: Change Logs - Change Logs - cPanel Documentation

Please let us know if anyone continues to experience issues related to this.

Thanks!
The problem continue on 78.0.23 with domains .gov.co

An error occurred the last time AutoSSL ran, on 15 de mayo de 2019:
HTTP DCV: “anydomain.gov.co” is not a registered internet domain.

Also for subdomain.anydomain.gov.co
 

cPanelLauren

Product Owner II
Staff member
Nov 14, 2017
13,274
1,295
313
Houston
Hello @mateita

That's actually a separate issue related to upstream DNS issues specific to gov.co domains. To look into this further you'll need to discuss the issue with your registrar.
 

mateita

Member
Oct 13, 2005
7
0
151
Hello @mateita

That's actually a separate issue related to upstream DNS issues specific to gov.co domains. To look into this further you'll need to discuss the issue with your registrar.

Hello,

The registrar for the .gov.co domains for the government of Colombia (Cointernet) answers the following:

(1) The main problem for the SSL validation is the script that is being used for it, by the DNS provider/hosting/certificates of yours, since said script assumes - erroneously - that there are name servers (NS's) specific/separate for the GOV.CO zone, which is incorrect, as all domains under GOV.CO are within the (root) zone of ".CO"

(2) From what is indicated in number (1), when this script was made to validate the domain XYZ.GOV.CO (for example), the following happens:

(i) The paragraph .CO = the NS Query script finds them OK

(ii) Query of NS for GOV.CO = the script FAIL because GOV.CO is not a delegated zone (XYZ.GOV.CO is registered directly in the [root] zone .CO)

(iii) For XYZ.GOV.CO of NS Query = the script does not arrive, from the ERROR of step (ii)

This has been happening for more than 40 days with the new certificates or certificate renewals of .gov.co domains in different servers with cPanel. The installed version is the latest v78.0.24.

Regards
 

cPanelLauren

Product Owner II
Staff member
Nov 14, 2017
13,274
1,295
313
Houston
Hi @mateita

Since this is a completely separate issue than the previous thread I've moved this out to its own thread. I've added your latest response to the internal case we have to track this issue. If/when it is transitioned to a cPanel case as opposed to an upstream case I'll update here. I'll also update here with any new information as it becomes available.
 

mateita

Member
Oct 13, 2005
7
0
151
Hi @mateita

Since this is a completely separate issue than the previous thread I've moved this out to its own thread. I've added your latest response to the internal case we have to track this issue. If/when it is transitioned to a cPanel case as opposed to an upstream case I'll update here. I'll also update here with any new information as it becomes available.
Hello,

Is there any progress on this issue ?.
 

cPanelLauren

Product Owner II
Staff member
Nov 14, 2017
13,274
1,295
313
Houston
Hello @mateita


Unfortunately no, there is no update as of right now though there is an internal case now opened for this CPANEL-27188 I'm adding that case to this thread and I'll update when there is more information but as of now, there has been no movement on either case.
 

hmartian

Registered
Jun 26, 2019
1
0
1
Colombia
cPanel Access Level
Root Administrator
I have the same problem with .gov.co domains.

When getting nameservers using DnsRoots perl module it returns a void result.

Code:
 /usr/local/cpanel/3rdparty/bin/perl -MCpanel::DnsRoots -MData::Dumper -e 'print Dumper(Cpanel::DnsRoots->new()->get_nameservers_for_domain("x.gov.co"));'
$VAR1 = {};
But if we try with a .edu.co domain it returns the right result.

Code:
[email protected] [~]# /usr/local/cpanel/3rdparty/bin/perl -MCpanel::DnsRoots -MData::Dumper -e 'print Dumper(Cpanel::DnsRoots->new()->get_nameservers_for_domain("edu.co"));'
$VAR1 = {
          'ns6.cctld.co' => '156.154.xxx.xx',
          'ns3.cctld.co' => '156.154.xxx.xx',
          'ns4.cctld.co' => '156.154.xxx.xx',
          'ns5.cctld.co' => '156.154.xxx.xx',
          'ns1.cctld.co' => '156.154.xxx.xx',
          'ns2.cctld.co' => '156.154.xxx.xx'
        };
 
Last edited by a moderator:

Oscar Serrano

Registered
May 26, 2016
3
0
1
Colombia
cPanel Access Level
Root Administrator
Dear cPanel, we really need to fix this issue with .GOV domains. We just cant purchase individual certificates and install them manually on every single .GOV client account. How can web renew expired domain if the autoSSL feature wont issue a new certificate.
 

cPanelLauren

Product Owner II
Staff member
Nov 14, 2017
13,274
1,295
313
Houston
Hey guys,


I'm really excited to let you all know that we've made some changes in how we're doing DNS resolution and we've got a resolution for this issue in testing right now. We're looking at v84 of cPanel/WHM for this to be included in the product.

I'll update here again when this is added into a RELEASE version or if there is any new information in relation to this.


Thanks!
 

alegreiff

Registered
Sep 13, 2019
1
0
1
Bogotá
cPanel Access Level
Website Owner
Hey guys,


I'm really excited to let you all know that we've made some changes in how we're doing DNS resolution and we've got a resolution for this issue in testing right now. We're looking at v84 of cPanel/WHM for this to be included in the product.

I'll update here again when this is added into a RELEASE version or if there is any new information in relation to this.


Thanks!
When will be the release v84 installed?
 

Oscar Serrano

Registered
May 26, 2016
3
0
1
Colombia
cPanel Access Level
Root Administrator
It's really incredible all the time that cPanel takes to solve this issue. It looks like you guys wont take this problem seriously. We justa cant afford to purchase individual SSL certificates for all our .gov.co clients.

If you guys have this problem identified and fixed, you should consider release a fix asap.

Please let us know any eta so we can provide a serious answer to our clients.
 

cPanelLauren

Product Owner II
Staff member
Nov 14, 2017
13,274
1,295
313
Houston
Hello,

I am sorry for the delay on this but this issue was marked as resolved in the release of cPanel 84 and is referenced in the changelogs here: 84 Change Log - Change Logs - cPanel Documentation

This issue was a driving cause of introducing a new DNS resolver, libunbound in favor of our own resolver.

Please let us know if you continue to experience issues with this.