SOLVED [CPANEL-30266] AutoSSL did not renew the certificate

cPanelLauren

Forums Analyst II
Staff member
Nov 14, 2017
8,421
689
263
Houston
cPanel Access Level
DataCenter Provider
@cPanelLauren

Unfortunately the problem has not been solved.

When doing the email delivery test from this error in the cpanel log

Code:
warn [xml-api] DNS query failure (xx.xx.xx.xx.in-addr.arpa/PTR): Cpanel::Exception::Timeout/(XID cp8gz5) DNS query (xx.xx.xx.xx.in-addr.arpa/PTR) timeout!at /usr/local/cpanel/Cpanel/DNS/Unbound.pm line
Cpanel::DNS::Unbound::_die_if_query_failed(HASH(0x25a8700)) called at /usr/local/cpanel/Cpanel/DNS/Unbound.pm line 355
Cpanel::DNS::Unbound::recursive_query_or_die(Cpanel::DNS::Unbound=HASH(0x1ef7518), "............in-addr.arpa", "PTR") called at /usr/local/cpanel/Cpanel/DNS/Unbound.pm line 416
The PTR is still correct even if the test fails

Only once did he give the test ok, otherwise from Time out
My last response indicated that this issue is in fact not resolved.
The newest update i have for this is that it is fixed in v86 and it looks like just a few minutes ago it was updated to be included in the next build of cPanel v84 as well. When there is an update, that puts this in a RELEASE version of cPanel & WHM I'll update this thread


I have the same

DNS DCV: The system failed to determine whether “domain.ch” is a registered domain because of a DNS error: (XID rxs8ya) DNS returned “SERVFAIL” (code 2) in response to the system’s query for “domain.ch”’s “NS” records.; HTTP DCV: The system failed to determine whether “domain.ch” is a registered domain because of a DNS error: (XID rxs8ya) DNS returned “SERVFAIL” (code 2) in response to the system’s query for “domain.ch”’s “NS” records.
I'm not convinced this is the same issue - what if anything is output to the cPanel error log at /usr/local/cpanel/logs/error_log
 
  • Like
Reactions: ciao70

javiersierrad

Registered
Nov 19, 2019
2
0
1
Mexico
cPanel Access Level
Root Administrator
Same problem here... Any news?

DNS DCV: The system failed to determine whether “domain.com” is a registered domain because of a DNS error: (XID zxxcdz) DNS returned “SERVFAIL” (code 2) in response to the system’s query for “domain.com”’s “NS” records.; HTTP DCV: The system failed to determine whether “domain.com” is a registered domain because of a DNS error: (XID zxxcdz) DNS returned “SERVFAIL” (code 2) in response to the system’s query for domain.com”’s “NS” records.
 

planetc

Registered
Apr 24, 2018
3
0
1
Canada
cPanel Access Level
Root Administrator
I had the same issue, but I was able to solve it by opening up port 53 on both inbound & outbound UDP ports on the Firewall. (TCP should already be open on your firewall but UDP port thing must be new) cPanel support technician told me that UDP is also required for Autossl to communicate with root nameservers. Once I opened it up, everything started working fine. Hope this helps.
 

alibaba4567

Member
Jun 22, 2018
6
0
1
Spain
cPanel Access Level
Root Administrator
Hi, I have the same problem. For a week I have alerts about certificates. My ticket is 13808829.

What I see is that in the DNS of each account, the specific record is not created to verify the certificate.
 

jaxtheking

Registered
Nov 21, 2019
1
0
1
Belfast
cPanel Access Level
Root Administrator
Hi @cPanelLauren,
I'm just after installing v84.0.14 and have restarted the DNS server just in case - however DCV keeps failing for me.

EDIT: it eventually worked, not sure why it did not straight after upgrading.Good job!
 
Last edited:

tracy771

Registered
Nov 21, 2019
1
0
0
uk
cPanel Access Level
Website Owner
Self-signed

An error occurred the last time AutoSSL ran, on November 21, 2019:

DNS DCV: The system failed to determine whether “domain.com” is a registered domain because of a DNS error: (XID djpuau) DNS returned “SERVFAIL” (code 2) in response to the system’s query for “domain.com”’s “NS” records.; HTTP DCV: The system failed to determine whether “domain.com” is a registered domain because of a DNS error: (XID djpuau) DNS returned “SERVFAIL” (code 2) in response to the system’s query for “domain.com”’s “NS” records.
 
Last edited by a moderator:

alibaba4567

Member
Jun 22, 2018
6
0
1
Spain
cPanel Access Level
Root Administrator
Hello,


As per my last response, this issue was resolved in v84.0.14 which from looking at your ticket you updated to overnight. The ticket is currently awaiting your response for confirmation that you're no longer experiencing the issue.
Hi Lauren. I have waited until now for the automatic SSL process to run. I am sorry to inform you that the problem persists. I leave you a capture of one of the domains, in this state I have enough.

In the email he tells me:
DNS DCV: The system failed to determine whether “***. Com” is a registered domain because of a DNS error: (XID 353bfs) DNS returned “SERVFAIL” (code 2) in response to the system's query for “**. Com” 's “NS” records .; HTTP DCV: The system failed to determine whether “*. Com” is a registered domain because of a DNS error: (XID 353bfs) DNS returned “SERVFAIL” (code 2) in response to the system's query for “* ****. com ”'s“ NS ”records.


If I wanted to ask you, as I see differences between a domain with a current certificate and another with an error when renewing a certificate, I see that in the DNS zone of the certificate that is ok there is a type register: _cpanel-dcv-test-record. But in the DNS zone of accounts that cannot renew certificate, this record does not exist.

The AutoSLL log shows:

23:04:14 Analyzing “*”’s domains …
23:04:14 Analyzing “**.co*” …
23:04:14 ERROR TLS Status: Defective
ERROR Certificate expiry: 24/11/19 0:00 UTC (2,08 days from now)
ERROR Defect: ALMOST_EXPIRED: The certificate will expire very soon.
23:04:14 Attempting to ensure the existence of necessary CAA records …
23:04:14 No CAA records were created.
23:04:14 Verifying “cPanel (powered by Sectigo)”’s authorization on domains via DNS CAA records …
23:04:14 AVISAR DNS query error: (XID sy8k4c) DNS returned “SERVFAIL” (code 2) in response to the system’s query for “**.co*”’s “CAA” records. at /usr/local/cpanel/Cpanel/DnsRoots/CAA.pm line 114.
AVISAR DNS query error: (XID p4wrw3) DNS returned “SERVFAIL” (code 2) in response to the system’s query for “www.******.co*”’s “CAA” records. at /usr/local/cpanel/Cpanel/DnsRoots/CAA.pm line 114.
AVISAR DNS query error: (XID sy8k4c) DNS returned “SERVFAIL” (code 2) in response to the system’s query for “**.co*”’s “CAA” records. at /usr/local/cpanel/Cpanel/DnsRoots/CAA.pm line 114.
AVISAR DNS query error: (XID vq2teh) DNS returned “SERVFAIL” (code 2) in response to the system’s query for “mail.**.co*”’s “CAA” records. at /usr/local/cpanel/Cpanel/DnsRoots/CAA.pm line 114.
AVISAR DNS query error: (XID sy8k4c) DNS returned “SERVFAIL” (code 2) in response to the system’s query for “**.co*”’s “CAA” records. at /usr/local/cpanel/Cpanel/DnsRoots/CAA.pm line 114.
AVISAR DNS query error: (XID 9nrnhd) DNS returned “SERVFAIL” (code 2) in response to the system’s query for “cpanel.**.co*”’s “CAA” records. at /usr/local/cpanel/Cpanel/DnsRoots/CAA.pm line 114.
AVISAR DNS query error: (XID sy8k4c) DNS returned “SERVFAIL” (code 2) in response to the system’s query for “**.co*”’s “CAA” records. at /usr/local/cpanel/Cpanel/DnsRoots/CAA.pm line 114.
AVISAR DNS query error: (XID gu3ydj) DNS returned “SERVFAIL” (code 2) in response to the system’s query for “webdisk.**.co*”’s “CAA” records. at /usr/local/cpanel/Cpanel/DnsRoots/CAA.pm line 114.
AVISAR DNS query error: (XID sy8k4c) DNS returned “SERVFAIL” (code 2) in response to the system’s query for “**.co*”’s “CAA” records. at /usr/local/cpanel/Cpanel/DnsRoots/CAA.pm line 114.
AVISAR DNS query error: (XID cep5sd) DNS returned “SERVFAIL” (code 2) in response to the system’s query for “webmail.**.co*”’s “CAA” records. at /usr/local/cpanel/Cpanel/DnsRoots/CAA.pm line 114.
AVISAR DNS query error: (XID sy8k4c) DNS returned “SERVFAIL” (code 2) in response to the system’s query for “**.co*”’s “CAA” records. at /usr/local/cpanel/Cpanel/DnsRoots/CAA.pm line 114.
AVISAR DNS query error: (XID tbxfb3) DNS returned “SERVFAIL” (code 2) in response to the system’s query for “autodiscover.**.co*”’s “CAA” records. at /usr/local/cpanel/Cpanel/DnsRoots/CAA.pm line 114.
AVISAR DNS query error: (XID sy8k4c) DNS returned “SERVFAIL” (code 2) in response to the system’s query for “**.co*”’s “CAA” records. at /usr/local/cpanel/Cpanel/DnsRoots/CAA.pm line 114.
“cPanel (powered by Sectigo)” is authorized to issue certificates for all domains.
23:04:14 Performing HTTP DCV (Domain Control Validation) on 7 domains …
23:04:14 ERROR The system failed to determine whether “**.co*” is a registered domain because of a DNS error: (XID 353bfs) DNS returned “SERVFAIL” (code 2) in response to the system’s query for “**.co*”’s “NS” records.
ERROR The system failed to determine whether “**.co*” is a registered domain because of a DNS error: (XID 353bfs) DNS returned “SERVFAIL” (code 2) in response to the system’s query for “**.co*”’s “NS” records.
ERROR The system failed to determine whether “**.co*” is a registered domain because of a DNS error: (XID 353bfs) DNS returned “SERVFAIL” (code 2) in response to the system’s query for “**.co*”’s “NS” records.
ERROR The system failed to determine whether “**.co*” is a registered domain because of a DNS error: (XID 353bfs) DNS returned “SERVFAIL” (code 2) in response to the system’s query for “**.co*”’s “NS” records.
ERROR The system failed to determine whether “**.co*” is a registered domain because of a DNS error: (XID 353bfs) DNS returned “SERVFAIL” (code 2) in response to the system’s query for “**.co*”’s “NS” records.
ERROR The system failed to determine whether “**.co*” is a registered domain because of a DNS error: (XID 353bfs) DNS returned “SERVFAIL” (code 2) in response to the system’s query for “**.co*”’s “NS” records.
ERROR The system failed to determine whether “**.co*” is a registered domain because of a DNS error: (XID 353bfs) DNS returned “SERVFAIL” (code 2) in response to the system’s query for “**.co*”’s “NS” records.
23:04:14 No local DNS DCV is necessary.