Cpanel, auto certs behind load balancer

jeff brown

Member
May 2, 2017
7
1
3
Costa Rica
cPanel Access Level
Root Administrator
So this may be a new problem, a search over the older AutoSSL / cPannel threads doesn't seem to match up with this.

Context: we have two nearly identical cPanels running behind a load balancer, We painstakeingly matched the config on both, each has a doc root on different devices that are rsynced together. Previously we were using a wild card DNS to cover everything.

We decided to try and switch over to the AutoSSL, but Comodo has been reporting
Code:
[B]4:56:23 PM WARN The domain “<ourdomain>.com” failed domain control validation: The system queried for a temporary file at “<a href="http://<ourdomain>.com/34F5BD402D1AB81B43FD226E364082D1.txt">http://<ourdomain>.com/34F5BD402D1AB81B43FD226E364082D1.txt</a>”, but the web server responded with the following error: 401 (Authorization Required). A <abbr title="Domain Name System">DNS</abbr> or web server misconfiguration may exist. The domain “<ourdomain>.com” resolved to an IP address “<our-load-balancer-ip>” that does not exist on this server.[/B]
[code]
Which, is technically true since the two cPanel instances have a different ip, and the load balancer sends traffic to them.

Is there a way to let komodo know, say a public ip vs. a private ip? or private set of ips?  Or perhaps, to signal that it should relax that particular test???

Worst case, we can go back to directly managing the wildcard domain, but we would prefer to take advantage of the autoSSl if we can.

Thanks for any info.
 
Last edited by a moderator:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,911
2,234
363
Hello,

The domain validation process requires the domain name to resolve to an IP address associated with the cPanel server the domain name is added to. It's not possible to circumvent this requirement at this time, but I encourage you to add feedback and vote to the following feature request if you'd like to see an alternative to this method of validation:

AutoSSL: DNS challenge validation

Thank you.