Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Cpanel, auto certs behind load balancer

Discussion in 'Security' started by jeff brown, Jul 18, 2017.

Tags:
  1. jeff brown

    jeff brown Member

    Joined:
    May 2, 2017
    Messages:
    7
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Costa Rica
    cPanel Access Level:
    Root Administrator
    So this may be a new problem, a search over the older AutoSSL / cPannel threads doesn't seem to match up with this.

    Context: we have two nearly identical cPanels running behind a load balancer, We painstakeingly matched the config on both, each has a doc root on different devices that are rsynced together. Previously we were using a wild card DNS to cover everything.

    We decided to try and switch over to the AutoSSL, but Comodo has been reporting
    Code:
    [B]4:56:23 PM WARN The domain “<ourdomain>.com” failed domain control validation: The system queried for a temporary file at “<a href="http://<ourdomain>.com/34F5BD402D1AB81B43FD226E364082D1.txt">http://<ourdomain>.com/34F5BD402D1AB81B43FD226E364082D1.txt</a>”, but the web server responded with the following error: 401 (Authorization Required). A <abbr title="Domain Name System">DNS</abbr> or web server misconfiguration may exist. The domain “<ourdomain>.com” resolved to an IP address “<our-load-balancer-ip>” that does not exist on this server.[/B]
[code]
Which, is technically true since the two cPanel instances have a different ip, and the load balancer sends traffic to them.

Is there a way to let komodo know, say a public ip vs. a private ip? or private set of ips?  Or perhaps, to signal that it should relax that particular test???

Worst case, we can go back to directly managing the wildcard domain, but we would prefer to take advantage of the autoSSl if we can.

Thanks for any info.
     
    #1 jeff brown, Jul 18, 2017
    Last edited by a moderator: Jul 18, 2017
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,304
    Likes Received:
    2,155
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    The domain validation process requires the domain name to resolve to an IP address associated with the cPanel server the domain name is added to. It's not possible to circumvent this requirement at this time, but I encourage you to add feedback and vote to the following feature request if you'd like to see an alternative to this method of validation:

    AutoSSL: DNS challenge validation

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 cPanelMichael, Jul 18, 2017
(You must log in or sign up to post here.)
Loading...
Similar Threads - Cpanel auto certs
  1. jndawson

    In Progress [CPANEL-26814] AutoSSL last ran on December 31, 1969

    jndawson, Jun 11, 2019, in forum: Security
    Replies:
    11
    Views:
    265
    jndawson
    Jun 14, 2019 at 1:40 PM
  2. mateita

    In Progress [CPANEL-27188] AutoSSL - issues with gov.co domains

    mateita, May 15, 2019, in forum: Security
    Replies:
    5
    Views:
    197
    cPanelLauren
    Jun 10, 2019
  3. Ebad

    Move some domains from LetsEncrypt to cPanel AutoSSL?

    Ebad, May 2, 2019, in forum: Security
    Replies:
    3
    Views:
    281
    cPanelMichael
    May 2, 2019
  4. Mrinmoy

    SOLVED Can cPanel perform automatic full backups?

    Mrinmoy, May 2, 2019, in forum: Data Protection
    Replies:
    2
    Views:
    200
    Mrinmoy
    May 2, 2019
  5. adeyjones

    SOLVED [CPANEL-26207] AutoSSL - Domains not passing validation

    adeyjones, Apr 26, 2019, in forum: Security
    Replies:
    14
    Views:
    908
    cPanelLauren
    May 13, 2019

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice