Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cPanel AutoSSL Redirect Error: Exclude files from being redirected

Discussion in 'Security' started by David Digal, Dec 5, 2017.

  1. David Digal

    David Digal Member

    Joined:
    Dec 5, 2017
    Messages:
    7
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    New Zealand
    cPanel Access Level:
    Root Administrator
    Hi there,

    I am using WordPress Multisite. This website that I am getting the SSL error is part of the multisite. I am not able to renew my SSL certificate due to the following error:

    The validation required 1 HTTP redirect, but the AutoSSL provider “cPanel (powered by Comodo)” does not permit HTTP redirects. When the system accessed the “http:///.well-known/pki-validation/096FD5CDB2FFDF0548AAE2726007E358.txt” URL, it redirected to the “http:///.well-known/pki-validation/096FD5CDB2FFDF0548AAE2726007E358.txt” URL.


    How can I exclude the files accessed by AutoSSL and Let's Encrypt from being redirected in a WordPress Multisite.
    Or just exclude this folder ".well-known" from being redirected.

    I've have tried using this .htaccess code but this haven't worked for me.

    RewriteCond %{HTTPS} off
    RewriteCond %{REQUEST_URI} !^/\d+\.BIN_AUTOSSL_CHECK_PL__\.\w+\.tmp$ [NC]
    RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/ [NC]
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}


    Thank you for your help.

    Regards,
    David.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    41,502
    Likes Received:
    1,616
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
  3. David Digal

    David Digal Member

    Joined:
    Dec 5, 2017
    Messages:
    7
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    New Zealand
    cPanel Access Level:
    Root Administrator
    Thanks Michael,

    I'll go through the thread that you've suggested and will get you know if i'm able to solve the problem.

    Thanks,
    David.
     
  4. David Digal

    David Digal Member

    Joined:
    Dec 5, 2017
    Messages:
    7
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    New Zealand
    cPanel Access Level:
    Root Administrator
    Hi Michael,

    I article that you suggested didn't help with the problem that I am having. Still struggling with the problem.

    My problem is when when AutoSSL is trying to access this file “http://domain.tld/.well-known/pki-validation/096FD5CDB2FFDF0548AAE2726007E358.txt", it is getting redirected to “http://domain.tld/.well-known/pki-validation/096FD5CDB2FFDF0548AAE2726007E358.txt

    How can we disable the redirection in Cpanel when AutoSSL is trying to access the above file for validation.

    How can I exclude the files accessed by AutoSSL and Let's Encrypt from being redirected when renewing the SSL certificate in a multisite?

    I hope you can help me with this problem. Thank you.

    Regards,
    David.
     
    #4 David Digal, Dec 5, 2017
    Last edited by a moderator: Dec 6, 2017
  5. Tearabite

    Tearabite Well-Known Member

    Joined:
    Nov 28, 2010
    Messages:
    56
    Likes Received:
    9
    Trophy Points:
    58
    Location:
    Southern California
    cPanel Access Level:
    Root Administrator
    Is the site using Cloudflare?
     
  6. David Digal

    David Digal Member

    Joined:
    Dec 5, 2017
    Messages:
    7
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    New Zealand
    cPanel Access Level:
    Root Administrator
    Yes, the website is using CloudFlare.
     
  7. David Digal

    David Digal Member

    Joined:
    Dec 5, 2017
    Messages:
    7
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    New Zealand
    cPanel Access Level:
    Root Administrator
  8. Tearabite

    Tearabite Well-Known Member

    Joined:
    Nov 28, 2010
    Messages:
    56
    Likes Received:
    9
    Trophy Points:
    58
    Location:
    Southern California
    cPanel Access Level:
    Root Administrator
    Try disabling cloudflare temporarily and forcing the AutoSSL to see if it works then (there is a known/documented issue with AutoSSL and CloudFlare)..
    If that works, you will still run into this issue every 90 days when it’s time to renew the cert so I’m wondering if it’s possible to create a rule in Cloudflare to bypass this path...
     
  9. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    41,502
    Likes Received:
    1,616
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello David,

    Thank you for the additional information. I'm assuming you already have "Use a Global DCV Passthrough instead of .htaccess modification (requires EA4)" enabled under the "Domains" tab in "WHM >> Tweak Settings". If so, here are a couple of rules you could add to the .htaccess file that have worked for others facing the same issue:

    Code:
    RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
    RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
    Let us know if this helps.

    Thank you.
     
  10. Nirjonadda

    Nirjonadda Well-Known Member

    Joined:
    May 8, 2013
    Messages:
    524
    Likes Received:
    14
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    I am already have enabled "Use a Global DCV Passthrough instead of .htaccess modification (requires EA4)" but still getting The validation required 2 HTTP redirects. So do we need this rules add in .htaccess file?
     
  11. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    41,502
    Likes Received:
    1,616
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Yes, those rules may help if you have existing Mod_Rewrite rules that are redirecting the requests to the AutoSSL DCV files.

    Thank you.
     
  12. Nirjonadda

    Nirjonadda Well-Known Member

    Joined:
    May 8, 2013
    Messages:
    524
    Likes Received:
    14
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Still does not work. I think need to disable Always use HTTPS in cloudflare.

    ScreenShot00040.png
     
    cPanelMichael likes this.
  13. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    41,502
    Likes Received:
    1,616
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Let us know if disabling that option helps.

    Thank you.
     
  14. Nirjonadda

    Nirjonadda Well-Known Member

    Joined:
    May 8, 2013
    Messages:
    524
    Likes Received:
    14
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Still are AutoSSL Pending Queue from Request Time Dec 15, 2017 6:09:41 PM
     
  15. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    41,502
    Likes Received:
    1,616
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    It's possible your CloudFlare configuration is causing this issue. Feel free to open a support ticket if you'd like us to take a closer look to rule out any issues with the cPanel server.

    Thank you.
     
  16. grayloon

    grayloon Well-Known Member

    Joined:
    Oct 31, 2007
    Messages:
    103
    Likes Received:
    2
    Trophy Points:
    68
    Location:
    Evansville, IN
    cPanel Access Level:
    Root Administrator
    Twitter:
    I'm also using Cloudflare in front of my cPanel sites, and I can confirm that it doesn't play well with AutoSSL. In most cases, Cloudflare providing the SSL isn't an issue. However, some of my customers have their own domain in internal DNS. This bypasses Cloudflare and goes directly to my cPanel server where I must have an SSL in place via AutoSSL. Since Cloudflare is forcing HTTPS, the AutoSSL request is redirected and fails.
     
  17. cPWilliamL

    cPWilliamL cP Technical Analyst II
    Staff Member

    Joined:
    May 15, 2017
    Messages:
    257
    Likes Received:
    27
    Trophy Points:
    103
    Location:
    America
    cPanel Access Level:
    Root Administrator
    The CloudFlare option 'Always use HTTPS' will certainly cause issues with AutoSSL. This should be disabled.
     
Loading...

Share This Page