cPanel AutoSSL Redirect Error: Exclude files from being redirected

David Digal

Member
Dec 5, 2017
7
1
3
New Zealand
cPanel Access Level
Root Administrator
Hi there,

I am using WordPress Multisite. This website that I am getting the SSL error is part of the multisite. I am not able to renew my SSL certificate due to the following error:

The validation required 1 HTTP redirect, but the AutoSSL provider “cPanel (powered by Comodo)” does not permit HTTP redirects. When the system accessed the “http:///.well-known/pki-validation/096FD5CDB2FFDF0548AAE2726007E358.txt” URL, it redirected to the “http:///.well-known/pki-validation/096FD5CDB2FFDF0548AAE2726007E358.txt” URL.


How can I exclude the files accessed by AutoSSL and Let's Encrypt from being redirected in a WordPress Multisite.
Or just exclude this folder ".well-known" from being redirected.

I've have tried using this .htaccess code but this haven't worked for me.

RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^/\d+\.BIN_AUTOSSL_CHECK_PL__\.\w+\.tmp$ [NC]
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/ [NC]
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}


Thank you for your help.

Regards,
David.
 

David Digal

Member
Dec 5, 2017
7
1
3
New Zealand
cPanel Access Level
Root Administrator
Hi Michael,

I article that you suggested didn't help with the problem that I am having. Still struggling with the problem.

My problem is when when AutoSSL is trying to access this file “http://domain.tld/.well-known/pki-validation/096FD5CDB2FFDF0548AAE2726007E358.txt", it is getting redirected to “http://domain.tld/.well-known/pki-validation/096FD5CDB2FFDF0548AAE2726007E358.txt

How can we disable the redirection in Cpanel when AutoSSL is trying to access the above file for validation.

How can I exclude the files accessed by AutoSSL and Let's Encrypt from being redirected when renewing the SSL certificate in a multisite?

I hope you can help me with this problem. Thank you.

Regards,
David.
 
Last edited by a moderator:

David Digal

Member
Dec 5, 2017
7
1
3
New Zealand
cPanel Access Level
Root Administrator

Tearabite

Well-Known Member
Nov 28, 2010
84
12
58
Southern California
cPanel Access Level
Root Administrator
Yes, the website is using CloudFlare.
Try disabling cloudflare temporarily and forcing the AutoSSL to see if it works then (there is a known/documented issue with AutoSSL and CloudFlare)..
If that works, you will still run into this issue every 90 days when it’s time to renew the cert so I’m wondering if it’s possible to create a rule in Cloudflare to bypass this path...
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,216
463
Hello David,

Thank you for the additional information. I'm assuming you already have "Use a Global DCV Passthrough instead of .htaccess modification (requires EA4)" enabled under the "Domains" tab in "WHM >> Tweak Settings". If so, here are a couple of rules you could add to the .htaccess file that have worked for others facing the same issue:

Code:
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
Let us know if this helps.

Thank you.
 

Nirjonadda

Well-Known Member
May 8, 2013
736
27
78
cPanel Access Level
Root Administrator
Hello David,

Thank you for the additional information. I'm assuming you already have "Use a Global DCV Passthrough instead of .htaccess modification (requires EA4)" enabled under the "Domains" tab in "WHM >> Tweak Settings". If so, here are a couple of rules you could add to the .htaccess file that have worked for others facing the same issue:

Code:
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
Let us know if this helps.

Thank you.
I am already have enabled "Use a Global DCV Passthrough instead of .htaccess modification (requires EA4)" but still getting The validation required 2 HTTP redirects. So do we need this rules add in .htaccess file?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,216
463
I am already have enabled "Use a Global DCV Passthrough instead of .htaccess modification (requires EA4)" but still getting The validation required 2 HTTP redirects. So do we need this rules add in .htaccess file?
Yes, those rules may help if you have existing Mod_Rewrite rules that are redirecting the requests to the AutoSSL DCV files.

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,216
463
Hello,

It's possible your CloudFlare configuration is causing this issue. Feel free to open a support ticket if you'd like us to take a closer look to rule out any issues with the cPanel server.

Thank you.
 

grayloon

Well-Known Member
Oct 31, 2007
117
4
68
Evansville, IN
cPanel Access Level
Root Administrator
Twitter
It's possible your CloudFlare configuration is causing this issue.
I'm also using Cloudflare in front of my cPanel sites, and I can confirm that it doesn't play well with AutoSSL. In most cases, Cloudflare providing the SSL isn't an issue. However, some of my customers have their own domain in internal DNS. This bypasses Cloudflare and goes directly to my cPanel server where I must have an SSL in place via AutoSSL. Since Cloudflare is forcing HTTPS, the AutoSSL request is redirected and fails.
 

philsward

Active Member
Jan 3, 2017
26
9
3
USA
cPanel Access Level
Website Owner
Ok, so just to clarify...

We're supposed to have SSL on a website, and do our best (redirect) all non ssl requests to https, however when we re-direct an incoming request from non-ssl to ssl, this causes the recent updates to the DCV to fail because it won't allow a redirect?

What gives?

The workaround is to go add a whitelist rule to every .htaccess on the server? Are you kidding?? It's easier for tens of thousands of people running hundreds of thousands of websites to add a custom redirect than it is for the devs at cPanel to write a check against a non-ssl redirect?

So confused...

BTW, when was this locked down? I didn't have problems until the most recent round of updates required for late April 2018... I've always had redirects and it's never been an issue.
 
Last edited:

philsward

Active Member
Jan 3, 2017
26
9
3
USA
cPanel Access Level
Website Owner
Wrote up some instructions that "might" help some folks if you have control over your entire server (i.e VPS)

- Removed -
 
Last edited by a moderator: