cPanel Service SSL Certificate Warnings

Feb 5, 2019
8
1
3
Erbil
cPanel Access Level
Root Administrator
hi,
I am receiving cPanel Service SSL Certificate Warnings emails , i haven't seen this email warnings before !! the warning email content is :

Code:
⚠ 1 service generated warnings while checking SSL certificates.

    
The following cPanel service generated warnings from the checkallsslcerts script.

⚠ cpanel
The system failed to acquire a signed certificate from the cPanel Store because of the following error: Neither HTTP nor DNS DCV preflight checks succeeded!
This notice is the result of a request from “/usr/local/cpanel/bin/checkallsslcerts”.
I have checked Daily Process Log there is ssl_log.bkup shows in Top Processes uses 99.9 of CPU by awstats.pl ! should i be concerned about ?
ssllog.png
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,269
313
Houston
Hi @Rawand Bradosty


1. It sounds like the hostname SSL function is unable to complete due to being unable to resolve the hostname. Have you made any modifications to this recently? Furthermore can you run the following (any output added here should have the hostname obfuscated for privacy)

This should give the server's current hostname when run via CLI
Code:
host
If it's incorrect then you should go to WHM>>Networking Setup>>Change Hostname

If it is correct you should then confirm it does resolve to your server:

Code:
dig a host.name.tld
2. It looks like when you checked your server your awstats was in the process of updating if it's not still running I don't believe you have a need to be concerned about it. You can check if the process is still running easily by running the following:

Code:
ps faux |grep awstats
 
Feb 5, 2019
8
1
3
Erbil
cPanel Access Level
Root Administrator
Hi @cPanelLauren

I haven't made any modifications to hostname or SSL settings! but I have changed the server IP address from
Basic WebHost Manager® Setup about 2 weeks ago due to security reasons , also i have made changes to Redirection in Tweak Settings and don't believe this could cause this!?

the host command didn't worked for me , so i have tried hostname instead and it worked the result shows my server hostname xxx.domain.net ,

and the command dig a xxx.domian.net :
Code:
[[email protected] ~]# dig a xxx.xxxxxx.net

; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> a xxx.xxxxxx.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 46307
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;xxx.xxxxxx.net.                        IN      A

;; AUTHORITY SECTION:
xxxxxx.net.             3600    IN      SOA     max.ns.cloudflare.com. dns.cloudflare.com. 2030177117 10000 2400 604800 3600

;; Query time: 16 msec
;; SERVER: 213.133.98.98#53(213.133.98.98)
;; WHEN: Wed Feb 27 00:25:42 CET 2019
;; MSG SIZE  rcvd: 104

and the results for ps faux |grep awstats :

Code:
[[email protected] ~]# ps faux |grep awstats
root      91834  0.0  0.0 112708   972 pts/0    S+   00:47   0:00          \_ grep --color=auto awstats
appreciate your help
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,269
313
Houston
Hi @Rawand Bradosty

You're right it's hostname not host - that's my fault. So that output doesn't show an IP address for the hostname and it shows it's being routed through CloudFlare. My assumption is you'll need to remove the hostname from cloudflare or pause cloudflare, then run the following:

Code:
/usr/local/cpanel/bin/checkallsslcerts
And it should complete successfully.

As far as awstats it's not currently running so I'd assume there as well that the stats processes successfully.
 
  • Like
Reactions: Rawand Bradosty
Feb 5, 2019
8
1
3
Erbil
cPanel Access Level
Root Administrator
Hi @cPanelLauren

I am only using my primary domain xxxxxx.net and www.xxxxx.net on CloudFlare, but I haven't added my server hostname subdomain to CloudFlare because i didn't wanted to expose my server hostname and IP address,
any way I have tried and paused CloudFlare running the command it was not successful! after I added my server hostname on CloudFlare DNS this time cPanel SSL Certificate completed successfully , I received email confirmation too. is it ok if I remove the hostname subdomain on cloudflare since Certificate completed successfully ?

and thank you so much for helping I really appreciate that.
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,269
313
Houston
after I added my server hostname on CloudFlare DNS this time cPanel SSL Certificate completed successfully , I received email confirmation too. is it ok if I remove the hostname subdomain on cloudflare since Certificate completed successfully ?
Yes you can remove it, just keep in mind next year you'll need to re-add it so that the certificate can process.


I'm glad I was able to help!!
 

Bob1965

Member
Aug 30, 2018
23
3
3
Germany
cPanel Access Level
Root Administrator
Hi I am having this same issue the past couple of weeks and don't quite understand the solution. I have changed nothing on the server (rather vps).. I did all you said above and my output shows the correct server name:

Code:
[[email protected] ~]# dig a ds1.example.com

; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> a ds1.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 7118
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ds1.example.com.   IN      A

;; AUTHORITY SECTION:
com.                    900     IN      SOA     a.gtld-servers.net. nstld.verisign-grs.com. 1551974025 1800 900 604800 86400

;; Query time: 6 msec
;; SERVER: 213.136.xx.xx#53(213.136.xx.xx)
;; WHEN: Thu Mar 07 16:54:01 CET 2019
;; MSG SIZE  rcvd: 129

[[email protected] ~]#
I am not worried about exposing my server name because the IP is there and it can be found out anyways.. What I do not understand here is the authority section.. what is all that? His showed cloudfare, mine shows:

a.gtld-servers.net. nstld.verisign-grs.com. <-- have no idea what that is..

I would like to know how to fix this problem with the emails coming once a day saying:

The system failed to acquire a signed certificate from the cPanel Store because of the following error: Neither HTTP nor DNS DCV preflight checks succeeded!

Regards,
Bob
 
Last edited by a moderator:

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,269
313
Houston
This output indicates that the hostname does not resolve properly to an IP address. The servers listed in the Authority section are the root nameservers queried. These wouldn't be anything you control but they must report the IP address of the server in order for it to resolve.

The hostname needs to resolve to an IP address in order to get issued the certificate