cPanel Service SSL Certificate Warnings

Operating System & Version
CENTOS 7.8 KVM
cPanel & WHM Version
V86.0.21

maaitland

Registered
May 25, 2020
2
1
1
Liverpool, England
cPanel Access Level
Root Administrator
Hello,

I'm sorry if this issue has been posted before—couldn't find an actual fix for the issue. :)

Every morning at around 02:55 I'm sent an e-mail titled "cPanel Service SSL Certificate Warnings".

The error message within the e-mail states the following:
Code:
The system failed to acquire a signed certificate from the cPanel Store because of the following error: Neither HTTP nor DNS DCV preflight checks succeeded!
I've went into "WHM", "Contact Manager", "Notifications", and changed "cPanel Service SSL Certificate Warnings" to "Disabled". I'm a little bit concerned I've disabling an important warning that actually needs resolving though.

Any advice regarding this issue would be greatly appreciated. o_O

Thank you,
Luke
 

cPSamuelM

Technical Analyst Team Lead
Staff member
Nov 20, 2019
196
37
103
USA
cPanel Access Level
Root Administrator
Hello Luke (@maaitland)

Thank you for contacting cPanel!

The warning message simply means that the system was not able to generate an SSL certificate. It is likely referring to the server's hostname. The warning is generated by the checkallsslcerts script which runs nightly as part of the automated cPanel update process. For more information see here:

https://docs.cpanel.net/whm/scripts/the-checkallsslcerts-script/

To obtain more details -- for example, which specific domain is affected -- you could run the script manually by logging into your server via SSH and executing the following command:

Code:
/usr/local/cpanel/bin/checkallsslcerts

When the system attempts to order an SSL certificate for domains on your server, it tries to add a text file to the domain's document root which it can then verify the contents of by a web-based check. Alternatively, it can add a DNS record to the domain's DNS zone which it can verify via a DNS query. The first check will fail if the domain does not resolve to an IP address on your server, and the second check will fail if your cPanel server does not control the domain's DNS. It seems that whatever domain failed on your server likely falls into both of these categories: it does not resolve to your server, and your server does not manage its DNS.

The issue could likely be resolved by updating the domain's A record to ensure it points to your server or updating the domain's name servers to point to your server.

Please feel free to let us know if you have any questions, and remember you are welcome to submit a ticket via the link in my signature if you would like our analysts to review the issue directly.

Best regards.
 
  • Like
Reactions: maaitland

maaitland

Registered
May 25, 2020
2
1
1
Liverpool, England
cPanel Access Level
Root Administrator
Hello Luke (@maaitland)

Thank you for contacting cPanel!

The warning message simply means that the system was not able to generate an SSL certificate. It is likely referring to the server's hostname. The warning is generated by the checkallsslcerts script which runs nightly as part of the automated cPanel update process. For more information see here:

https://docs.cpanel.net/whm/scripts/the-checkallsslcerts-script/

To obtain more details -- for example, which specific domain is affected -- you could run the script manually by logging into your server via SSH and executing the following command:

Code:
/usr/local/cpanel/bin/checkallsslcerts

When the system attempts to order an SSL certificate for domains on your server, it tries to add a text file to the domain's document root which it can then verify the contents of by a web-based check. Alternatively, it can add a DNS record to the domain's DNS zone which it can verify via a DNS query. The first check will fail if the domain does not resolve to an IP address on your server, and the second check will fail if your cPanel server does not control the domain's DNS. It seems that whatever domain failed on your server likely falls into both of these categories: it does not resolve to your server, and your server does not manage its DNS.

The issue could likely be resolved by updating the domain's A record to ensure it points to your server or updating the domain's name servers to point to your server.

Please feel free to let us know if you have any questions, and remember you are welcome to submit a ticket via the link in my signature if you would like our analysts to review the issue directly.

Best regards.
Hello Samuel (@cPSamuel)

Thank you for your reply; greatly appreciated and a huge help.

I'll get back to you if I need any more advice.

Thank you again,
Luke
 
  • Like
Reactions: cPanelLauren