DCV challenge returned no TXT record error

Peterv3210

Member
Feb 7, 2019
8
2
3
Netherlands
cPanel Access Level
Root Administrator
Hi

I get the following error message from cpanel that it cannot renew some certificates. I looked arround this forum and found some similar posts but i cannot figure out how to fix this.
Code:
DNS DCV: The DNS query to “_cpanel-dcv-test-record.example.nl” for the DCV challenge returned no “TXT” record that matches the value “_cpanel-dcv-test-record=qjtv4DOsJ2ItpmbSzWK78GFEwjgixNPBCE9UsOpR3A9YLbNs67gyUqusxSoYvpxG”.; HTTP DCV: The system queried for a temporary file at “http://example.nl/.well-known/pki-validation/48B419CDA5C14A4EC5AFDDC596E35B44.txt”, but the web server responded with the following error: 404 (Not Found). A DNS (Domain Name System) or web server misconfiguration may exist.
Thanks in advance,

Peter
 
Last edited by a moderator:

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,298
1,279
313
Houston
Hello @Peterv3210

This is happening because not only does the DCV fall back fail to validate that your domain resolves to your server but it's also unable to validate the txt file. The latter is done with a curl request. You can try this as well by running the following:

Code:
curl -kvv http://domain.tld/.well-known/pki-validation/test.txt
The results of that usually give me a good idea of how things went wrong. In a lot of cases, similar to this one there's something in the .htaccess or a DNS issue preventing the checks from completing
 

Peterv3210

Member
Feb 7, 2019
8
2
3
Netherlands
cPanel Access Level
Root Administrator
Hi,

Thanks for your reply

I ran through all the steps in the "AutoSSL Troubleshooting Steps" And when i run the curl request i get:

Code:
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /.well-known/pki-validation/3B85B33EE5D584F73669975E04F8090E.txt was not found on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
<hr>
<address>Apache/2.4.38 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4 Server at example.nl Port 80</address>
</body></html>
* Connection #0 to host example.nl left intact
I also tried to change the htaccess with or without the RewriteCond file but to no avail.

Peter
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,298
1,279
313
Houston
That hash file is removed a lot of the time as soon as the DCV check is requested, this is why I noted that you should use a test.txt file, you can just create an empty one and place it in the pki-validation directory.

Can you do that and try again?
 

Peterv3210

Member
Feb 7, 2019
8
2
3
Netherlands
cPanel Access Level
Root Administrator
Hi @cPanelLauren,

I ran it again,

but unfortunately with the same result:
Code:
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /.well-known/pki-validation/test.txt was not found on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
<hr>
<address>Apache/2.4.38 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4 Server at example.nl Port 80</address>
</body></html>
* Connection #0 to host example.nl left intact
I don't know if its worth noting but a empty "/.well-known/pki-validation/" directory also exists
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,298
1,279
313
Houston
Hi @Peterv3210

Just to confirm you created the test.txt file first right? Are you aware of any customizations/includes that would affect the hostname vhost? You can check this at WHM>>Service Configuration>>Apache Configuration -> Include Editor
 

Peterv3210

Member
Feb 7, 2019
8
2
3
Netherlands
cPanel Access Level
Root Administrator
Hi @cPanelLauren,

Sorry i wasn't aware that i had to create the file manually, thought the .htaccess would handle that.
When I run the curl request with the manually created test.text the result is:

Code:
*   Trying 123.456.789.000...
* Connected to example.nl (123.456.789.000) port 80 (#0)
> GET /.well-known/pki-validation/test.txt HTTP/1.1
> Host: example.nl
> User-Agent: curl/7.43.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Sat, 09 Feb 2019 07:20:45 GMT
< Server: Apache/2.4.38 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4
< Last-Modified: Sat, 09 Feb 2019 07:20:15 GMT
< ETag: "0-58170e839e24d"
< Accept-Ranges: bytes
< Content-Length: 0
< Content-Type: text/plain
<
* Connection #0 to host example.nl left intact
When checking WHM>>Service Configuration>>Apache Configuration -> Include Editor, the Pre Main Include, Pre Virtual Host Include, Post Virtual Host Include all have the dropdown set to "Select an Apache Version"
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,298
1,279
313
Houston
Hi @Peterv3210

Sorry i wasn't aware that i had to create the file manually, thought the .htaccess would handle that.
I'm only having you test so the system would not be involved in this. Based on the test.txt curl request it should be able to connect, the 200 response indicates that the request was successful. What's actually in your .htaccess for that domain?

When checking WHM>>Service Configuration>>Apache Configuration -> Include Editor, the Pre Main Include, Pre Virtual Host Include, Post Virtual Host Include all have the dropdown set to "Select an Apache Version"
You'd need to choose the Apache version currently on the system. In most cases this is apache 2.4
 

Peterv3210

Member
Feb 7, 2019
8
2
3
Netherlands
cPanel Access Level
Root Administrator
Hi @cPanelLauren,

What's actually in your .htaccess for that domain?
My .htaccess file is as follows: (Because of the problems with the certificate I had to comment-out the ssl part, i tried it with and without)

Code:
RewriteEngine On

#RewriteCond %{HTTPS} off [OR]
#RewriteCond %{HTTP_HOST} !^example\.nl$ [NC]
#RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
#RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
#RewriteRule ^ https://example.nl%{REQUEST_URI} [R=301,L,NE]

<IfModule mod_rewrite.c>
RewriteBase /
  RewriteRule ^index\.html$ - [L]
  RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
  RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteRule . /index.html [L]
</IfModule>

You'd need to choose the Apache version currently on the system. In most cases this is apache 2.4
When choosing the 2.4.38 (in my case) and after the restart of apache the dropdown is set back to "Select an Apache Version"
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,298
1,279
313
Houston
Hi @Peterv3210


I think at this point it's going to just be best if we are able to investigate this with access to the server.

Can you please open a ticket using the link in my signature? Once open please reply with the Ticket ID here so that we can update this thread with the resolution once the ticket is resolved.


Thanks!