Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

DCV challenge returned no TXT record error

Discussion in 'Security' started by Peterv3210, Feb 7, 2019.

  1. Peterv3210

    Peterv3210 Member

    Joined:
    Feb 7, 2019
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Netherlands
    cPanel Access Level:
    Root Administrator
    Hi

    I get the following error message from cpanel that it cannot renew some certificates. I looked arround this forum and found some similar posts but i cannot figure out how to fix this.
    Code:
    DNS DCV: The DNS query to “_cpanel-dcv-test-record.example.nl” for the DCV challenge returned no “TXT” record that matches the value “_cpanel-dcv-test-record=qjtv4DOsJ2ItpmbSzWK78GFEwjgixNPBCE9UsOpR3A9YLbNs67gyUqusxSoYvpxG”.; HTTP DCV: The system queried for a temporary file at “http://example.nl/.well-known/pki-validation/48B419CDA5C14A4EC5AFDDC596E35B44.txt”, but the web server responded with the following error: 404 (Not Found). A DNS (Domain Name System) or web server misconfiguration may exist.
    
    Thanks in advance,

    Peter
     
    #1 Peterv3210, Feb 7, 2019
    Last edited by a moderator: Feb 7, 2019
  2. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,476
    Likes Received:
    507
    Trophy Points:
    263
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hello @Peterv3210

    This is happening because not only does the DCV fall back fail to validate that your domain resolves to your server but it's also unable to validate the txt file. The latter is done with a curl request. You can try this as well by running the following:

    Code:
    curl -kvv http://domain.tld/.well-known/pki-validation/test.txt 
    The results of that usually give me a good idea of how things went wrong. In a lot of cases, similar to this one there's something in the .htaccess or a DNS issue preventing the checks from completing
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. Peterv3210

    Peterv3210 Member

    Joined:
    Feb 7, 2019
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Netherlands
    cPanel Access Level:
    Root Administrator
    Hi,

    Thanks for your reply

    I ran through all the steps in the "AutoSSL Troubleshooting Steps" And when i run the curl request i get:

    Code:
    <html><head>
    <title>404 Not Found</title>
    </head><body>
    <h1>Not Found</h1>
    <p>The requested URL /.well-known/pki-validation/3B85B33EE5D584F73669975E04F8090E.txt was not found on this server.</p>
    <p>Additionally, a 404 Not Found
    error was encountered while trying to use an ErrorDocument to handle the request.</p>
    <hr>
    <address>Apache/2.4.38 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4 Server at example.nl Port 80</address>
    </body></html>
    * Connection #0 to host example.nl left intact
    
    I also tried to change the htaccess with or without the RewriteCond file but to no avail.

    Peter
     
  4. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,476
    Likes Received:
    507
    Trophy Points:
    263
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    That hash file is removed a lot of the time as soon as the DCV check is requested, this is why I noted that you should use a test.txt file, you can just create an empty one and place it in the pki-validation directory.

    Can you do that and try again?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. Peterv3210

    Peterv3210 Member

    Joined:
    Feb 7, 2019
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Netherlands
    cPanel Access Level:
    Root Administrator
    Hi @cPanelLauren,

    I ran it again,

    but unfortunately with the same result:
    Code:
    <title>404 Not Found</title>
    </head><body>
    <h1>Not Found</h1>
    <p>The requested URL /.well-known/pki-validation/test.txt was not found on this server.</p>
    <p>Additionally, a 404 Not Found
    error was encountered while trying to use an ErrorDocument to handle the request.</p>
    <hr>
    <address>Apache/2.4.38 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4 Server at example.nl Port 80</address>
    </body></html>
    * Connection #0 to host example.nl left intact
    I don't know if its worth noting but a empty "/.well-known/pki-validation/" directory also exists
     
  6. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,476
    Likes Received:
    507
    Trophy Points:
    263
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @Peterv3210

    Just to confirm you created the test.txt file first right? Are you aware of any customizations/includes that would affect the hostname vhost? You can check this at WHM>>Service Configuration>>Apache Configuration -> Include Editor
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. Peterv3210

    Peterv3210 Member

    Joined:
    Feb 7, 2019
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Netherlands
    cPanel Access Level:
    Root Administrator
    Hi @cPanelLauren,

    Sorry i wasn't aware that i had to create the file manually, thought the .htaccess would handle that.
    When I run the curl request with the manually created test.text the result is:

    Code:
    *   Trying 123.456.789.000...
    * Connected to example.nl (123.456.789.000) port 80 (#0)
    > GET /.well-known/pki-validation/test.txt HTTP/1.1
    > Host: example.nl
    > User-Agent: curl/7.43.0
    > Accept: */*
    >
    < HTTP/1.1 200 OK
    < Date: Sat, 09 Feb 2019 07:20:45 GMT
    < Server: Apache/2.4.38 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4
    < Last-Modified: Sat, 09 Feb 2019 07:20:15 GMT
    < ETag: "0-58170e839e24d"
    < Accept-Ranges: bytes
    < Content-Length: 0
    < Content-Type: text/plain
    <
    * Connection #0 to host example.nl left intact
    When checking WHM>>Service Configuration>>Apache Configuration -> Include Editor, the Pre Main Include, Pre Virtual Host Include, Post Virtual Host Include all have the dropdown set to "Select an Apache Version"
     
  8. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,476
    Likes Received:
    507
    Trophy Points:
    263
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @Peterv3210

    I'm only having you test so the system would not be involved in this. Based on the test.txt curl request it should be able to connect, the 200 response indicates that the request was successful. What's actually in your .htaccess for that domain?

    You'd need to choose the Apache version currently on the system. In most cases this is apache 2.4
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. Peterv3210

    Peterv3210 Member

    Joined:
    Feb 7, 2019
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Netherlands
    cPanel Access Level:
    Root Administrator
    Hi @cPanelLauren,

    My .htaccess file is as follows: (Because of the problems with the certificate I had to comment-out the ssl part, i tried it with and without)

    Code:
    RewriteEngine On
    
    #RewriteCond %{HTTPS} off [OR]
    #RewriteCond %{HTTP_HOST} !^example\.nl$ [NC]
    #RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
    #RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
    #RewriteRule ^ https://example.nl%{REQUEST_URI} [R=301,L,NE]
    
    <IfModule mod_rewrite.c>
    RewriteBase /
      RewriteRule ^index\.html$ - [L]
      RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
      RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
      RewriteCond %{REQUEST_FILENAME} !-f
      RewriteCond %{REQUEST_FILENAME} !-d
      RewriteRule . /index.html [L]
    </IfModule>

    When choosing the 2.4.38 (in my case) and after the restart of apache the dropdown is set back to "Select an Apache Version"
     
  10. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,476
    Likes Received:
    507
    Trophy Points:
    263
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @Peterv3210


    I think at this point it's going to just be best if we are able to investigate this with access to the server.

    Can you please open a ticket using the link in my signature? Once open please reply with the Ticket ID here so that we can update this thread with the resolution once the ticket is resolved.


    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  11. Peterv3210

    Peterv3210 Member

    Joined:
    Feb 7, 2019
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Netherlands
    cPanel Access Level:
    Root Administrator
  12. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,476
    Likes Received:
    507
    Trophy Points:
    263
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @Peterv3210

    Thanks! I'm watching that ticket for you and I'll update here when it's resolved.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice