DNS DCV preflight check failed on all my sites

otakudes

Active Member
Jun 19, 2020
26
5
3
USA
cPanel Access Level
Website Owner
My certificates won't renew on all my sites. Terminal says the urls won't resolve. I notice the hostname is included in the URL. Is that the cause of the error? DigitalOcean is handling my DNS settings.
Code:
[[email protected] ~]# /usr/local/cpanel/bin/checkallsslcerts
The system will check for the certificate for the “cpanel” service.
The system will attempt to verify that the certificate for the “cpanel” service is still valid using OCSP (Online Certificate Status Protocol).
The “cpanel” service’s current certificate comes with the server’s cPanel license. This certificate expires in less than 25 days. The system will attempt to renew and install a new certificate to the “cpanel” service and any other services that use the old certificate.
The system will attempt to install a certificate for the “cpanel” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “cpanel” service.
The system will attempt to install a certificate for the “cpanel” service from the cPanel store.
Setting up HTTP DCV (/var/www/html/.well-known/pki-validation/D108DC3781388CEDB235F061216BCEFF.txt) …
        … complete.
Setting up DNS DCV for “hostname.domain.com” …
        … complete.

Attempting DNS DCV preflight checks …
        hostname.domain.com: DNS DCV preflight check failed; falling back to HTTP …
        www.hostname.domain.com: DNS DCV preflight check failed; falling back to HTTP …
        mail.hostname.domain.com: DNS DCV preflight check failed; falling back to HTTP …
        cpanel.hostname.domain.com: DNS DCV preflight check failed; falling back to HTTP …
        webmail.hostname.domain.com: DNS DCV preflight check failed; falling back to HTTP …
        whm.hostname.domain.com: DNS DCV preflight check failed; falling back to HTTP …
        cpcalendars.hostname.domain.com: DNS DCV preflight check failed; falling back to HTTP …
        cpcontacts.hostname.domain.com: DNS DCV preflight check failed; falling back to HTTP …
hostname.domain.com: Attempting HTTP DCV preflight check …
        … success!
www.hostname.domain.com: Attempting HTTP DCV preflight check …
        “www.hostname.domain.com” does not resolve to any IP addresses on the internet.
whm.hostname.domain.com: Attempting HTTP DCV preflight check …
        “whm.hostname.domain.com” does not resolve to any IP addresses on the internet.
mail.hostname.domain.com: Attempting HTTP DCV preflight check …
        “mail.hostname.domain.com” does not resolve to any IP addresses on the internet.
cpanel.hostname.domain.com: Attempting HTTP DCV preflight check …
        “cpanel.hostname.domain.com” does not resolve to any IP addresses on the internet.
webmail.hostname.domain.com: Attempting HTTP DCV preflight check …
        “webmail.hostname.domain.com” does not resolve to any IP addresses on the internet.
cpcontacts.hostname.domain.com: Attempting HTTP DCV preflight check …
        “cpcontacts.hostname.domain.com” does not resolve to any IP addresses on the internet.
cpcalendars.hostname.domain.com: Attempting HTTP DCV preflight check …
        “cpcalendars.hostname.domain.com” does not resolve to any IP addresses on the internet.
Succeeded domains: 1
Failed domains: 7
Undoing HTTP DCV setup …
        … complete.
Undoing DNS DCV setup …
        … complete.
Setting up HTTP DCV (/var/www/html/.well-known/pki-validation/65783653564FF6C76ADD3C3CE1CE235A.txt) …
        … complete.
Setting up DNS DCV for “hostname.domain.com” …
        … complete.

Requesting certificate from cPStore …
The cPanel Store returned an error (X::TemporarilyUnavailable) in response to the request “POST ssl/certificate/whm-license/90-day”: We were unable to process your request. Please try again later.
Undoing HTTP DCV setup (/var/www/html/.well-known/pki-validation/65783653564FF6C76ADD3C3CE1CE235A.txt) …
        … complete.
Enqueueing undo of DNS DCV setup (CNAME _65783653564ff6c76add3c3ce1ce235a.hostname.domain.com) …
Undoing DNS DCV setup …
        … done.
[WARN] The system failed to acquire a signed certificate from the cPanel Store because of the following error: (XID bwkhfp) The cPanel Store returned an error (X::TemporarilyUnavailable) in response to the request “POST ssl/certificate/whm-license/90-day”: We were unable to process your request. Please try again later.
The system will check for the certificate for the “dovecot” service.
The system will attempt to verify that the certificate for the “dovecot” service is still valid using OCSP (Online Certificate Status Protocol).
The “dovecot” service’s current certificate comes with the server’s cPanel license. This certificate expires in less than 25 days.The system will attempt to renew and install a new certificate to the “dovecot” service and any other services that use the old certificate.
The system will attempt to install a certificate for the “dovecot” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “dovecot” service.
The system will check for the certificate for the “exim” service.
The system will attempt to verify that the certificate for the “exim” service is still valid using OCSP (Online Certificate StatusProtocol).
The “exim” service’s current certificate comes with the server’s cPanel license. This certificate expires in less than 25 days. The system will attempt to renew and install a new certificate to the “exim” service and any other services that use the old certificate.
The system will attempt to install a certificate for the “exim” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “exim” service.
 

kodeslogic

Well-Known Member
PartnerNOC
Apr 26, 2020
441
207
118
IN
cPanel Access Level
Root Administrator
Terminal says the urls won't resolve. I notice the hostname is included in the URL. Is that the cause of the error?
Yes, there are multiple entries associated with your hostname not resolving to your server due to which AutoSSL fails.
 
  • Like
Reactions: cPRex

kodeslogic

Well-Known Member
PartnerNOC
Apr 26, 2020
441
207
118
IN
cPanel Access Level
Root Administrator
Workaround:
Add the missing entries associated with your hostname in your DNS zone and you should be fine then.
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
10,360
1,629
363
cPanel Access Level
Root Administrator
This SSL renewal is specifically for the server's hostname, so there wouldn't be a way to workaround that. You'd want to ensure the DNS is properly configured for the hostname so it resolves to your server, and then the SSL will be issued.
 

otakudes

Active Member
Jun 19, 2020
26
5
3
USA
cPanel Access Level
Website Owner
Thanks for the replies. I was able to fix my problem. I'm posting my solution in case someone comes across the same problem. I started receiving emails about the SSL certificates expiring.
The system failed to acquire a signed certificate from the cPanel Store because of the following error: (XID av8ayf) The cPanel Store returned an error (X::TemporarilyUnavailable) in response to the request “POST ssl/certificate/whm-license/90-day”: We were unable to process your request. Please try again later.
My WHM warned my SSL certificates were expiring in 19 days
screen_shot.png

In terminal I ran

Code:
whmapi1 delete_ssl_vhost host=example.com
and

Code:
/usr/local/cpanel/bin/autossl_check --all
Then wait about 10 minutes because WHM will say the certificates are missing. My site was down during this time. Maybe restarting Apache helps. It looks like the certificates will automatically renew 3 days prior to expiration according to cPanel documentation.
 
  • Like
Reactions: cPRex