DNS Round Robin & AutoSSL Issues

Emirii

Registered
Aug 29, 2018
1
0
1
Texas
cPanel Access Level
Root Administrator
Hello. I have a DNS Round Robin setup between two cPanel WHM servers.

I have a DNS cluster with 2 A records for each domain pointing to two different hosts.

example.com
@ IN A 111.111.1.1
@ IN A 222.222.2.2

When running AutoSSL I come across issues relating to DCV. When I run AutoSSL on cPanel WHM 111.111.1.1 I get this error:

Code:
 WARN Local HTTP DCV error (example.com): The system queried for a temporary file at “http://example.com/.well-known/acme-challenge/F1XS5N12SRNDF2CI8DL33JZWJEIADQGS”, but the web server responded with the following error: 404 (Not Found). A DNS (Domain Name System) or web server misconfiguration may exist. The domain “example.com” resolved to an IP address “222.222.2.2” that does not exist on this server.
I get the same error, but reverse IP when running from 222.222.2.2

I have around a hundred domains on these accounts and to revert the DNS records for every one of them every 3 months is a horrendous amount of work. I've looked into Apache proxy, but it doesn't appear to be any way to centralize the .well-known path so I can set up a proxy pass to one server or the other.

I can't be the only one with this issue, I've searched nearly all day and can't find any viable solution that will allow me to use the "AutoSSL" without worrying every 3 months.
 

vanessa

Well-Known Member
PartnerNOC
Sep 26, 2006
833
28
178
Virginia Beach, VA
cPanel Access Level
DataCenter Provider
Perhaps set up something to automatically generate /etc/hosts entries for the domains on your server to force the servers to only resolve the domains to themselves. External traffic will be round-robin as expected, but traffic originating from the servers will be local. That seems like the easiest solution and can be implemented via a function hook.

The only way I'd imagine a proxy pass would work is if you're using something like nginx in front of Apache, and set it to direct .well-known to a specific IP.