Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Domain has DNS records pointing to server and website is live, yet can't complete DCV.

Discussion in 'Security' started by Lucidity, Nov 16, 2017.

  1. Lucidity

    Lucidity Member

    Joined:
    May 12, 2017
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Canada
    cPanel Access Level:
    Root Administrator
    I have many domains on my VPS and they are all covered by AutoSSL, yet one won't pass the Domain Control Verification.

    The domain is literally live right now to the world, yet when I run AutoSSL it won't issue an SSL for this specific domain.

    I have an A Record pointing to my server, which makes the domain live. The MX records are left to what they were before (pointing to G Suite), and there are also some NS (Delegated subdomain name server) records pointing the www version to my two nameservers.

    Am I doing something wrong? I figured instead of changing the overall nameservers and then adding MX records back on my end, I would just leave my clients already configured MX records on their domain registrars end and just add an A record to point to my server.
     
  2. cPWilliamL

    cPWilliamL cP Technical Analyst II
    Staff Member

    Joined:
    May 15, 2017
    Messages:
    257
    Likes Received:
    27
    Trophy Points:
    103
    Location:
    America
    cPanel Access Level:
    Root Administrator
    Hi @Lucidity,

    Sorry to hear you are having issues with AutoSSL. Have you checked the logs for a specific error? You can view the logs at WHM > Manage AutoSSL > Logs, or you can run the check manually from the command line:
    Code:
    /usr/local/cpanel/bin/autossl_check --user $username
    
    Thanks,
     
  3. Lucidity

    Lucidity Member

    Joined:
    May 12, 2017
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Canada
    cPanel Access Level:
    Root Administrator
    Yes! And I am very confused with the results.

    It actually doesn't even list the domain by itself in the logs, it just lists a bunch of subdomains that can't be verified (changed for security reasons):


    8:17:15 AM The website “oldsubdomainfortesting.maindomain.com”, owned by “user”, has a faulty SSL certificate (OPENSSL_VERIFY:0:18:DEPTH_ZERO_SELF_SIGNED_CERT NOT_ALL_DOMAINS). AutoSSL will attempt to replace this certificate.
    8:17:16 AM WARN The domain “mail.livedomain.ca” failed domain control validation: “mail.livedomain.ca” does not resolve to any IPv4 addresses on the internet.
    8:17:16 AM WARN The domain “whm.livedomain.ca” failed domain control validation: “whm.livedomain.ca” does not resolve to any IPv4 addresses on the internet.
    8:17:16 AM WARN The domain “cpanel.livedomain.ca” failed domain control validation: “cpanel.livedomain.ca” does not resolve to any IPv4 addresses on the internet.
    8:17:16 AM WARN The domain “webdisk.livedomain.ca” failed domain control validation: “webdisk.livedomain.ca” does not resolve to any IPv4 addresses on the internet.
    8:17:16 AM WARN The domain “webmail.livedomain.ca” failed domain control validation: “webmail.livedomain.ca” does not resolve to any IPv4 addresses on the internet.
    8:17:16 AM WARN AutoSSL will defer the renewal of “oldsubdomainfortesting.maindomain.com”’s certificate because 1 domain (mail.livedomain.ca) that the current certificate secures failed DCV. If AutoSSL renewed the certificate now, that domain would lose SSL coverage. AutoSSL will defer “oldsubdomainfortesting.maindomain.com”’s certificate renewal until 11/11/18, 7:03 PM UTC (3 days before expiry) or until all of “oldsubdomainfortesting.maindomain.com”’s currently secured domains pass DCV. at bin/autossl_check.pl line 500, <DATA> line 1.
    So I am just all-around confused.

    The website “oldsubdomainfortesting.maindomain.com” redirects to "livedomain.ca", and that website is currently live right now on my server, public, with no SSL certificate :(
     
  4. cPWilliamL

    cPWilliamL cP Technical Analyst II
    Staff Member

    Joined:
    May 15, 2017
    Messages:
    257
    Likes Received:
    27
    Trophy Points:
    103
    Location:
    America
    cPanel Access Level:
    Root Administrator
    The AutoSSL functions resolve the domain using the root DNS servers, so if you are blocking or filtering these, then this could be the cause. Does a 'dig $domain +trace' complete properly? Also, feel welcome to open a ticket with us and we will perform some advanced debugging with the resolver module.
     
  5. Lucidity

    Lucidity Member

    Joined:
    May 12, 2017
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Canada
    cPanel Access Level:
    Root Administrator
    I'm not really sure what the dig command means :( I think I'll open a ticket, thanks!
     
Loading...

Share This Page