ERROR SSL INSTALL: TLS Status: Defective

marcelo falcao

Registered
Jul 18, 2018
4
0
1
Florianopolis, SC, Brazil
cPanel Access Level
Root Administrator
Hi. I've tried installing Auto SSL on Cpanel for my domain.

The process has been in the pending list for a long time. When I checked the logs, I see this error:

12:26:44 PM ERROR TLS Status: Defect
ERROR Defect: NO_SSL: No SSL certificate is installed.

See the screenshot.

Any suggestion?

Thank you in advance.
 

Attachments

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,252
313
Houston
Hi @marcelo falcao

Based on the screenshot you've provided it appears that the SSL certificate is waiting to be processed. What is the output you get when running the following:

Code:
/usr/local/cpanel/bin/autossl_check_cpstore_queue --force
Thanks!
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,252
313
Houston
Hi @marcelo falcao

The Order Item ID was edited to not contain personally identifying information but in viewing the pre-edit version I looked up the certificate and found that it is not passing the DCV check due to the following:

Code:
Action: CNAME @192.168.XXX.181 _5851163161427c1308bab4dc0a2e8980.domain.com.br.
Outcome: read udp 192.168.XXX.61:45077->192.168.XXX.181:53: i/o timeout
Status: ERROR

Action: CNAME @192.168.XXX.182 _5851163161427c1308bab4dc0a2e8980.domain.com.br.
Outcome: read udp 192.168.XXX.61:56422->192.168.XXX.182:53: i/o timeout
Status: ERROR

Action: GET http://domain.com.br/.well-known/pki-validation/hash.txt
Outcome: Get http://domain.com.br/.well-known/pki-validation/hash.txt: dial tcp: lookup domain.com.br on 10.255.XXX.2:53: read udp 192.168.XXX.61:42699->10.255.XX.2:53: i/o timeout
Status: FAILED
Note that all IP's listed are internal IP addresses. It would seem that you're NAT routing has a misconfiguration. I'm also not able to query your domain's IP address:

Code:
$ dig a domain.com.br

; <<>> DiG 9.10.6 <<>> a domain.com.br
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 5395
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1280
;; QUESTION SECTION:
;domain.com.br.        IN    A

;; Query time: 2 msec
;; SERVER: 208.74.121.50#53(208.74.121.50)
;; WHEN: Mon Jul 23 07:36:59 CDT 2018
;; MSG SIZE  rcvd: 49
Please note that I used your actual domain for this. I also looked up the domain's nameservers which also don't resolve. Our documentation on NAT configurations may be helpful 1:1 NAT - Version 72 Documentation - cPanel Documentation if you've exhausted the options within the documentation and your domain still does not resolve you would need to contact your provider for further assistance.

Thanks!