ERROR SSL INSTALL: TLS Status: Defective

M

marcelo falcao

Member
Jul 18, 2018
8
0
1
Florianopolis, SC, Brazil
cPanel Access Level
Root Administrator
Hi. I've tried installing Auto SSL on Cpanel for my domain.

The process has been in the pending list for a long time. When I checked the logs, I see this error:

12:26:44 PM ERROR TLS Status: Defect
ERROR Defect: NO_SSL: No SSL certificate is installed.

See the screenshot.

Any suggestion?

Thank you in advance.
 

Attachments

cPanelLauren

cPanelLauren

Product Owner II
Staff member
Nov 14, 2017
13,266
1,304
363
Houston
Hi @marcelo falcao

Based on the screenshot you've provided it appears that the SSL certificate is waiting to be processed. What is the output you get when running the following:

Code: 
/usr/local/cpanel/bin/autossl_check_cpstore_queue --force
Thanks!
 
cPanelLauren

cPanelLauren

Product Owner II
Staff member
Nov 14, 2017
13,266
1,304
363
Houston
Hi @marcelo falcao

The Order Item ID was edited to not contain personally identifying information but in viewing the pre-edit version I looked up the certificate and found that it is not passing the DCV check due to the following:

Code: 
Action: CNAME @192.168.XXX.181 _5851163161427c1308bab4dc0a2e8980.domain.com.br.
Outcome: read udp 192.168.XXX.61:45077->192.168.XXX.181:53: i/o timeout
Status: ERROR

Action: CNAME @192.168.XXX.182 _5851163161427c1308bab4dc0a2e8980.domain.com.br.
Outcome: read udp 192.168.XXX.61:56422->192.168.XXX.182:53: i/o timeout
Status: ERROR

Action: GET http://domain.com.br/.well-known/pki-validation/hash.txt
Outcome: Get http://domain.com.br/.well-known/pki-validation/hash.txt: dial tcp: lookup domain.com.br on 10.255.XXX.2:53: read udp 192.168.XXX.61:42699->10.255.XX.2:53: i/o timeout
Status: FAILED
Note that all IP's listed are internal IP addresses. It would seem that you're NAT routing has a misconfiguration. I'm also not able to query your domain's IP address:

Code: 
$ dig a domain.com.br

; <<>> DiG 9.10.6 <<>> a domain.com.br
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 5395
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1280
;; QUESTION SECTION:
;domain.com.br.        IN    A

;; Query time: 2 msec
;; SERVER: 208.74.121.50#53(208.74.121.50)
;; WHEN: Mon Jul 23 07:36:59 CDT 2018
;; MSG SIZE  rcvd: 49
Please note that I used your actual domain for this. I also looked up the domain's nameservers which also don't resolve. Our documentation on NAT configurations may be helpful 1:1 NAT - Version 72 Documentation - cPanel Documentation if you've exhausted the options within the documentation and your domain still does not resolve you would need to contact your provider for further assistance.

Thanks!
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
R WHM purchase and install an SSL Cert is erroring out Security 3
V Error installing Let’s Encrypt AutoSSL plugin on WHM Security 5
A Setup A record to install SSL for hostname error Security 5
A You do not have the feature sslinstall error Security 1
N Installing SSL certificates error Security 1
Similar threads
WHM purchase and install an SSL Cert is erroring out
Error installing Let’s Encrypt AutoSSL plugin on WHM
Setup A record to install SSL for hostname error
You do not have the feature sslinstall error
Installing SSL certificates error
Top Bottom