The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Fail to generate certificate (Auto/SSL) after update

Discussion in 'Security' started by Rodrigo Gomes, Jul 19, 2017.

Tags:
  1. Rodrigo Gomes

    Rodrigo Gomes Well-Known Member

    Joined:
    Apr 6, 2016
    Messages:
    82
    Likes Received:
    21
    Trophy Points:
    8
    Location:
    Brazil
    cPanel Access Level:
    Root Administrator
    Hello,

    After the recent updates (64.0.33, 64.0.32, 64.0.31), I noticed that my email stopped working with SSL.
    I was figuring out the problem, and I discovered that Auto/SSL is no longer generating certificate for subdomain mail.

    I see the following error in the logs:
    Code:
    17:36:28 NOTICE The domain “mail.myhost.com” failed domain control validation: The system queried for a temporary file at “<a href="http://mail.myhost.com/.well-known/pki-validation/508AE322899C5FFEA459298D63B3F5E4.txt">http://mail.myhost.com/.well-known/pki-validation/508AE322899C5FFEA459298D63B3F5E4.txt</a>”, but the web server responded with the following error: 404 (Not Found). A <abbr title="Domain Name System">DNS</abbr> or web server misconfiguration may exist.
    Taking the opportunity to also show that other error that may be relevant to you guys:
    Code:
    17:36:28 NOTICE The domain “ipv6.myhost.com” failed domain control validation: You do not have a document root for the domain “ipv6.myhost.com”.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,171
    Likes Received:
    1,295
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hi Rodrigo,

    Could you open a support ticket using the link in my signature so we can take a closer look? Please post the ticket number here so we can monitor the ticket and update this thread with the outcome.

    Thank you.
     
  3. Rodrigo Gomes

    Rodrigo Gomes Well-Known Member

    Joined:
    Apr 6, 2016
    Messages:
    82
    Likes Received:
    21
    Trophy Points:
    8
    Location:
    Brazil
    cPanel Access Level:
    Root Administrator
    Hello Michael,

    The problem was the Varnish Cache that I have installed on my server.
    Since this specific site has a dedicated IP, I had to configure the backend that Varnish should access correctly, for example:
    Code:
    sub vcl_recv {
        if (req.http.host ~ "(?i)^(www\.|mail\.|ftp\.|cpanel\.|whm\.|ipv6\.)?(examplehost\.com$)") {
            set req.backend_hint = server1;
        } else {
            set req.backend_hint = server2;
        }
    }
    With this change, the certificate was generated and the problem was fixed. :)

    However, I noticed that sites that are in Cloudflare are not generating the mail. subdomain certificate.

    Code:
    18:13:26 NOTICE The domain “myhost.com” failed domain control validation: The system queried for a temporary file at “<a href="http://myhost.com/.well-known/pki-validation/EA47A663B496F57C2D0D2D5D828E8328.txt">http://myhost.com/.well-known/pki-validation/EA47A663B496F57C2D0D2D5D828E8328.txt</a>”, but the web server responded with the following error: 500 (Internal Server Error). A <abbr title="Domain Name System">DNS</abbr> or web server misconfiguration may exist. The domain “myhost.com” resolved to an IP address “104.31.86.80” that does not exist on this server.
    18:13:26 NOTICE The current SSL certificate for “myhost.com” protects the domain “myhost.com”. However, this domain has not passed local domain control validation. To maintain SSL domain coverage for this domain, the system will not attempt to override the current certificate.
    This is ok, since Cloudflare also generates the certificate itself.
    However, Auto/SSL does not attempt to generate the certificate only for the mail. subdomain. This is a problem for those who use SSL/TLS in emails.

    Thank you!
     
    #3 Rodrigo Gomes, Jul 19, 2017
    Last edited: Jul 19, 2017
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,171
    Likes Received:
    1,295
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Feel free to open a separate support ticket if you'd like us to take a closer look to see what's happening.

    Thank you.
     
Loading...

Share This Page