Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Failed to fetch the DCV file because of no NAT loopback error

Discussion in 'Security' started by mauromol, May 24, 2018.

Tags:
  1. mauromol

    mauromol Member

    Joined:
    Dec 12, 2016
    Messages:
    6
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Italy
    cPanel Access Level:
    Root Administrator
    Hello,
    I just saw that the AutoSSL feature is not working on our server because of the following error:

    Code:
    The system failed to fetch the DCV (Domain Control Validation) file at “http://mydomain.it/.well-known/pki-validation/BLABLABLA.txt” because of an error (cached): Could not connect to '<publicip>:80': Connection timed out.
    This is because our server, which is publicly reachable with <publicip>, is behind a firewall which does not support NAT loopback (Network address translation - Wikipedia). For this reason, the server cannot reach itself (and hence it cannot connect to its hosted virtual hosts) by using the public IP resolved by a normal DNS request for any of its hosted virtual host addresses.

    I think this is not an unusual situation, so I guess some way exists to fix this problem.

    Can anyone help me with this please?

    Thank you,
    Mauro
     
  2. cPanelLauren

    cPanelLauren Forums Analyst II
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    3,101
    Likes Received:
    215
    Trophy Points:
    173
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hello,


    We do have a few internal cases on this issue in which our development has indicated that this is not something that we can provide a resolution for. There is in the works plans for DNS based DCV checks sometime in the future (hopefully v74) but until those are released servers with this configuration will fail the AutoSSL DCV check.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. mauromol

    mauromol Member

    Joined:
    Dec 12, 2016
    Messages:
    6
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Italy
    cPanel Access Level:
    Root Administrator
    Hi,
    thanks for your support. IMHO this problem could be solved by using a DNS proxy that resolves to localhost (or to the internal IP address of the server) all addresses such as *.example.com, where exampe.com is any of the domains associated to WHM accounts, and fallback to the default DNS server for all the other requests.

    In the meanwhile, is there a way to disable SSL as a whole for all the accounts? Right now, I can connect to both
    Code:
     http://www.example.com and https://www.example.com
    , but the latter produces a client-side error because of the expired SSL certificate that AutoSSL cannot update. I would like to disable
    Code:
    https://www.example.com
    as a whole, so that each domain can be accessed only as
    Code:
    http://www.example.com
    Thanks in advance again,
    Mauro
     
    #3 mauromol, May 25, 2018
    Last edited by a moderator: May 25, 2018
  4. cPanelLauren

    cPanelLauren Forums Analyst II
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    3,101
    Likes Received:
    215
    Trophy Points:
    173
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @mauromol

    The best way to do this is to force the redirection to http. The best way to add this in this instance would be through the redirects UI in cPanel.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. mauromol

    mauromol Member

    Joined:
    Dec 12, 2016
    Messages:
    6
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Italy
    cPanel Access Level:
    Root Administrator
    But this requires me to change each account one by one... :-(

    Isn't there a way to do this globally on WHM?
     
  6. cPanelLauren

    cPanelLauren Forums Analyst II
    Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    3,101
    Likes Received:
    215
    Trophy Points:
    173
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice