I have a brand new instalation of Centos 7.8 + Cpanel 88.0.12. Everething is working well, except that I get the following erros when running:
/usr/local/cpanel/bin/checkallsslcerts --verbose
Thanks!
/usr/local/cpanel/bin/checkallsslcerts --verbose
Two things that I don't undestand:The system will check for the certificate for the “cpanel” service.
The system will attempt to verify that the certificate for the “cpanel” service is still valid using OCSP (Online Certificate Status Protocol).
The system will attempt to replace the revoked certificate for the “cpanel” service with a signed certificate from the cPanel Store.
The system will attempt to install a certificate for the “cpanel” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “cpanel” service.
The system will attempt to install a certificate for the “cpanel” service from the cPanel store.
Received error “X::NoCertificate” from cPanel Store (No free ssl certificate fou nd for this IP); requesting new certificate …
Setting up HTTP DCV (/var/www/html/.well-known/pki-validation/A896831E27CE64E98AC8DD0A784E58AF.txt) …
… complete.
Setting up DNS DCV (CNAME _a896831e27ce64e98ac8dd0a784e58af.vps-example.example.com) …
… complete.
Attempting DNS DCV preflight check …
FAILED: The DNS DCV check (_a896831e27ce64e98ac8dd0a784e58af.vps-example.com IN CNAME) did not return the expected value (7c21eacf44cead30e8d35b552e48f6b6.9181c7b5bd88b4236734572958f72741.comodoca.com).
Attempting HTTP DCV preflight check …
FAILED: Cpanel::Exception/(XID mjt7jr) The system queried for a temporary file at “http://vps-example.com.com/.well-known/pki-validation/A896831E27CE64E98AC8DD0A784E58AF.txt”, but the web server responded with the following error: 403 (Forbidden). A DNS (Domain Name System) or web server misconfiguration may exist.
at /usr/local/cpanel/Cpanel/SSL/DCV.pm line 356.
...
...
...
[WARN] The system failed to acquire a signed certificate from the cPanel Store because of the following error: Neither HTTP nor DNS DCV preflight checks succeeded!
------
- I already have a valid comodo certificate that expires in 2021 installed on the domain automatically when the centos was provisioned, so why the script is not recognizing it and instead trying to get a new one?
- I checked that the temporary file created for the DNV challenge is present and accesible from the web. (http://vps-example.com.com/.well-known/pki-validation/XXXXX.txt), and there is no .htacces file present in /www/ that would indicate a permissions issue.
Thanks!