SOLVED How to fix preflight checks failure?

Bert de Jong

Member
Jan 23, 2018
24
2
3
Netherlands
cPanel Access Level
Root Administrator
What does this mean, and how do I fix it?

The system failed to acquire a signed certificate from the cPanel Store because of the following error: Neither HTTP nor DNS DCV preflight checks succeeded!

I cannot find any information via Google.

Thanks,
 

quanin

Well-Known Member
Aug 18, 2011
125
7
68
cPanel Access Level
Root Administrator
Sounds like the CPanel store might be having temporary SSL issues. Try again a bit later, perhaps? If I need to, I can spin up a VPS to test from in case it's a more wide-spread thing.
 

Bert de Jong

Member
Jan 23, 2018
24
2
3
Netherlands
cPanel Access Level
Root Administrator
In case someone finds this thread after searching for the error message, According to my VPS provider the error is related to the certificate generated for the server itself. This is auto-generated, even without the admin's request, and this is also why no information is available in the Logs of WHM's "Manage AutoSSL" section. The error is caused by a mismatch between the server's cPanel (sub)domain and/or (reverse?) DNS and/or hostname. Manually looking at the log file will give more information. According to my VPS provider, it should be okay to just ignore the error.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,910
2,211
363
The error is caused by a mismatch between the server's cPanel (sub)domain and/or (reverse?) DNS and/or hostname. Manually looking at the log file will give more information. According to my VPS provider, it should be okay to just ignore the error.
Hello @Bert de Jong,

If you're referring to the SSL certificate for the server's hostname, you can run the following command to verify if it continues to fail:

Code:
/usr/local/cpanel/bin/checkallsslcerts
Let us know if any issues persist.

Thank you.
 

paulapatrice

Member
Aug 10, 2017
8
4
3
NYC
cPanel Access Level
Root Administrator
Was this resolved or was the warning ignored?

I explored this similar thread but AutoSSL is issuing successfully for cPanel users' domains, the error seems unrelated to user domains.

------------
/usr/local/cpanel/bin/checkallsslcerts
...

[WARN] The system failed to acquire a signed certificate from the cPanel Store because of the following error: Neither HTTP nor DNS DCV preflight checks succeeded!

The system will check for the certificate for the “dovecot” service.
The system will attempt to replace the self-signed certificate for the “dovecot” service with a signed certificate from the cPanel Store.
The system will attempt to install a certificate for the “dovecot” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “dovecot” service.
The system will check for the certificate for the “exim” service.
The system will attempt to replace the self-signed certificate for the “exim” service with a signed certificate from the cPanel Store.
The system will attempt to install a certificate for the “exim” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “exim” service.
The system will check for the certificate for the “ftp” service.
The system will attempt to replace the self-signed certificate for the “ftp” service with a signed certificate from the cPanel Store.
The system will attempt to install a certificate for the “ftp” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “ftp” service.

Opened ticket #13069213

UPDATE / RESOLVED


The default hostname assigned by the VPS host did not resolve to an IP address and therefore the SSL couldn't verify it. Solution was to create a custom qualified domain name (like sub.domainname.com) and point it to the VPS primary IP, then in WHM change the hostname on the VPS to the new custom name. After doing so cPanel automatically issued and assigned a free SSL to the new hostname.

It sounded complicated but it wasn't. Took 15 minutes, cPanel software handled all the changes flawlessly and shazaam it was fixed.

Instructions to change the hostname here: Change Hostname - Version 82 Documentation - cPanel Documentation
 
Last edited:
  • Like
Reactions: AlanB

AlanB

Member
Feb 24, 2019
6
1
3
Seattle,WA
cPanel Access Level
Root Administrator
Was this resolved or was the warning ignored?

I explored this similar thread but AutoSSL is issuing successfully for cPanel users' domains, the error seems unrelated to user domains.

------------
/usr/local/cpanel/bin/checkallsslcerts
...

[WARN] The system failed to acquire a signed certificate from the cPanel Store because of the following error: Neither HTTP nor DNS DCV preflight checks succeeded!

The system will check for the certificate for the “dovecot” service.
The system will attempt to replace the self-signed certificate for the “dovecot” service with a signed certificate from the cPanel Store.
The system will attempt to install a certificate for the “dovecot” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “dovecot” service.
The system will check for the certificate for the “exim” service.
The system will attempt to replace the self-signed certificate for the “exim” service with a signed certificate from the cPanel Store.
The system will attempt to install a certificate for the “exim” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “exim” service.
The system will check for the certificate for the “ftp” service.
The system will attempt to replace the self-signed certificate for the “ftp” service with a signed certificate from the cPanel Store.
The system will attempt to install a certificate for the “ftp” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “ftp” service.

Opened ticket #13069213

UPDATE / RESOLVED


The default hostname assigned by the VPS host did not resolve to an IP address and therefore the SSL couldn't verify it. Solution was to create a custom qualified domain name (like sub.domainname.com) and point it to the VPS primary IP, then in WHM change the hostname on the VPS to the new custom name. After doing so cPanel automatically issued and assigned a free SSL to the new hostname.

It sounded complicated but it wasn't. Took 15 minutes, cPanel software handled all the changes flawlessly and shazaam it was fixed.

Instructions to change the hostname here: Change Hostname - Version 82 Documentation - cPanel Documentation
Thank you sir, cPanel kept telling me it was my providers fault and nothing they could do about it. I was pulling my hair our trying to fix it with another valid domain I wasn't using but that didn't work because it was not the "Main" account on the server. I did as you mentioned and all is right with cPanel (for now at least) Thank you.
 
  • Like
Reactions: paulapatrice

dexterwebn

Registered
Dec 13, 2019
1
0
1
Clayton, North Carolina
cPanel Access Level
Website Owner
Hey. I've actually been ignoring this error for a while because it is harmless, however this error usually pops up when people are using Cloudflare and other CDN services?

If you are, the fix is pretty simple.

Configure a DNS A NAME record for the hostname pointed to the IP address, then run the /usr/local/cpanel/bin/checkallsslcerts from the terminal.

Next time you connect your ftp service you'll get a certificate warning about whether to store it or not, but that's about it.

I remembered my CDN service when I pinged my hostname and it came back "not found". I was like, "yeah.

That's not supposed to happen". Sure enough, when I put the hostname in a browser to confirm, and the error message was also not found I knew where I slipped up.

If you're using a CDN the A NAME needs to be configured as well. It's worth a check at least.

I hope this actually helps before someone dives down the hole of changing hostname.
 

JohnnyBgood

Member
Feb 6, 2015
19
0
51
cPanel Access Level
Root Administrator
Hi - i'm having the same problem - and I use cloudlfare.

@dexterwebn - when I try your suggestion - when I visit server.example.com - I get a Error 526: Invalid SSL certificate page.

I added the A record - server to my servers IP in cloudflare.

Any advice?
 
Last edited:

paulapatrice

Member
Aug 10, 2017
8
4
3
NYC
cPanel Access Level
Root Administrator
Hi - i'm having the same problem - and I use cloudlfare.
@dexterwebn - when I try your suggestion - when I visit server.example.com - I get a Error 526: Invalid SSL certificate page.
I added the A record - server to my servers IP in cloudflare.
Any advice?
Is it a self-signed SSL cert (compliant only with CF SSL mode "full") or issued from a certificate authority (compliant with CF SSL mode "full-strict")?
 
Last edited:

JohnnyBgood

Member
Feb 6, 2015
19
0
51
cPanel Access Level
Root Administrator
Thanks for the follow up paulapatrice.

I use "full-strict" with cloudflare - an edge and origin certificate. the certificate covers *.example.com

The SSL works fine on my site - when you visit example.com - I get the "little lock" and no errors.

But when I check: Home » SSL/TLS » Manage SSL Hosts

I see the following:

Code:
cpanel.example.com
mail.example.com
example.com
webdisk.example.com
webmail.example.com
www.example.com
There is no server.example.com which is what my host name is. I don't know if that should be in there - or how to add it.

Maybe that could be the problem.
 

paulapatrice

Member
Aug 10, 2017
8
4
3
NYC
cPanel Access Level
Root Administrator
@JohnnyBgood you are looking at the cPanel user accounts SSL/TLS.

cPanel should have automatically issued a free SSL to the new hostname when it was created.

If a cert is issued you can assign it by going to:
  • WHM -> Service Configuration -> Manage Service SSL Certificates
  • Certificate properties should be listed for each service.
    • If they are listed then this is prob not your issue. If cert properties are missing then:
  • Install a New Certificate > Browse Certificates > Browse Account "root" > Select certificate issued by cPanel, Inc or other issuer (not self-signed) > Select
  • Check boxes to install on all services in list
  • Confirm the list of services now has valid certificate assigned under Certificate Properties at the top of the page
 
  • Like
Reactions: JohnnyBgood

JohnnyBgood

Member
Feb 6, 2015
19
0
51
cPanel Access Level
Root Administrator
When I go to >>Manage Service SSL Certificates

Each of the services have a valid self-signed certificate. (With a warning: Self-signed certificates will cause browser warnings.)

As a cloudflare certificate user - should I have also installed the cloudflare certificate in this part of WHM???

A second question - when this is all working correctly - should it be possible to visit server.example.com in a browser?

Thanks again for the help :)
 

paulapatrice

Member
Aug 10, 2017
8
4
3
NYC
cPanel Access Level
Root Administrator
@JohnnyBgood

In previous post I wrote: Select certificate issued by cPanel, Inc or other issuer (not self-signed)

Follow the steps in my previous post to determine if a cert other than self-signed is available (see screenshot). It should have been auto-generated by cPanel when the hostname was created. If it is available, assign it to the services to replace the self-signed certs.

certs.png

If the only certificates available are self-signed (make sure you scrolled all the way to the bottom of the list) then a new one will need to be generated.
 
  • Like
Reactions: JohnnyBgood

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
2,067
283
213
cPanel Access Level
Root Administrator
@dnk1986 - the email notification is just letting you know that an AutoSSL certificated couldn't be issued for the domain in question. The notice should be including the domain name, so you'd need to do some troubleshooting on the domain's DNS to see why the AutoSSL system isn't working well.
 

T1531

Member
Feb 20, 2019
20
2
3
USA
cPanel Access Level
Root Administrator
I have been having this issue for several months (since moving servers) and am trying to address it now because the daily emails about it are annoying. For me, the domain name mentioned the email is the hostname. I do have an A Record set up for the hostname in the DNS settings of the domain (in my domain provider's account), however I can't ping the hostname from my computer. Is this a DNS issue with the hostname? And if so, do I need an additional record or is my A Record wrong somehow?