Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Issue Adding Second SSL

Discussion in 'Security' started by webdevrob, Feb 4, 2018.

Tags:
  1. webdevrob

    webdevrob Registered

    Joined:
    Feb 4, 2018
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Shenzhen, China
    cPanel Access Level:
    Root Administrator
    Hi,

    I successfully installed a free ssl certificate on the very first domain I set up inside cPanel. It seemed to go off without a hitch. And indeed it's trucking along perfectly with the green "secure" in the browser window etc.. However, I have been unable to repeat the process for subsequent domains. Before I post some log file information I'll give you some basic system information:

    /etc/redhat-release:CentOS Linux release 7.4.1708 (Core)

    /usr/local/cpanel/version:11.68.0.28

    /var/cpanel/envtype:kvm

    CPANEL=release

    So, I have been pulling my hair out on this as I've done this sort of thing before countless times with the Vesta control panel. I have tried both the let's encrypt auto ssl and the cpanel powered by comodo version as well. I have spent over a day with this on my own and for the life of me I can't straighten it out on my own. I have not opened a support ticket or sought support elsewhere.

    Here is my log output information:
    Code:
    // for the Let’s Encrypt
    Log for the AutoSSL run for “pcclinictx”: Sunday, February 4, 2018 4:36:42 PM GMT+0800 (Let’s Encrypt™)
    
    4:36:42 PM This system has AutoSSL set to use “Let’s Encrypt™”.
    4:36:42 PM Checking websites for “pcclinictx” …
    4:36:42 PM The website “example.com”, owned by “pcclinictx”, has a faulty SSL certificate (OPENSSL_VERIFY:0:18:DEPTH_ZERO_SELF_SIGNED_CERT NOT_ALL_DOMAINS). AutoSSL will attempt to replace this certificate.
    4:36:43 PM WARN The domain “cpanel.example.com” failed domain control validation: “cpanel.example.com” does not resolve to any IPv4 addresses on the internet.
    4:36:43 PM WARN The domain “webdisk.example.com” failed domain control validation: “webdisk.example.com” does not resolve to any IPv4 addresses on the internet.
    4:36:43 PM WARN The domain “webmail.example.com” failed domain control validation: “webmail.example.com” does not resolve to any IPv4 addresses on the internet.
    4:36:43 PM The system will attempt to renew SSL certificates for the following websites:
    4:36:43 PM example.com (example.comwww.example.com mail.example.com)
    4:36:46 PM WARN “www.example.com” failed its authorization because of an error: Invalid response from http://www.example.com/.well-known/acme-challenge/jGyI6svrsRxEK74wci0G1SEZ9zMXUI7ets0Cg7WABdY: " <!DOCTYPE html> <html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equi" (The client lacks sufficient authorization (urn:acme:error:unauthorized))
    4:36:46 PM WARN “example.com” failed its authorization because of an error: Invalid response from http://example.com/.well-known/acme-challenge/AIwvWv-sjHxRvVNAZRg-xqGwd_WC7dJnVq0LOikwtEE: " <!DOCTYPE html> <html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equi" (The client lacks sufficient authorization (urn:acme:error:unauthorized))
    4:36:46 PM WARN “mail.example.com” failed its authorization because of an error: Invalid response from http://mail.example.com/.well-known/acme-challenge/ep_vOC1v9EwHupV0e0mwd8LtYQCgeMzPq7BWLOMUBx4: " <!DOCTYPE html> <html> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8"> <meta http-equi" (The client lacks sufficient authorization (urn:acme:error:unauthorized))
    4:36:46 PM WARN There are no domains for the website “example.com” that passed authorization. The system will not create an SSL certificate for this website.
    4:36:46 PM The system has completed the AutoSSL check for “pcclinictx”.
    
    
    // for the cPanel/Powered by Comodo ssl:
    
    Log for the AutoSSL run for “pcclinictx”: Sunday, February 4, 2018 11:23:10 AM GMT+0800 (cPanel (powered by Comodo))
    
    11:23:10 AM This system has AutoSSL set to use “cPanel (powered by Comodo)”.
    11:23:10 AM Checking websites for “pcclinictx” …
    11:23:10 AM The website “example.com”, owned by “pcclinictx”, has no SSL certificate. AutoSSL will attempt to obtain a new certificate and install it.
    11:23:11 AM WARN The domain “cpanel.example.com” failed domain control validation: “cpanel.example.com” does not resolve to any IPv4 addresses on the internet.
    11:23:11 AM WARN The domain “webdisk.example.com” failed domain control validation: “webdisk.example.com” does not resolve to any IPv4 addresses on the internet.
    11:23:11 AM WARN The domain “webmail.example.com” failed domain control validation: “webmail.example.com” does not resolve to any IPv4 addresses on the internet.
    11:23:11 AM The system will attempt to renew SSL certificates for the following websites:
    11:23:11 AM example.com (example.comwww.example.com mail.example.com)
    11:23:11 AM ERROR AutoSSL failed to request an SSL certificate for “example.com” because of an error: (XID rnepxr) The cPanel Store returned an error (X::AuthenticationFailure) in response to the request “POST ssl/certificate/free”: Unauthorized
    11:23:11 AM The system has completed the AutoSSL check for “pcclinictx”.
    
    
     
    #1 webdevrob, Feb 4, 2018
    Last edited by a moderator: Feb 5, 2018
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    41,396
    Likes Received:
    1,606
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    It looks like a couple of issues are preventing AutoSSL from installing the certificates:

    1. For the proxy subdomains (e.g. cpanel, whm, wemail), check to ensure the "A" records are populated in the DNS zone of the domain name. If not, you can run the following command to add the missing DNS entries for all domain names on the system with proxy subdomains enabled:

    Code:
    /scripts/proxydomains add --ifenabled
    2. For the following error message:

    Do you have deny rules defined in the .htaccess file within the account's document root?

    Thank you.
     
Loading...

Share This Page