Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

mail domain prevents autoSSL renewal

Discussion in 'Security' started by accafella, Jan 1, 2018.

Tags:
  1. accafella

    accafella Registered

    Joined:
    Jan 1, 2018
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    cambridge uk
    cPanel Access Level:
    Root Administrator
    hi,

    i received this warning from the system today.
    Code:
    [URL=/.well-known/pki-validation/DDCEA5680FEFC432C8D76B580DC7A68C.txt The system failed to fetch the DCV (Domain Control Validation) file at “http://mail.*******/.well-known/pki-validation/DDCEA5680FEFC432C8D76B580DC7A68C.txt” because of an error: The system failed to send an HTTP (Hypertext Transfer Protocol) “GET” request to “http://mail.*******/.well-known/pki-validation/DDCEA5680FEFC432C8D76B580DC7A68C.txt” because of an error: Size of response body exceeds the maximum allowed of 16384
    
    .
    i would like to exclude the mail domain from autossl as it is, and has been for some time, covered by a certificate from another provider. i'm not sure how to go about doing this so help would be appreciated.

    thanks.

    sorry, i forgot to mention that there is no option to select the offending domain in ssl/tls status and remove it as i was expecting to be able to do.
     
    #1 accafella, Jan 1, 2018
    Last edited by a moderator: Jan 1, 2018
  2. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,888
    Likes Received:
    90
    Trophy Points:
    78
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. accafella

    accafella Registered

    Joined:
    Jan 1, 2018
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    cambridge uk
    cPanel Access Level:
    Root Administrator
    hi and thanks for your reply.

    firstly, mail/.well-known/pki-validation/DDCEA5680FEFC432C8D76B580DC7A68C.txt does not actually exist on the server.

    however, and please pardon my ignorance, but can you please explain what you mean ? i'm not too sure how this answers my question.

    i tried to exclude mail from auto ssl because i don't need it and it is breaking the auto-renewal. it seemed a pretty straightforward fix in cpanel but the checkbox option to edit the list of domains is not present in ssl/tls status.

    thanks again, hope you can help further.
     
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,442
    Likes Received:
    1,961
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    Could you open a support ticket using the link in my signature so we can take a closer look to see why it's not letting you exclude the subdomain?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. pyrographics

    pyrographics Registered

    Joined:
    May 5, 2008
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    51
    I too have started getting this error with some of my domains. It seems that if you attempt to use mail.yourdomain.com DNS with another mail system or non-server IP address that cPanel expects it to only be used with it in order for SSL on mail service to function. A simple fix would be for cPanel to verify an account is using the local mail exchanger before attempting to generate certificates for mail related DNS. In the meantime, I just pointed the dns for mail.yourdomain.com back to the server so my certificate won't expire.
     
  6. accafella

    accafella Registered

    Joined:
    Jan 1, 2018
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    cambridge uk
    cPanel Access Level:
    Root Administrator
    my rather less elegant solution was simply to delete the certificates thinking that autossl would just install new ones - which it did and now we're friends again :)
     
  7. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,442
    Likes Received:
    1,961
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    The "mail" subdomain needs to resolve to the cPanel server if you want to get the free domain-validated AutoSSL certificate for it. If it resolves to an external server, then it's by design that domain validation fails and it's not issued a certificate.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice