Neither HTTP nor DNS DCV preflight checks succeeded

Lillike

Well-Known Member
May 29, 2018
46
2
8
Hungary
cPanel Access Level
Root Administrator
Hello,

The following message received:

The following cPanel service generated warnings from the checkallsslcerts script.
⚠ cpanel​
The system failed to acquire a signed certificate from the cPanel Store because of the following error: Neither HTTP nor DNS DCV preflight checks succeeded!


AutoSSL checked: AutoSSL run.

The system has finished checking all users.

12:45:03 PM Analyzing …
12:45:03 PM SUCCESS TLS Status: OK

VPS:
  • CENTOS 6.10 virtuozzo

  • v78.0.15



Please, advice.
 
Last edited by a moderator:

Lillike

Well-Known Member
May 29, 2018
46
2
8
Hungary
cPanel Access Level
Root Administrator
Hi Michael,

Thanks for your answer.

I tried to configure ipv6.

/etc/sysconfig/network: NETWOTKING_IPV6=yes

/etc/sysconfig/network-scripts/ifcfg-eth0:

added IPV6address and default gateway: :::ff:::

after server restarted

But

[email protected] [/]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:1....
inet addr:192.xxxx Bcast:192.xxx Mask:255.xxx


Please, advice... Thanks.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,196
363
Hello @Lillike,

There's no need to configure IPv6 address in order to address the issue reported on that thread. The issue reported on that thread occurs because the IPv6 virtual host isn't setup when the hostname resolves to an IPv6 address. Can you revert the change you made and instead open a support ticket so we can take a closer look to see why DCV is failing on your system? You can post the ticket number here and we'll link this thread to it.

Thank you.
 

Lillike

Well-Known Member
May 29, 2018
46
2
8
Hungary
cPanel Access Level
Root Administrator
Hello @Lillike,

There's no need to configure IPv6 address in order to address the issue reported on that thread. The issue reported on that thread occurs because the IPv6 virtual host isn't setup when the hostname resolves to an IPv6 address. Can you revert the change you made and instead open a support ticket so we can take a closer look to see why DCV is failing on your system? You can post the ticket number here and we'll link this thread to it.

Thank you.

Thanks Michael.
My Support Request ID is: 11646629.
 
  • Like
Reactions: cPanelMichael

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,196
363
Hello @Lillike,

To update, it looks like this was the result of your license provider disabling the AutoSSL features on your server. Can you confirm if your AutoSSL questions have been addressed?

Thank you.
 

Lillike

Well-Known Member
May 29, 2018
46
2
8
Hungary
cPanel Access Level
Root Administrator
Hello @Lillike,

To update, it looks like this was the result of your license provider disabling the AutoSSL features on your server. Can you confirm if your AutoSSL questions have been addressed?

Thank you.

Hi Michael,
To tell you the truth, I have already contacted with GoDaddy support (hosting provider) and the agent suggested me to turn off the notification - nothing else... :(

Naturally, all messages received every day.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,196
363
Hello @Lillike,

I recommend contacting them again to request a verification about their policy regarding the use of AutoSSL on cPanel & WHM servers. Let me know the outcome, as if it's not permitted, then /scripts/checkallsslcerts should be able to detect that instead of reporting the precheck failure message.

Thank you.
 

Lillike

Well-Known Member
May 29, 2018
46
2
8
Hungary
cPanel Access Level
Root Administrator
Hello @Lillike,

I recommend contacting them again to request a verification about their policy regarding the use of AutoSSL on cPanel & WHM servers. Let me know the outcome, as if it's not permitted, then /scripts/checkallsslcerts should be able to detect that instead of reporting the precheck failure message.

Thank you.

Hello Michael,

I have already contacted with my hosting provider. So Let's Encrypt offered as 3-party SSL.
I can see the following on their homepage:
We recommend that most people with shell access use the Certbot ACME client. It can automate certificate issuance and installation with no downtime.


And the following article/post can be found:
You must not run Certbot on cPanel. It is not compatible and can very badly screw up your virtual hosts.
Which folder to install Cerbot on a Virtual Private Server(VPS)?

Please, advice. Thanks.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,196
363
Hello @Lillike,

We provide a Let's Encrypt plugin as part of the AutoSSL feature only. If your license provider is not allowing AutoSSL certificates, then you'd have to explore setting up a third-party solution such as certbot. This third-party utility isn't something that we test with on cPanel & WHM so it's not recommended unless you're an experienced system administrator with the capacity to test the implementation on a non-production server. Additionally, keep in mind that you'd have to manually generate all certificates (or setup a custom script to generate them automatically) and it won't integrate with any of the AutoSSL features in cPanel or Web Host Manager.

Thank you.
 

Michael569

Registered
Jun 22, 2020
2
1
3
Australia
cPanel Access Level
Root Administrator
My server has the same issue and I still couldn't find a solution yet.
I found a solution reading the above link ( SOLVED - How to fix preflight checks failure? )
as i run mine through cloudflare, what i did was:
-we will use example
Server1.Example.com <---- VPS hostname (where you would connect on port 2087)
255.255.255.01 as VPS hostname ip
1. go to my main domain(that i use/selected as main for WHM)
2. go to the DNS section
3. add an A record with Server1.Example.com and 255.255.255.01
save and done
 
  • Like
Reactions: Michael-Inet

Michael-Inet

Well-Known Member
Feb 20, 2014
92
12
8
Austin, TX, USA
cPanel Access Level
Root Administrator
The below may or may not help (it seemed to at first).

Ref: Ticket #93504007 [in process]

Best,
Michael


I found a solution reading the above link ( SOLVED - How to fix preflight checks failure? )
as i run mine through cloudflare, what i did was:
-we will use example
Server1.Example.com <---- VPS hostname (where you would connect on port 2087)
255.255.255.01 as VPS hostname ip
1. go to my main domain(that i use/selected as main for WHM)
2. go to the DNS section
3. add an A record with Server1.Example.com and 255.255.255.01
save and done
Hi Michael,

Would you be so kind as to cat the .db record and paste it here? DNSOnly boxes do not have the GUI interface you've referenced, but we can manually add it to bind.

Code:
# cat /var/named/Server1.Example.com.db
Change out what you need to for privacy ;)

With that we can build a similar record for DNSOnly boxes and add the two zone entries to /etc/named.conf

*) Add Server1.Example.com.db to /var/named
*) chown named:named Server1.Example.com.db

*) Make a backup of /etc/named.conf
*) Change for your setup and add this to both the view "internal" and view "external" sections of /etc/named.conf

Code:
zone "Server1.Example.com" {
        type master;
        file "/var/named/Server1.Example.com.db";
};
*) restart bind
Code:
# systemctl enable named
# systemctl start named
# systemctl status named
# systemctl restart named
 
Last edited: