Server SSL Cert disappeared

Operating System & Version
Centos 7
cPanel & WHM Version
cpanel ver 88

Courtney72

Member
May 16, 2018
17
1
3
Parkersburg,WV
cPanel Access Level
Root Administrator
My server certificate (Sectigo Auto-SSL) just up and quit today. I tried to find a suitable cert in the repository but there were only self-signed there ..both root and apache. I can't seem to find a way to Auto-SSL it.

Has c-Panel stopped issuing free certs for servers??.......my Domains are covered just fine...but server i not.
 

andrew.n

Well-Known Member
Jun 9, 2020
683
216
43
EU
cPanel Access Level
Root Administrator
Login to your server via SSH as root and just type this and hit enter:

/scripts/checkallsslcerts --verbose

then let us know the output
 

andrew.n

Well-Known Member
Jun 9, 2020
683
216
43
EU
cPanel Access Level
Root Administrator
Give this a try instead:

/usr/local/cpanel/bin/checkallsslcerts
 

Courtney72

Member
May 16, 2018
17
1
3
Parkersburg,WV
cPanel Access Level
Root Administrator
/usr/local/cpanel/bin/checkallsslcerts
Output =
The system will check for the certificate for the “cpanel” service.
The system will attempt to replace the self-signed certificate for the “cpanel” service with a signed certificate from the cPanel Store.
The system will attempt to install a certificate for the “cpanel” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “cpanel” service.
The system will attempt to install a certificate for the “cpanel” service from the cPanel store.
Received error “X::NoCertificate” from cPanel Store (No free ssl certificate found for this IP); requesting new certificate …
Setting up HTTP DCV (/var/www/html/.well-known/pki-validation/C7E253648738D64586B169CD246CA27D.txt) …
… complete.

FAILED: Cpanel::Exception/(XID 279h9d) The system failed to fetch the DCV (Domain Control Validation) file at “http://hwsrv-545811.domain.com/.well-known/pki-validation/C7E253648738D64586B169CD246CA27D.txt” because of an error: The system failed to send an HTTP (Hypertext Transfer Protocol) “GET” request to “http://hwsrv-545811.domain.com/.wel.../C7E253648738D64586B169CD246CA27D.txt”because of an error: Could not connect to 'hwsrv-545811.domain.com:80': Address family for hostname not supported. The domain “hwsrv-545811.domain.com” resolved to an IP address “2607:5500:3000:13af:0000:0000:0000:0002” that does not exist on this server.
at /usr/local/cpanel/Cpanel/SSL/DCV.pm line 409.
[[email protected] ~]#
 
Last edited by a moderator:

andrew.n

Well-Known Member
Jun 9, 2020
683
216
43
EU
cPanel Access Level
Root Administrator
Okay so you see the problem?

Could not connect to 'hwsrv-545811.hostwindsdns.com:80': Address family for hostname not supported.
The domain “hwsrv-545811.hostwindsdns.com” resolved to an IP address “2607:5500:3000:13af:0000:0000:0000:0002” that does not exist on this server.
 

Courtney72

Member
May 16, 2018
17
1
3
Parkersburg,WV
cPanel Access Level
Root Administrator
Thanks Andrew ...I do see that but my ssh port has been changed for security. The other address was supposed to be the IPV6 address which was incorrect....I changed that with a 600TTL....so waiting to see if it will be fixed after DNS prop.....is this a reasonable approach or am I missing something.
 
Last edited:

Courtney72

Member
May 16, 2018
17
1
3
Parkersburg,WV
cPanel Access Level
Root Administrator
Still getting this...and no certificate:
@hwsrv-545811 ~]# /usr/local/cpanel/bin/checkallsslcerts
The system will check for the certificate for the “cpanel” service.
The system will attempt to replace the self-signed certificate for the “cpanel” service with a signed certificate from the cPanel Store.
The system will attempt to install a certificate for the “cpanel” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “cpanel” service.
The system will attempt to install a certificate for the “cpanel” service from the cPanel store.
Received error “X::NoCertificate” from cPanel Store (No free ssl certificate found for this IP); requesting new certificate …
Setting up HTTP DCV (/var/www/html/.well-known/pki-validation/C1A09A29FBF87A14871EE5B30DBA3C0A.txt) …
… complete.
Setting up DNS DCV (CNAME _c1a09a29fbf87a14871ee5b30dba3c0a.hwsrv-545811.domain.com) …
… complete.
Attempting DNS DCV preflight check …
FAILED: The DNS DCV check (_c1a09a29fbf87a14871ee5b30dba3c0a.hwsrv-545811.domain.com IN CNAME) did not return the expected value (c8220e546e7536c9335180aaf6fde57c.e11d423c7894b4ed7ecfa41ea8e700ff.comodoca.com).
Attempting HTTP DCV preflight check …
FAILED: Cpanel::Exception/(XID qhk48b) The system failed to fetch the DCV (Domain Control Validation) file at “http://hwsrv-545811.domain.com/.well-known/pki-validation/C1A09A29FBF87A14871EE5B30DBA3C0A.txt” because of an error: The system failed to send an HTTP (Hypertext Transfer Protocol) “GET” request to “http://hwsrv-545811.domain.com/.wel.../C1A09A29FBF87A14871EE5B30DBA3C0A.txt”because of an error: Could not connect to 'hwsrv-545811.domain.com:80': Address family for hostname not supported. The domain “hwsrv-545811.domain.com” resolved to an IP address “2607:5500:3000:13af:0000:0000:0000:0002” that does not exist on this server.
at /usr/local/cpanel/Cpanel/SSL/DCV.pm line 409.

[WARN] The system failed to acquire a signed certificate from the cPanel Store because of the following error: Neither HTTP nor DNS DCV preflight checks succeeded!

The system will check for the certificate for the “dovecot” service.
The system will attempt to replace the self-signed certificate for the “dovecot” service with a signed certificate from the cPanel Store.
The system will attempt to install a certificate for the “dovecot” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “dovecot” service.
The system will check for the certificate for the “exim” service.
The system will attempt to replace the self-signed certificate for the “exim” service with a signed certificate from the cPanel Store.
The system will attempt to install a certificate for the “exim” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “exim” service.
 
Last edited by a moderator:

andrew.n

Well-Known Member
Jun 9, 2020
683
216
43
EU
cPanel Access Level
Root Administrator
It still have an IPV6 entry. Make sure that is removed or corrected.
 

Courtney72

Member
May 16, 2018
17
1
3
Parkersburg,WV
cPanel Access Level
Root Administrator
It still have an IPV6 entry. Make sure that is removed or corrected.
I corrected it to the exact entry the host provided my other server is working just fine...as was this one until Shazaam...it didn't, I don't know what else to do and now I have an unsecure cPanel product that I paid for.....Plus you are the only person who has helped me.....so Thank You!
 

andrew.n

Well-Known Member
Jun 9, 2020
683
216
43
EU
cPanel Access Level
Root Administrator

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,295
1,273
313
Houston
The problem is you still have the AAAA record in place:

Code:
dig AAAA hwsrv-545811.youdomain.com +short
2607:5500:3000:13af::2
It needs to be removed where DNS for the domain is hosted.