Stubborn ipv6 alias entry in AutoSSL cannot be removed

[bloatedstoat]

Hello,

I removed an aliased domain via the cPanel control panel under the main domain, the removal process has left behind an ipv6.domainname.com.au entry when browsing the "SSL/TLS Status" page which is causing the certificate renewal process to fail.

2:45:18 AM Performing DCV (Domain Control Validation) …
2:45:19 AM ERROR “ipv6.removedalias.com.au” is either not a registered domain or you can’t connect to the root nameservers. Try accessing the domain later.

I've tried to workaround this in the short term by checking the exclude during AutoSSL checkbox and manually running the process again - without success. When I run the AutoSSL process within "SSL/TLS Status" I get this in the log:

Checking websites for “username” …
9:45:54 AM Analyzing “maindomain.com.au” …
9:45:54 AM WARN (XID 2huxyz) “username” does not own a domain named “ipv6.removedalias.com.au” on this server.

I've checked to see if there are any remnants in the /var/named dir and cannot find anything so doesn't look like an issue with a zone file.

Where else I can look to remove the problem entry?

CLOUDLINUX 6.10 v80.0.20

Thank you.

 

[cPanelLauren]

While this should have been removed when you removed the domain you might check in /var/cpanel/users/ and /var/cpanel/userdata for remnants.

If you do find it present in the files you'll want to remove it then run

/scripts/update/userdomains

You mentioned you checked /var/named but did you check within the zone files as well?

 

[bloatedstoat]

Thanks @cPanelLauren

Found an alias_domain.com.au file in /var/cpanel/userdata/primary_username and removed it.

Ran:

/usr/local/cpanel/scripts/updateuserdomains

(on my system /scripts/update/userdomains does not exist)

Regardless, the change made no difference so from the shell I ran:

locate alias_domain

/var/cpanel/ssl/domain_tls/ipv6.alias_domain.com.au
/var/cpanel/ssl/domain_tls/mail.alias_domain.com.au
/var/cpanel/ssl/domain_tls/ipv6.alias_domain.com.au/certificates
/var/cpanel/ssl/domain_tls/ipv6.alias_domain.com.au/certificates.cache
/var/cpanel/ssl/domain_tls/ipv6.alias_domain.com.au/combined
/var/cpanel/ssl/domain_tls/ipv6.alias_domain.com.au/combined.cache
/var/cpanel/ssl/domain_tls/mail.alias_domain.com.au/certificates
/var/cpanel/ssl/domain_tls/mail.alias_domain.com.au/certificates.cache
/var/cpanel/ssl/domain_tls/mail.alias_domain.com.au/combined
/var/cpanel/ssl/domain_tls/mail.alias_domain.com.au/combined.cache
/var/cpanel/userdata/primary_domain/alias_domain.com.au
/var/cpanel/userdata/primary_domain/alias_domain.com.au.cache

Can this lot be removed safely?

Whilst on this journey I also found a few other things that look out of place.

I opened the primary_username file /var/cpanel/users/primary_user and within that file are 16 XDNS[NN] entries, these entries list expired domains or domains that are no longer registered with us - one of the entries is alias_domain.com.au

Can all of these legacy entries be removed for clarity's sake? Which script needs to be run afterwards if I do?

Within /var/cpanel/users there are 2 files that were modified recently, those files are owned by root:username, the remainder of the files are owned by cpanel:username so lack consistency.

Thanks.

 

[cPanelLauren]

If you're not using them they can be removed - just the entries that are invalid though.


I'd also like to see if the following helps once they're removed:

/scripts/update/userdomains
/scripts/updateuserdatacache
mv /etc/apache2/conf/httpd.conf{,.bk}
/scripts/rebuildhttpdconf
/scripts/restartsrv_httpd
/scripts/rebuilddnsconfig

 

[bloatedstoat]

I manually removed the entries highlighted in my earlier post and ran the relevant scripts as advised.

The process made no difference to the ipv6.alias_domain.com.au entry.

I then added the domain back in as an alias and ran the AutoSSL feature from within cPanel (not WHM) excluding the troublesome alias from the certificate request. The certificate for the main domain and another alias successfully completed and the certificate was installed with a warning that alias_domain.com.au and its subdomains are not secured.

Thereafter I removed the alias from within cpanel thinking this might clean everything up.

The following:

• mail.alias_domain.com.au
• www_alias_domain.com.au
  
• alias_domain.com.au

were removed successfully - but not ipv6.alias_domain.com.au.

It refuses to be deleted!

Are you able to reproduce this behaviour?

Thanks.

CLOUDLINUX 6.10
v80.0.20

 

[cPanelLauren]

I'd go ahead and open a ticket at this point @bloatedstoat. Once open please reply with the Ticket ID here so that we can update this thread with the resolution once the ticket is resolved.


Thanks!