Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Switched to PowerDNS, seems to have broken AutoSSL

Discussion in 'Bind / DNS / Nameserver Issues' started by janipewter, Nov 11, 2016.

Tags:
  1. janipewter

    janipewter Member

    Joined:
    Jan 2, 2013
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Apologies if this has been posted before, I did have a look but couldn't find anyone with the same issue.

    I switched to PowerDNS yesterday, and now I've noticed that when AutoSSL runs, I get a lot of errors. I'm not sure if these two things are related, as I haven't manually run AutoSSL for a long time until today but I never had this problem before.

    The reason why I manually ran AutoSSL today is because I have just created a subdomain on one of my domains and I wanted HTTPS on it immediately. Then I noticed a lot of these errors in the log (account name and main domain name changed for privacy):

    Code:
    12:47:57 PM Checking websites for “myuser” …
    12:47:57 PM The website “share.mydomain.co.uk”, owned by “myuser”, has no SSL certificate. AutoSSL will attempt to obtain a new certificate and install it.
    12:47:57 PM The website “mydomain.co.uk”, owned by “myuser”, has a valid SSL certificate, but additional SSL coverage may be possible for the domains “mail.mydomain.co.uk” and “www.mail.mydomain.co.uk”. The system will attempt to replace this certificate with one that includes these additional domains.
    12:47:57 PM WARN The domain “www.mail.mydomain.co.uk” failed domain control validation: “www.mail.mydomain.co.uk” does not resolve to any IPv4 addresses on the internet. at bin/autossl_check.pl line 512.

    The subdomain I recently created was share.mydomain.co.uk - that's the one I wanted it to grab the SSL cert for. However there is a warning that www.mail.mydomain.co.uk has failed DCV because it doesn't resolve. This is quite right, as I have never created it, and I assume it's a system thing. mail.mydomain.co.uk does resolve to my server IP, however it just leads to the site on mydomain.co.uk with a certificate warning because the common name does not match (the cert is for mydomain.co.uk).

    The log has the warning for the mail.whatever.tld failure for every domain that I host on my server (about 30). None of my users actually use the webmail anyway, and I think mail.whatever.tld looks ugly - and even then, the webmail is accessed through whatever.tld/mail - NOT mail.whatever.tld
     
    #1 janipewter, Nov 11, 2016
    Last edited: Nov 11, 2016
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Could you verify if any changes have been made to the "mail" DNS entries for the accounts? Or, is an independent subdomain or addon domain name created for "mail" under the affected accounts?

    Thank you.
     
  3. janipewter

    janipewter Member

    Joined:
    Jan 2, 2013
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Thanks for the reply. None of the accounts have independent subdomains or addon domains created for "mail" nor "www.mail"

    I checked three random accounts and in all three, mail.mydomain.co.uk is a CNAME of mydomain.co.uk. I assume this is the intended behaviour of cpanel.

    Two things of interest that I have stumbled upon though, are:

    When I enter Advanced DNS Zone Editor, in the Select a Domain dropdown menu, it lists mydomain.co.uk and mail.mydomain.co.uk. If I select the latter, I get the following error at the bottom of the page (where the records should be):

    Error

    Failed to fetch zone file for mail.mydomain.co.uk

    The system did not find any zone records.

    When I selected the main mydomain.co.uk and hit the Reset Zone File button and it created a whole load of new records, which look like they are all cpanel things. Examples are A records for webdisk.mydomain.co.uk, cpcalendars.mydomain.co.uk etc. It did not create one for www.mail.mydomain.co.uk

    Lastly, it's worth pointing out that AutoSSL is in fact not broken as the thread title suggests. It did successfully fetch and install the SSL cert for share.mydomain.co.uk, within the hour. It's just very annoying that I get a huge list of errors because of the other issue described above.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Could you open a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here and we will update this thread with the outcome.

    Thank you.
     
  5. janipewter

    janipewter Member

    Joined:
    Jan 2, 2013
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Support ticket created. The ID is 7998291.

    Thanks
     
Loading...

Share This Page