Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

The AutoSSL certificate renewal may cause a reduction of coverage

Discussion in 'Security' started by Bloke2, Dec 22, 2017.

Tags:
  1. Bloke2

    Bloke2 Well-Known Member

    Joined:
    Feb 4, 2015
    Messages:
    49
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    I received the fallowing email titled "The AutoSSL certificate renewal may cause a reduction of coverage". Is this something I should be concerned with? I have 4 other sites on the server and did not get an email about those. Is this because I have a redirect on this website?

    Code:
    The “cPanel” AutoSSL provider could [B]not[/B] renew the SSL certificate without a reduction of coverage because of the following problems:
    The system failed to fetch the DCV (Domain Control Validation)
    
    The system failed to send an HTTP (Hypertext Transfer Protocol) “GET” request to “example.com/.well-known/pki-validation/7BA0FF751F8CD93D91833B643B8C6B01.txt” because of an error: Size of response body exceeds the maximum allowed of 16384
    
    mail.example.com
    
     
    #1 Bloke2, Dec 22, 2017
    Last edited by a moderator: Dec 22, 2017
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,720
    Likes Received:
    1,883
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    It's possible a redirect rule is directing requests to the DCV file to another file that exceeds the 16-KiB response limit. Are any rewrite rules configured for this domain name doing that? If so, try modifying them to exclude requests to the "domain.tld/.well-known/pki-validation/XXXXXXX.txt" path.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. Bloke2

    Bloke2 Well-Known Member

    Joined:
    Feb 4, 2015
    Messages:
    49
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    I removed the rewrite rule for the domain. I ran the AutoSSL and was able to get it to renew. Now it says
    mail.mywebsite.net” does not resolve to any IPv4 addresses on the internet.
     
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,720
    Likes Received:
    1,883
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Does the mail subdomain resolve to the IP address associated with the cPanel account, or is it pointed to another server?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. Bloke2

    Bloke2 Well-Known Member

    Joined:
    Feb 4, 2015
    Messages:
    49
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    There are two MX records pointing to another server.
     
  6. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,720
    Likes Received:
    1,883
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    The MX records shouldn't matter. What about the DNS record for the "mail" subdomain?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice