SOLVED Trouble with WHM » DNS Functions » Edit DNS Zone

[Spork Schivago]

Is anyone having trouble with WHM » DNS Functions » Edit DNS Zone with 66.0.14? I upgraded from 64.0.34 (I think) to 66.0.14 the other day, and now when I go to edit the zone in WHM, there's no scroll option. I see the very top bit of my zone file, but I cannot scroll down to see the rest. If I start highlighting it, it acts like there's more there, but I just have no way to see it.

Anyone else experiencing issues? I've rebooted the server, but that didn't change anything. I was thinking of trying to run upcp --force and see if that fixes the issue.

Thanks

 

[cPanelMichael]

Hello,

Can you verify which operating system and browser (and their versions) you are reproducing this behavior with? Also, can you confirm if you are using a touchpad for scrolling?

Thank you.

 

[Spork Schivago]

Thanks for the reply. Right now, I'm using Windows 10 x64 with the latest version of Chrome, Version 60.0.3112.101 (Official Build) (64-bit).

I'm using a mouse, but the scrollbar physically isn't there at all. I tried just now in Linux, on another computer, running the same version of Chrome (but compiled for Linux, obviously), and the problem isn't there.

This is the only Windows computer we have, all the other ones run Linux in one form or another, so I cannot tell if it's something just with this PC, or if it's a problem with Windows 10 and cPanel or what. Do you have access to a Windows 10 x64 OS where you can see if you have the same issues?

Thanks!

 

[cPanelMichael]

Hello,

Do you notice any output to /usr/local/cpanel/logs/error_log when this occurs?

Thank you.

 

[Spork Schivago]

I just tried visiting WHM in Chrome in Incognito mode and I can't visit the site!

whm.example.com normally uses encryption to protect your information. When Google Chrome tried to connect to whm.example.com this
 time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be 
whm.example.com, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Google Chrome 
stopped the connection before any data was exchanged.

You cannot visit whm.example.com right now because the website uses HSTS. Network errors and attacks are usually temporary, so this 
page will probably work later.

This happens with both operating systems, using Chrome. This worries me very much now! I am on the HSTS Preloading list, so browsers like Firefox and Chrome shouldn't allow a connection unless it's secure. I do use HSTS. My understanding of that is people just won't be able to connect to my site, unless it's secure. Changing the certificates from Let's Encrypt to the AutoSSL Comodo ones shouldn't have affected that, I wouldn't think. There's obviously something wrong going on here.

Logged into the server, I tried curl:

[email protected]:[/home/spork]# curl http://whm.example.com
<html><head><META HTTP-EQUIV="refresh" CONTENT="2;URL=https://whm.example.com/"></head><body></body></html>

[email protected]:[/home/spork]# curl https://whm.example.com
curl: (51) Unable to communicate securely with peer: requested domain name does not match the server's certificate.

 

[Spork Schivago]

Hello,

Do you notice any output to /usr/local/cpanel/logs/error_log when this occurs?

Thank you.

There are some errors there, but I don't think they're connected to the Windows / Chrome issue. Maybe you can make some sense out of them? They might be causing the certificate issue though....

[2017-08-23 06:15:02 -0400] info [autorepair] Successfully verified signature for cpanel (key types: release).
==> cpsrvd 11.66.0.14 started
==> cpsrvd: loading security policy....Done
==> cpsrvd: Setting up SSL support ... Done
==> cpsrvd: transferred port bindings
==> cpsrvd: bound to ports
==> cpsrvd 11.66.0.14 started
==> cpsrvd: loading security policy....Done
==> cpsrvd: Setting up SSL support ... Done
==> cpsrvd: transferred port bindings
==> cpsrvd: bound to ports
[2017-08-23 08:41:47 -0400] info [whostmgr2] Syncing version information from httpupdate.cpanel.net/cpanelsync/TIERS.json
[2017-08-23 08:41:52 -0400] info [whostmgr2] Successfully verified signature for cpanel (key types: release).
[2017-08-23 08:46:22 -0400] info [queueprocd] "default._domainkey" DKIM TXT record detected for ipv4.example.com, skipping.
[2017-08-23 08:46:22 -0400] info [queueprocd] "default._domainkey" DKIM TXT record detected for ipv6.example.com, skipping.
[2017-08-23 08:46:22 -0400] info [queueprocd] "default._domainkey" DKIM TXT record detected for example.com, skipping.
==> cpsrvd 11.66.0.14 started
==> cpsrvd: loading security policy....Done
==> cpsrvd: Setting up SSL support ... Done
==> cpsrvd: transferred port bindings
==> cpsrvd: bound to ports
==> cpsrvd 11.66.0.14 started
==> cpsrvd: loading security policy....Done
==> cpsrvd: Setting up SSL support ... Done
==> cpsrvd: transferred port bindings
==> cpsrvd: bound to ports
==> cpsrvd 11.66.0.14 started
==> cpsrvd: loading security policy....Done
==> cpsrvd: Setting up SSL support ... Done
==> cpsrvd: transferred port bindings
==> cpsrvd: bound to ports
[2017-08-23 10:21:10 -0400] info [xml-api] Syncing version information from httpupdate.cpanel.net/cpanelsync/TIERS.json
[2017-08-23 10:21:11 -0400] info [xml-api] Successfully verified signature for cpanel (key types: release).
[2017-08-23 10:26:03 -0400] warn [restartsrv_cpanel_php_fpm] The service 'cpanel_php_fpm' may not have successfully stopped: 0 at /usr/local/cpanel/Cpanel/ServiceManager/Base.pm line 1358.
        Cpanel::ServiceManager::Base::warn(Cpanel::ServiceManager::Services::Cpanel_php_fpm=HASH(0x2a13788), "The service 'cpanel_php_fpm' may not have successfully stoppe"...) called at /usr/local/cpanel/Cpanel/ServiceManager/Manager/Initd.pm line 270
        Cpanel::ServiceManager::Manager::Initd::stop(Cpanel::ServiceManager::Manager::Initd=HASH(0x2e6c4c8), Cpanel::ServiceManager::Services::Cpanel_php_fpm=HASH(0x2a13788)) called at /usr/local/cpanel/Cpanel/ServiceManager/Base.pm line 916
        Cpanel::ServiceManager::Base::stop(Cpanel::ServiceManager::Services::Cpanel_php_fpm=HASH(0x2a13788), Cpanel::ServiceManager::Services::Cpanel_php_fpm=HASH(0x2a13788)) called at /usr/local/cpanel/Cpanel/ServiceManager/Services/Cpanel_php_fpm.pm line 48
        Cpanel::ServiceManager::Services::Cpanel_php_fpm::stop(Cpanel::ServiceManager::Services::Cpanel_php_fpm=HASH(0x2a13788)) called at /usr/local/cpanel/Cpanel/ServiceManager/Base.pm line 533
        Cpanel::ServiceManager::Base::run_from_argv(Cpanel::ServiceManager::Services::Cpanel_php_fpm=HASH(0x2a13788), "--stop", "--notconfigured-ok") called at bin/restartsrv_base.pl line 72
        main::__ANON__() called at /usr/local/cpanel/3rdparty/perl/524/lib64/perl5/cpanel_lib/Try/Tiny.pm line 98
        eval {...} called at /usr/local/cpanel/3rdparty/perl/524/lib64/perl5/cpanel_lib/Try/Tiny.pm line 89
        Try::Tiny::try(CODE(0x296c648), Try::Tiny::Catch=REF(0xb98670)) called at bin/restartsrv_base.pl line 107
cpsrvd [4092] Shutting down due to SIGTERM or SIGINT
[2017-08-23 10:27:06 -0400] info [onboot_handler] On Boot Handler started
[2017-08-23 10:27:06 -0400] info [onboot_handler] On Boot Handler running /usr/local/cpanel/libexec/on_boot/populate_system_needs_reboot
[2017-08-23 10:27:07 -0400] info [onboot_handler] On Boot Handler completed
-- RESTART MARKER (PID 3829 at 1503498437)--
==> cpsrvd 11.66.0.14 started
==> cpsrvd: loading security policy....Done
==> cpsrvd: Setting up SSL support ... Done
==> cpsrvd: transferred port bindings
==> cpsrvd: bound to ports
[2017-08-23 12:17:23 -0400] info [autorepair] Successfully verified signature for cpanel (key types: release).
==> cpsrvd 11.66.0.14 started
==> cpsrvd: loading security policy....Done
==> cpsrvd: Setting up SSL support ... Done
==> cpsrvd: transferred port bindings
==> cpsrvd: bound to ports
[2017-08-23 12:31:29 -0400] info [xml-api] Syncing version information from httpupdate.cpanel.net/cpanelsync/TIERS.json
[2017-08-23 12:31:29 -0400] info [xml-api] Successfully verified signature for cpanel (key types: release).
==> cpsrvd 11.66.0.14 started
==> cpsrvd: loading security policy....Done
==> cpsrvd: Setting up SSL support ... Done
==> cpsrvd: transferred port bindings
==> cpsrvd: bound to ports

 

[Spork Schivago]

I've must have messed something up with the server, perhaps when I tried installing the cert for the hostname?

I run curl again, but with a little more info:

[email protected]:[/home/spork]# curl -vvI https://whm.example.com

* About to connect() to whm.example.com port 443 (#0)
*   Trying <IPv6 address>...
* Connected to whm.example.com (<IPv6 address>) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* Server certificate:
*       subject: CN=franklin.example.com,OU=PositiveSSL,OU=Domain Control Validated
*       start date: Aug 22 00:00:00 2017 GMT
*       expire date: Aug 22 23:59:59 2018 GMT
*       common name: franklin.example.com
*       issuer: CN="cPanel, Inc. Certification Authority",O="cPanel, Inc.",L=Houston,ST=TX,C=US
* NSS error -12276 (SSL_ERROR_BAD_CERT_DOMAIN)
* Unable to communicate securely with peer: requested domain name does not match the server's certificate.
* Closing connection 0
curl: (51) Unable to communicate securely with peer: requested domain name does not match the server's certificate.

 

[Spork Schivago]

WHM -> SSL/TLS -> Manage SSL Hosts shows

domain                   address           IP address type     Primary Website?
ipv4.example.com         <IPv6 addy>       Dedicated           no

cpanel.example.com       <IPv6 addy>       Dedicated           no
example.com
webdisk.example.com
webmail.example.com
www.example.com

ipv4.example.com         <IPv4 addy>       Shared              no

cpanel.example.com       <IPv4 addy>       Shared              yes
example.com
webdisk.example.com
webmail.example.com
www.example.com

They all show they're issued by cPanel, Inc. I cannot see how this data could be cached data, so I think it's safe to assume that this is valid data. What do you think?

 

[Spork Schivago]

I see the issue! For some reason, AutoSSL never generates certificates for the other services, whm, cpcontacts, and cpcalanders. This I think ties into my other thread. Maybe we can merge them? Perhaps the autossl_checks --all binary application simply errors out after trying the ipv6.example.com subdomain and doesn't attempt to create any more certificates?

 

[cPanelMichael]

Hello,

Could you open a support ticket using the link in my signature so we can take a closer look at how your system is configured to get a better idea of what's happening?

Thank you.

 

[R1Lover]

I'm seeing the same issue, no scrolling on editing a DNS zone, is there a patch for this issue?

 

[Spork Schivago]

Yup! Thank you cPanelMichael.

 

[Spork Schivago]

I'm seeing the same issue, no scrolling on editing a DNS zone, is there a patch for this issue?

What operating system and browser are you using R1Lover? I didn't have this problem until I upgraded to 66 (I was on 64), but I was thinking this might be a caching issue for me. I have HSTS setup, and right now, whm.mydomain.com doesn't have a valid SSL certificate installed, so I shouldn't be able to visit whm.mydomain.com, but I can. Unless I clear the browser cache, and then I cannot visit it.

I thought perhaps this was causing the no-scrolling issue for my site, but maybe not? Maybe there's something else going on here.

Thanks.

 

[Tearabite]

Having the same issue on 66.0.10 on CentOS using Mac OS X Sierra and Safari.

 

[R1Lover]

What operating system and browser are you using R1Lover? I didn't have this problem until I upgraded to 66 (I was on 64), but I was thinking this might be a caching issue for me. I have HSTS setup, and right now, whm.mydomain.com doesn't have a valid SSL certificate installed, so I shouldn't be able to visit whm.mydomain.com, but I can. Unless I clear the browser cache, and then I cannot visit it.

I thought perhaps this was causing the no-scrolling issue for my site, but maybe not? Maybe there's something else going on here.

Thanks.

MacOS+Chrome, server is CentOS 7.3, it's most certainly a bug in the update to 66.x. Every server that has updated has the same issue, those still not updated are fine.

 

[Spork Schivago]

Thanks! I opened a support ticket, per cPanelMichael's request, but I didn't mention the scrolling problem, because I thought maybe for my system, it was related to certain subdomains not being generated SSL certificates through AutoSSL. They've now escalated my inquiry to their level 2 analysts for a closer look.

I'll keep you guys updated on the outcome of that request.

Could this be related to CPANEL-14598, where they update the "Edit DNS Zone" WHM interface to support CAA records? I wonder if this problem existed in 66.0.3. That was the release right before CPANEL-14598 was added.

I believe I can still access the records in cPanel, just not WHM.

With my system, when I go to WHM » DNS Functions » Edit DNS Zone, I can hit CTRL-A in Windows to select everything, and then copy it to the buffer in Windows. Then I can paste the information into wordpad and see that it's all there. So for me, it's just an issue with the scrollbar not appearing.

Maybe it was caused by CPANEL-13755: Fixed nav search: page retension, allows ', up/down in textareas. ? I dunno. I figured the scroll bar would have been something that was created by Chrome, if the text being displayed didn't fit on the page. Maybe cPanel uses some fancy HTML or something though?

Are you guys missing the actual scroll bar, but have all the info, you just can't see it all because of the lack of scroll bar?

 

[Spork Schivago]

Also, for me, I loose the left navbar. It's like the viewport changes or something and it thinks I'm on a device with a small screen, whenever I go to the Edit DNS Zones in WHM. It doesn't happen when I go anywheres else.

I cannot try it any other browsers, like Microsoft Edge or IE, because I've never been to whm on those browsers. So until my SSL certificate problem is fixed, I can't troubleshoot much. Sorry guys.

When I view the page source for a WHM function that has the scroll bar and compare it to the Edit DNS Zone source code, in the beginning, I see some discrepancies.

Mainly this:
# In Edit DNS Zone

        <script type='text/javascript' src='/cPanel_magic_revision_1492181131/yui-gen/utilities_container/utilities_container.js'>
        </script>

        <script type='text/javascript' src='/cPanel_magic_revision_1503440577/cjt/cjt-min.js?locale=en&locale_revision=1503440955'>
        </script>

        <link rel='stylesheet' href="/libraries/fontawesome/css/font-awesome.min.css" />

# In Apache Configuration -> Global Configuration

        <script type='text/javascript' src='/cPanel_magic_revision_1492181131/yui-gen/utilities_container/utilities_container.js'>
        </script>

        <script type='text/javascript' src='/cPanel_magic_revision_1503440577/cjt/cjt-min.js?locale=en&locale_revision=1503440955'>
        </script>

        <link rel='stylesheet' href="/cPanel_magic_revision_1424892677/libraries/fontawesome/css/font-awesome.min.css" />

Notice that last link rel='stylesheet'.....

See how in the Global Configuration, where the scroll bar works, there's a cPanel_magic_revision_somenumber in front of libraries, but in Edit DNS Zone, that's not there? Makes me wonder if the Edit DNS Zone page is cached.

When I use Chrome's Inspect function, I can manually edit the values in the head part of the HTML page. When I copy and paste the various cPanel_magic_revision_somenumber from the Apache Global Configuration source code page to the Edit DNS Zone function, then the Edit DNS Zone function gets the scroll bar, the left navigation page reappears, etc....

Did you guys try clearing your cache, to see if the problem gets fixed?

Thanks.

 

[Spork Schivago]

Is this what you guys see?

Notice how there's no Navigation bar, notice there's no scroll bar...

This is because, on my system, certain cascading file sheets are not getting loaded.

 

[Spork Schivago]

With the valid SSL certificate, and using a not cached version of my website, going to the zone editor now works as expected.

I suspect other users who might be having the same issue are using a cached version of their site. Just wanted to update that everything is working as expected now in the zone editor.

I guess my setup is a bit unique, where I'm the only account owner. I have my own domain. AutoSSL doesn't generate SSL certificates for whm, unless it's owned by a reseller. So I had to take my main account, make it a Reseller Account, and then owner of my domain.

After that, AutoSSL was successfully able to generate a valid SSL certificate for WHM. When I go to whm.mydomain.com, WHM -> DNS Functions -> Edit DNS Zone, when I'm in Incognito mode, it loads properly.

In Chrome, which isn't incognito mode, it's still loading the cached version. I think that's a bit odd, but because of it, I was at least able to connect to whm when I shouldn't have been able to, so I'm kind of thankful for that bug there.

 

[Spork Schivago]

In Chrome (not Incognito mode), I load the zone editor, see that it's broken. I hold down the left SHIFT button and hit F5. It fixes the issue, for me.