Symptoms
You may see the following error in AutoSSL or other errors or timeouts when trying to connect to your server's public IP address using curl, dig, or other software. Typically when this issue occurs, the internal IP address in /var/cpanel/cpnat can be accessed while the public IP cannot.
In this example, 203.0.113.2 represents the public IP that an account is using.
Note: This error can be found at WHM / SSL/TLS / Manage AutoSSL / Logs / All Users.
CONFIG_TEXT: ERROR 203.0.113.2 (192.0.2.2): Loopback NAT on this IP address appears to be defective. AutoSSL will likely fail to secure any domain whose authoritative nameserver uses this address. You can test this by running “dig @203.0.113.2 . NS” at a command prompt.
If you follow the testing advice, the output below confirms the issue:
# dig @203.0.113.2 . NS
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-16.P2.el7_8.6 <<>> @192.0.2.0 . NS
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
Cause
The server or IP address in question does not have NAT loopback correctly enabled, so the server cannot connect to itself, which a variety of functions require. NAT loopback is an installation requirement for cPanel in the Networking Requirements section of our installation guide:
A 1:1 NAT and NAT loopback configuration if your server resides in a NAT-configured network.
Resolution
The only solutions or workarounds available are:
- Contact your hosting or network provider for assistance with making sure that NAT loopback is functional or possible on the network on which the server resides.
- Migrate your accounts to a different server that either has loopback NAT configured or that is not running in a NAT environment.
Additional Resources
What NAT configuration does cPanel support?
Comments
0 comments
Article is closed for comments.