Symptoms
You might see the following error in AutoSSL, or other errors or timeouts when trying to connect to your server's public IP address using curl, dig, or other software. Typically when this issue occurs, the internal IP address in /var/cpanel/cpnat can be accessed while the public IP cannot.
In this example, 192.0.2.0 represents the public IP that an account is using. Note, this error can be found in the WHM »SSL/TLS »Manage AutoSSL» Logs » "All Users" log.
ERROR 192.0.2.0 (10.0.0.0): Loopback NAT on this IP address
appears to be defective. AutoSSL will likely fail to secure any domain
whose authoritative nameserver uses this address. You can test this by
running “dig @192.0.2.0 . NS” at a command prompt.
If you follow the testing advice, the output below confirms the issue:
# dig @192.0.2.0 . NS
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-16.P2.el7_8.6 <<>> @192.0.2.0 . NS
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
Description
The server or IP address in question does not have NAT loopback correctly enabled, so the server cannot connect to itself, which a variety of functions require. NAT loopback is an installation requirement for cPanel in the Networking Requirements section of our installation guide:
A 1:1 NAT and NAT loopback configuration if your server resides in a NAT-configured network.
Workaround
The only solution or workarounds available are:
- Contact your hosting or network provider for assistance with making sure that NAT loopback is functional or possible on the network that the server resides in
- Migrate your accounts to a different server
Comments
0 comments
Article is closed for comments.