Symptoms
You may see the following error in AutoSSL or other errors or timeouts when trying to connect to your server's public IP address using curl
, dig
, or other software. Typically when this issue occurs, the internal IP address in /var/cpanel/cpnat
can be accessed while the public IP cannot.
In this example, 192.0.2.0 represents the public IP that an account is using. Note, this error can be found at WHM »SSL/TLS »Manage AutoSSL» Logs » "All Users".
ERROR 192.0.2.0 (10.0.0.0): Loopback NAT on this IP address
appears to be defective. AutoSSL will likely fail to secure any domain
whose authoritative nameserver uses this address. You can test this by
running “dig @192.0.2.0 . NS” at a command prompt.
If you follow the testing advice, the output below confirms the issue:
# dig @192.0.2.0 . NS
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-16.P2.el7_8.6 <<>> @192.0.2.0 . NS
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
Description
The server or IP address in question does not have NAT loopback correctly enabled, so the server cannot connect to itself, which a variety of functions require. NAT loopback is an installation requirement for cPanel in the Networking Requirements section of our installation guide:
A 1:1 NAT and NAT loopback configuration if your server resides in a NAT-configured network.
Workaround
The only solution or workarounds available are these:
- Contact your hosting or network provider for assistance with making sure that NAT loopback is functional or possible on the network on which the server resides.
- Migrate your accounts to a different server that either has loopback NAT configured or that is not running in a NAT environment.