Symptoms
Afer running the /usr/local/cpanel/bin/checkallsslcerts script via SSH, you may see errors similar to the following:
FAILED: Cpanel::Exception/(XID bj6m2k) The system queried for a temporary file at “http://hostname.domain.tld/.well-known/pki-validation/B65E7F11E8FBB1F598817B68746BCDDC.txt”, but the web server responded with the following error: 404 (Not Found). A DNS (Domain Name System) or web server misconfiguration may exist.
[WARN] The system failed to acquire a signed certificate from the cPanel Store because of the following error: Neither HTTP nor DNS DCV preflight checks succeeded!
Description
This issue happens when the main shared IP address does not match the mainip.
The mainip is determined by the default routed IP of the server. Therefore it is generally easier to change the shared IP to match the mainip.
You can check to see what the mainip is with the following command:
cat /var/cpanel/mainip
You can check to see what the shared IP is with the following command:
grep ADDR /etc/wwwacct.conf
If the IPs in those two commands do not match, you will not be able to obtain a free hostname certificate.
This has been determined to be intended behavior, but we currently have an internal improvement request opened with our development team to change this behavior: CPANEL-28156
Workaround
In order to resolve this issue, you must ensure that the following things are true:
1. The mainip and main shared IP are the same
2. The A record for the hostname of the server is pointed to the main / main shared IP of the server.
If you need to change the shared IP address of the server, you can do so with the following steps:
1. Login to WHM as the root user
2. Navigate to: Home »Server Configuration »Basic WebHost Manager® Setup
3. Locate the option labeled: "The IPv4 address (only one address) to use to set up shared IPv4 virtual hosts."
4. Update that value so that it matches the mainip
5. Click "Save Changes" at the bottom of the page