Symptoms
The DNS Cluster "status" shows the following for all Cluster members:
CONFIG_TEXT: Could not communicate with remote API server.
The cPanel error log shows errors such as the following as well:
CONFIG_TEXT: Could not connect to https://203.0.113.2:2087/json-api/batch: SSL connection failed for 203.0.113.2: hostname verification failed
Cause
By default, DNSAdmin now connects via an SSL connection to DNS Cluster members; however, DNSAdmin is still configured to use the IP address to communicate with the remote servers. As a result, various API commands will fail as the remote IP cannot be covered by an SSL.
We've opened an internal case for our development team to investigate this further. For reference, the case number is CPANEL-53390. Follow this article to receive an email notification when a solution is published in the product.
Resolution
You need to disable Enforce SSL peer verification for DNS cluster peers, which can be done via WHM (if the server is not a DNSOnly server) or via API.
- Log in to WHM as
root - Navigate to Home / Server Configuration / Tweak Settings
- Set Enforce SSL peer verification for DNS cluster peers to Off
- Click the Save button at the bottom
- Log in to the server via SSH or WHM's Terminal as the
rootuser Run the following command:
# whmapi1 set_tweaksetting key=dnsadmin_secure_ssl value=0
Comments
0 comments
Article is closed for comments.