AutoSSL provider could not renew the SSL certificate
cPanel 68.0.26
My site was hacked about a month back. The .com site was a pointer to my actual page. When I became aware of the hack I called my hosting co. They reset the password and I logged on though my web browser. I had not logged on for years because all my changes were to the site that was pointed to. The support person said to delete all files in public_html except for index.html which contained the pointer. I did so, this was Jan.10. The site is working fine except for constant emails from cPanel-mydomain. It started (Dec.17) with
"Good news, AutoSSL has successfully renewed the Domain Validated (DV) certificate for "example.com". This does not require any further action by you."
I noticed at the bottom that cPanel.example and webdisk.example were not included in the certificate.
Now I get 6 emails this year. This one Jan.18
All files that were deleted are still in the trash. I read other posts but could relate them my situation. I could not see the requested file in other posts. Apologize for length of post. other info
"The "cPanel" AutoSSL provider could not renew the SSL certificate without a reduction of coverage because of the following problems:
The system queried for a temporary file at "http://example.com/.well-known/pki-validation/614F50B49052A2C14F6AA91B9BD3268E.txt'>http://example.com/.well-known/pki-validation/614F50B49***************.txt", but the web server responded with the following error: 403 (Forbidden). A DNS (Domain Name System) or web server misconfiguration may exist.
For the most current status, navigate to the SSL/TLS Status" interface. You can also exclude domains from future renewal attempts, which would cease future notifications.
You can fix these problems within 3 days of the certificate expiry date (2018-03-18 at 00:00:00 UTC) or take other actions. If you do not, this certificate will automatically renew without these domains.
The next time that the "cPanel" AutoSSL provider attempts to renew the SSL certificate, the system will attempt to add the following domains to that certificate:
- cpanel.example.com
- webdisk.example.com
All files that were deleted are still in the trash. I read other posts but could relate them my situation. I could not see the requested file in other posts. Apologize for length of post. other info
example.com
mail.example.com
www.example.com
- Self Signed -
12/16/18
2048
Cert for "example.com"
example.com
mail.example.com
webmail.example.com
www.example.com
cPanel, Inc.
3/18/18
2048
Cert for "example.com" 151*******.0
-
Hello, Could you let us know the contents of the .htaccess file if it exists under the public_html directory? Ensure to replace any real domain names with examples. Thank you. 0 -
I clicked on file manager and searched for .htaccess and got (Search Results for: .htaccess Double click on a file or folder to open the folder (or the folder it is contained in if it is a file). /public_html/.htaccess) There's two files in that folder, Index.html(the pointer) and a google file I put there to prove my ownership. Can the file be invisible? I clicked on /public_html/.htaccess and it brought me to my folder with the two files I stated. 0 -
Hello, In the upper-right of the File Manager interface, click on "Settings" and enable "Show Hidden Files" to see the .htaccess file. Additionally, it's also possible the required DNS entries for the proxy subdomains are missing from the DNS zones associated with your domain name. I recommend reaching out to your hosting provider to see if they can check this for you, as if that's the case, they should be able to automatically add the required DNS records with a command like this: /usr/local/cpanel/scripts/proxydomains --domain=domain.tld add
Otherwise, you can add any missing subdomain records using "cPanel >> Zone Editor >> Add Record >> Add "A" Record". EX:cpanel 14400 IN A $IP
Thank you.0 -
I can see the htaccess.dms file with show invisible. When click on it, it downloads. I view it with TextWrangler. order allow,deny allow from all Below that are 43 ip addresses that I blocked because they looked suspicious, I viewed these through "Visitors" and "Awstats". When I googled, some results showed phishing activity. Looks like the traffic is reducing. Reporting Period: 1/19/18, 7:03 AM " 1/20/18, 1:31 AM Total Data Sent: 13.54 KB 507 records match. Here's some samples /login.php.tar.bz2 /home/login.php/home.zip /editor/home/login.php?cmd=login_submit /(long list of numbers and letters)/login.php When google these my domain comes up on phishing registries like urlscan. I see other domains with the same numbers. I mention this just in case you see a connection. Received another email from cPanel. 0 -
I figured out to view and edit the htaccess.dms file within cPanel. Taking into account my previous post is order allow,deny allow from all OK 0 -
Hello, That entry alone shouldn't prevent the AutoSSL domain control validation from succeeding. I recommend reaching out to your hosting provider so they can take a closer look at the AutoSSL logs to determine why it's failing. Thank you. 0 -
You were right it was the .htaccess file. I inadvertently blocked the IP address for pki validation. My first warning email arrived on Dec.18 (below) and did not include a 404 error. It must have been caused by the hack. My next email arrived on Jan.14 and almost every day after because of a 404 error. because of an error: Timed out while waiting for socket to become ready for reading I changed my password Jan.10 and blocked a bunch of ip addresses which included the IP for pki validation. I corrected this on the 23rd and the emails stopped. My question is the fact that cpanel.example.com and webdisk.example.com cannot get certified, will this cause me a problem? Can I ignore this considering this a pointer to my site? Example.com is my main email address though. To comment on the hack, I was able to remove my site from blacklists buy asking them on their web pages. Kaspersky was the last to lift their block with my request. I joined Search Console on google and proving ownership of my site so hopefully when google see's hacking signs it will email me. I was removed from google search but now I'm back. All browsers no longer block the site. 0 -
My question is the fact that cpanel.example.com and webdisk.example.com cannot get certified, will this cause me a problem? Can I ignore this considering this a pointer to my site? Example.com is my main email address though.
Hi Steve, You can actually exclude domains that you don't want included as part of the AutoSSL feature using the "SSL TLS Status" option in cPanel: SSL TLS Status - Version 70 Documentation - cPanel Documentation It's a good idea to exclude the domain names you don't want certificates for, or to resolve any issues that prevent the validation from succeeding. Thank you.0
Please sign in to leave a comment.
Comments
8 comments