[CPANEL-21024] IPv6 Subdomain fails AutoSSL verification
IPv6 Subdomain are not install Certificate. Please let me know this fix.
Log for the AutoSSL run for "user": Thursday, February 8, 2018 10:52:00 PM GMT+0100 (cPanel (powered by Comodo))
10:52:00 PM This system has AutoSSL set to use "cPanel (powered by Comodo)".
10:52:00 PM Checking websites for "user" "
10:52:00 PM The website "mysite.com", owned by "user", has a valid SSL certificate, but additional SSL coverage may be possible for the domain "ipv6.mysite.com". The system will attempt to replace this certificate with one that includes this additional domain.
10:52:01 PM WARN The domain "ipv6.mysite.com" failed domain control validation: "ipv6.mysite.com" does not resolve to any IPv4 addresses on the internet.
10:52:01 PM AutoSSL cannot add any new domains to SSL coverage for the website "mysite.com".
10:52:01 PM The system has completed the AutoSSL check for "user". -
Hi @Nirjonadda, Unfortunately, AAAA requests are not currently supported with AutoSSL. We started working on adding support for it; however, we had to delay the feature because we need to ensure our SSL vendors support AAAA lookups/DCV checks first. We hope to see it implemented soon. Thanks, 0 -
Hi @Nirjonadda, Unfortunately, AAAA requests are not currently supported with AutoSSL. We started working on adding support for it; however, we had to delay the feature because we need to ensure our SSL vendors support AAAA lookups/DCV checks first. We hope to see it implemented soon. Thanks,
OK wait for AAAA AutoSSL Support. Does Let"s Encrypt support AAAA AutoSSL?0 -
Hello, No, AAAA requests are not supported with through AutoSSL with either provider (Comodo/Let's Encrypt) at this time. Thank you. 0 -
Is there a way of disabling the "ipv6" subdomain that is automatically added to all IPv6-enabled sites? It's not something that we or any of our clients need as far as I'm aware, but it causes annoying AutoSSL e-mails for every client's domain. (I don't want to disable the generic AutoSSL 'missing domains' notification as this can be useful when a client genuinely does have domains that aren't included, and I of course don't want to disable IPv6 entirely either.) An option to enable/disable the IPv6 proxy subdomain would be very helpful if there isn't already a way of doing so. 0 -
Is there a way of disabling the "ipv6" subdomain that is automatically added to all IPv6-enabled sites? It's not something that we or any of our clients need as far as I'm aware, but it causes annoying AutoSSL e-mails for every client's domain. (I don't want to disable the generic AutoSSL 'missing domains' notification as this can be useful when a client genuinely does have domains that aren't included, and I of course don't want to disable IPv6 entirely either.) An option to enable/disable the IPv6 proxy subdomain would be very helpful if there isn't already a way of doing so.
Hello @orudge, There's actually an internal case open (CPANEL-21024) to address the issue where enabling IPv6 for an account leads to the following error during subsequent AutoSSL checks, even after excluding the ipv6 subdomain from AutoSSL using the SSL/TLS Status option in cPanel: [QUOTE] "username" does not own a domain named "ipv6.domain.tld" on this server.
I'll monitor this case and update this thread once it's published. In the meantime, the workaround is to manually create an A record for the ipv6 subdomain so that it points to an IPv4 address. Thank you.0 -
In the meantime, the workaround is to manually create an A record for the ipv6 subdomain so that it points to an IPv4 address.
Hello, I am also experiencing this issue. I added an A record for the ipv6 sub-domain, but autossl will still not proceed past the warning. Are there any other suggested workarounds for this issue? Thank you.0 -
I am also experiencing this issue. I added an A record for the ipv6 sub-domain, but autossl will still not proceed past the warning. Are there any other suggested workarounds for this issue?
Hello @keencs, Did you confirm that ipv6.domain.tld resolves to the IPv4 address associated with the account from a remote location? If so, another workaround is to temporarily disable IPv6 on the affected account until the AutoSSL certificates are issued, and then enable it again. Feel free to open a0 -
Yes, I've confirmed it resolves. The AAAA record has a 4hr TTL, so I will wait for that to expire and then try again before logging a ticket. Perhaps whatever server is doing the lookup has a cached version of only the AAAA record and is not retrieving the A record. Thank you. 0 -
I was able to determine that this only occurred on accounts where the ipv6 subdomain had been excluded from AutoSSL. When I re-added or included the subdomain for AutoSSL the log still warned that "[the ipv6 subdomain] does not resolve to any IPv4 addresses on the internet" but it was able to successfully renew the certificate. Ryan 0 -
Hello, To update, this case is included with cPanel & WHM version 74: Fixed case CPANEL-21024: Make WebVhosts backend logic recognize "ipv6" the same as "mail". Version 74 is now available on the RELEASE tier. You can read more about it at: The Hosting Platform of Choice | cPanel Release Highlights | cPanel, Inc. Thank you. 0
Please sign in to leave a comment.
Comments
10 comments