AutoSSL Webmail subdomain DCV error
Some time ago I had excluded some of the cpanel service subdomains (webdisk, etc) from AutoSSL, as I wasn't using them. Now I need to use webmail.domain.com and so selected to "Include during AutoSSL" in cpanel "SSL/TLS Status" page. I then hit the button "Run AutoSSL" hoping it would now include the webmail subdomain, but it failed to include it - DCV error:
An error occurred the last time AutoSSL ran, on May 1, 2018:
The content "XXX" of the DCV (Domain Control Validation) file, as accessed at ", did not match the expected value.
Even though I selected to "Include" webmail subdomain, it still appears in SSL/TLS
> Manage SSL Hosts with a red padlock.
I rebooted and Run AutoSSL again, still no joy.
Any ideas?
-
Hi @gnetwork-cp It sounds like either the webmail subdomain isn't present or there's a redirect that is occurring. To troubleshoot this I would first ensure that the proxy subdomains are enabled for the account by running the following via CLI: /scripts/proxydomains --user=$USER add
You may also want to check the .htaccess for the domain in question to ensure that it doesn't have any rewrite rules that would blindly affect subdomains Thank you,0 -
Hi @gnetwork-cp It sounds like either the webmail subdomain isn't present or there's a redirect that is occurring. To troubleshoot this I would first ensure that the proxy subdomains are enabled for the account by running the following via CLI:
/scripts/proxydomains --user=$USER add
You may also want to check the .htaccess for the domain in question to ensure that it doesn't have any rewrite rules that would blindly affect subdomains Thank you,
I have some necessary wordpress rewrite rules in .htaccess (run multisite subdomain install), maybe need to be circumvented. So I turned OFF the "Tweak Settings > Use a Global DCV Passthrough instead of .htaccess modification", then re-activated AutoSSL to get the rewrite rules added to htaccess. Run AutoSSL but no difference. Then tried with both "Use Global DCV" and htaccess rewrites, still no good. About running command above, I noticed at The proxydomains Script - Version 68 Documentation - cPanel Documentation it states: Note: You cannot add the cpanel, whm, or webmail proxy subdomains for addon or parked domains (aliases). which is what I need. When I access webmail.domain.com (even for addon domains), once I ignore the ssl warning it works and the page exists, so no problem with the proxy domain existing. Just can't get the DCV to work. If I run command: /scripts/proxydomains --user=$USER add can I run it as root, and replace "$USER" with the cpanel username? Any other suggestion?0 -
If I run command: /scripts/proxydomains --user=$USER add can I run it as root, and replace "$USER" with the cpanel username?
That's exactly what you should do, though if you can go to webmail.addondomain.tld without issues it's likely that they are added and functioning. Can you show the rewrite rules you have in the .htaccess? There are some issues with proxy subdomains on custom ports are you running just apache or are you using a different webserver? Thank you,0 -
Hi@ - CacheDisable /.well-known maybe I should have an entry for .cpaneldcv?? (as appears in htaccess) Here are my htaccess rewrites including the DCV passthroughs: # SSL Redirect RewriteEngine On RewriteCond %{HTTPS} off RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$ RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$ RewriteRule ^(.*)$ 0 -
Hi @gnetwork-cp If you temporarily disable the rewrite to https are the results any different? 0 -
Hi @gnetwork-cp If you temporarily disable the rewrite to https are the results any different?
No0 -
Thank you, please feel free to open a ticket using the link in my signature so that we can take a closer look. Once you do open a ticket please update this thread with the ticket ID Thank you, 0 -
I solved it, almost... I disabled the mod-cache and it worked! So all I need is to add another entry to mod-cache config and the DCV should bypass cache completely. These are the htaccess entries for bypass: RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$ RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$ I already have this entry in "Service Configuration "Apache Configuration "Include Editor" pre_main_global.conf CacheDisable /.well-known I'm not sure how to form the url entry to disable cache for .cpaneldcv Any idea? 0 -
Hello, That makes sense, I wasn't aware you were using caching, though this line probably should had given it away: # OLD Pre-modcache RewriteRule . /index.php [L]
I'm glad you got it working, though. Disabling caching for ./well-known should encompass the cPanel DCV check since the hash file is stored in /home/$user/public_html(docroot)/.well-known/pki-validation/hash.txt You may want to check the Apache documentation on whether or not it needs to be configured further: mod_cache - Apache HTTP Server Version 2.40 -
Seems to run fine now. I have these 2 lines in the mod-cache config: CacheDisable /.well-known CacheDisable /.cpaneldcv Thanks! 0 -
Hello, Thank you for posting the resolution to the issue and I'm glad to hear it's working for you now. Thank you, 0
Please sign in to leave a comment.
Comments
11 comments