The certificate chain failed OpenSSLs verification

meeven

June 12, 2018 08:39

I am trying to install SSL on a domain recently migrated from a Hostgator cPanel server and having its DNS hosted externally. On checking the logs, I got the following errors:


Log for the AutoSSL run for "clientdomain": Tuesday, June 12, 2018 6:48:56 PM GMT+05-30 (Let"s Encrypt")
 6:48:56 PM AutoSSL"s configured provider is "Let"s Encrypt"".
 Checking websites for "clientdomain" "
 6:48:56 PM Checking "clientdomain.com" "
 6:48:56 PM ERROR TLS Status: Defective
 Certificate expiry: 5/31/19, 2:20 AM UTC (352.54 days from now)
 ERROR Defect: OPENSSL_VERIFY: The certificate chain failed OpenSSL"s verification (0:18:DEPTH_ZERO_SELF_SIGNED_CERT).
 6:49:03 PM WARN "Let"s Encrypt"" DCV error (clientdomain.com): Invalid response from http://clientdomain.com/.well-known/acme-challenge/8IEZMOStz-0mjNo8pVeFSy7BBrKhSkevS3n76i4bHA4: "             



I checked the /home/username/public_html/.well-known/acme-challenge folder and didn't find any of the files listed in the error message above, if that's what they are.

It would be very helpful to know exactly what the problem is, here and fix it.

Comments

5 comments

cPanelLauren

June 12, 2018 18:03
Hello, Does the domain have an AAAA record or is it by chance using IPv6? If so can you confirm that the IPv6 address resolves to the server? Furthermore, if you switch to the Comodo provider rather than the Let's Encrypt provider do you continue to receive the same error? Thanks!
0
meeven

June 13, 2018 07:07
Does the domain have an AAAA record or is it by chance using IPv6? If so can you confirm that the IPv6 address resolves to the server? Furthermore, if you switch to the Comodo provider rather than the Let's Encrypt provider do you continue to receive the same error?

@cPanelLauren, thanks for editing the title of my post! I couldn't find a way to do it myself.:) To answer your question, yes, the domain has an AAAA record at the external DNS provider for both the root domain and the www domain. And, the IPV6 address does resolve to the server FQDN. I also checked the Basic Config section WHM setup and both the IPv4 and IPv6 addresses are bound to the server. The only non-standard thing about the domain's config (in fact, all domains on the server) is that it uses external DNS, via Linode DNS manager. About using Comodo as the provider, I am not sure what impact this might have. Is this safe to change?
0
cPanelLauren

June 13, 2018 13:09
Hi @meeven It is safe to change though it will update the certificate on any domains to Comodo SSL's if they don't currently have certificates.
0
meeven

June 15, 2018 03:34
@cPanelLauren, I was able to get this sorted out, thanks to cPanel tech support. The solution is to assign the IPv6 address to the domain using the WHM " "Assign IPv6 Address" interface and then run LetsEncrypt for the domain again.
0
cPanelLauren

June 15, 2018 11:59
Hi @meeven Glad to hear you were able to get the issue sorted out! Thanks for letting us know what the resolution was. Thanks!
0

Please sign in to leave a comment.

Comments

Didn't find what you were looking for?