Skip to main content

ERROR SSL INSTALL: TLS Status: Defective

marcelo falcao
Hi. I've tried installing Auto SSL on Cpanel for my domain. The process has been in the pending list for a long time. When I checked the logs, I see this error: 12:26:44 PM ERROR TLS Status: Defect ERROR Defect: NO_SSL: No SSL certificate is installed. See the screenshot. Any suggestion? Thank you in advance.

Comments

3 comments

Date Votes
  • cPanelLauren
    Hi @marcelo falcao Based on the screenshot you've provided it appears that the SSL certificate is waiting to be processed. What is the output you get when running the following: /usr/local/cpanel/bin/autossl_check_cpstore_queue --force
    Thanks!
    0
  • marcelo falcao
    Hi! Thanks, but i receive this message: Polling for "username"s new certificate for "domain.com.br" (order item ID "1234567") " The certificate is not available. (processing)
    0
  • cPanelLauren
    Hi @marcelo falcao The Order Item ID was edited to not contain personally identifying information but in viewing the pre-edit version I looked up the certificate and found that it is not passing the DCV check due to the following: Action: CNAME @192.168.XXX.181 _5851163161427c1308bab4dc0a2e8980.domain.com.br. Outcome: read udp 192.168.XXX.61:45077->192.168.XXX.181:53: i/o timeout Status: ERROR Action: CNAME @192.168.XXX.182 _5851163161427c1308bab4dc0a2e8980.domain.com.br. Outcome: read udp 192.168.XXX.61:56422->192.168.XXX.182:53: i/o timeout Status: ERROR Action: GET http://domain.com.br/.well-known/pki-validation/hash.txt Outcome: Get http://domain.com.br/.well-known/pki-validation/hash.txt: dial tcp: lookup domain.com.br on 10.255.XXX.2:53: read udp 192.168.XXX.61:42699->10.255.XX.2:53: i/o timeout Status: FAILED
    Note that all IP's listed are internal IP addresses. It would seem that you're NAT routing has a misconfiguration. I'm also not able to query your domain's IP address: $ dig a domain.com.br ; <<>> DiG 9.10.6 <<>> a domain.com.br ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 5395 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1280 ;; QUESTION SECTION: ;domain.com.br. IN A ;; Query time: 2 msec ;; SERVER: 208.74.121.50#53(208.74.121.50) ;; WHEN: Mon Jul 23 07:36:59 CDT 2018 ;; MSG SIZE rcvd: 49
    Please note that I used your actual domain for this. I also looked up the domain's nameservers which also don't resolve. Our documentation on NAT configurations may be helpful 1:1 NAT - Version 72 Documentation - cPanel Documentation if you've exhausted the options within the documentation and your domain still does not resolve you would need to contact your provider for further assistance. Thanks!
    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post