DNS Round Robin & AutoSSL Issues
Hello. I have a DNS Round Robin setup between two cPanel WHM servers.
I have a DNS cluster with 2 A records for each domain pointing to two different hosts.
example.com
@ IN A 111.111.1.1
@ IN A 222.222.2.2
When running AutoSSL I come across issues relating to DCV. When I run AutoSSL on cPanel WHM 111.111.1.1 I get this error:
I get the same error, but reverse IP when running from 222.222.2.2 I have around a hundred domains on these accounts and to revert the DNS records for every one of them every 3 months is a horrendous amount of work. I've looked into Apache proxy, but it doesn't appear to be any way to centralize the .well-known path so I can set up a proxy pass to one server or the other. I can't be the only one with this issue, I've searched nearly all day and can't find any viable solution that will allow me to use the "AutoSSL" without worrying every 3 months.
WARN Local HTTP DCV error (example.com): The system queried for a temporary file at "http://example.com/.well-known/acme-challenge/F1XS5N12SRNDF2CI8DL33JZWJEIADQGS", but the web server responded with the following error: 404 (Not Found). A DNS (Domain Name System) or web server misconfiguration may exist. The domain "example.com" resolved to an IP address "222.222.2.2" that does not exist on this server.I get the same error, but reverse IP when running from 222.222.2.2 I have around a hundred domains on these accounts and to revert the DNS records for every one of them every 3 months is a horrendous amount of work. I've looked into Apache proxy, but it doesn't appear to be any way to centralize the .well-known path so I can set up a proxy pass to one server or the other. I can't be the only one with this issue, I've searched nearly all day and can't find any viable solution that will allow me to use the "AutoSSL" without worrying every 3 months.
-
Perhaps set up something to automatically generate /etc/hosts entries for the domains on your server to force the servers to only resolve the domains to themselves. External traffic will be round-robin as expected, but traffic originating from the servers will be local. That seems like the easiest solution and can be implemented via a function hook. The only way I'd imagine a proxy pass would work is if you're using something like nginx in front of Apache, and set it to direct .well-known to a specific IP. 0 -
Hi @Emirii Do your AutoSSL logs note anything about a DNS DCV check? If you're running cPanel v74 this feature should be available to you and I'm curious if this will alleviate the issues you're experiencing with HTTP DCV checks 0
Please sign in to leave a comment.
Comments
2 comments