LetsEncrypt HTTP CDV Fails
On my WHM 74.0.9 server I have added a domain which is using an external DNS (not part of my DNS cluster etc), let's say the domain is example.com
When I run auto SSL for this user it fails with the following...
3:45:21 PM WARN "Let"s Encrypt"" DCV error (www.example.com): Invalid response from http://www.example.com/.well-known/acme-challenge/vUAVMKeA-Bh78yYYlCrEpP7K9bY-UN1xp1muD8HeaxY: " \n
- I cannot use DNS validation because the domain uses external name servers
- Both the top level and www CNAME records point to the correct IP
- When trying this the .well-known/acme-challenge folder is created succesfully
- If I put a text file into .well-known/acme-challenge I can access it via a web browser
- There's no .htaccess file in public_html or any of its parent directories
- I've tested this with a completely empty public_html directory and get the same result
Can anyone help me out on this?-
It does indeed seem that Let's Encrypt is experiencing some form of DNS issue with the domain. That response indicates that it's not able to query the hash in the acme-challenge folder. If it's not responding with that there's either something denying it or there's a DNS related issue. You can see if it's reaching your server by checking the domain's access logs the response code it's getting when it checks may also be helpful as well. 0 -
I tried this again and checked the access logs... There are two lines which reference the acme-challenge URLs. I do however believe that these are for an addon domain that's in place which does seem to be correctly getting an SSL certificate. XXX.XXX.XXX.XXX - - [06/Nov/2018:12:15:12 +0000] "GET /.well-known/acme-challenge/XXXX HTTP/1.1" 200 64 "-" "Cpanel-HTTP-Client/1.0" XXX.XXX.XXX.XXX - - [06/Nov/2018:12:15:20 +0000] "GET /.well-known/acme-challenge/XXXX HTTP/1.1" 200 64 "-" "Cpanel-HTTP-Client/1.0"
" In the log in WHM it's got this...12:16:00 PM WARN "Let"s Encrypt"" DCV error (www.example.co.uk): Invalid response from http://www.example.co.uk/.well-known/acme-challenge/XXXX: " \n \n
I've searched for those acme challenge files in the access_log files for the example.co.uk and there's no mentioned of them. I've also searched for these in /usr/local/apache/logs/access_log and again nothing. I then tried pinging the domain from the web server with and without the www and both correctly resolve to the servers IP so I know the domain isn't pointing elsewhere. I don't know what else to try?0 -
Another bit of information... I copied one of the acme-challenge URLs from the log output and pasted this into my browser. Whilst it expectedly returned a 404 it did immediately show up in the access_log for that domain. So it seems that cPanel is not actually calling the URL. According to the AutoSSL log file it's returning a HTML response - which I do not recognise. 0 -
Can you please open a ticket using the link in my signature? Once open please reply with the Ticket ID here so that we can update this thread with the resolution once the ticket is resolved. Thanks! 0 -
Ticket opened with ID 10724103 0 -
Hi @MichaelGMorgan Thanks for opening the ticket, I've added some notes to it and I'm watching it. As soon as there's an update/resolution I'll update this thread with the information. Thanks! 0 -
Hi @MichaelGMorgan I just checked in on this and it looks like the issue has now been resolved. The cause of the issue appears to be related to an IPv6 record that was assigned to the domain but not present on the server. This resulted in an internal case being filed CPANEL-23969. The case has since been resolved though and it is indicated that our development team will not fix this as it is not the intention of our development to allow a workaround in AutoSSL for domains without valid A and AAAA records. 0
Please sign in to leave a comment.
Comments
7 comments