DCV challenge returned no TXT record error
Hi
I get the following error message from cpanel that it cannot renew some certificates. I looked arround this forum and found some similar posts but i cannot figure out how to fix this.
Thanks in advance, Peter
DNS DCV: The DNS query to "_cpanel-dcv-test-record.example.nl" for the DCV challenge returned no "TXT" record that matches the value "_cpanel-dcv-test-record=qjtv4DOsJ2ItpmbSzWK78GFEwjgixNPBCE9UsOpR3A9YLbNs67gyUqusxSoYvpxG".; HTTP DCV: The system queried for a temporary file at "http://example.nl/.well-known/pki-validation/48B419CDA5C14A4EC5AFDDC596E35B44.txt", but the web server responded with the following error: 404 (Not Found). A DNS (Domain Name System) or web server misconfiguration may exist.
Thanks in advance, Peter
-
Hello @Peterv3210 This is happening because not only does the DCV fall back fail to validate that your domain resolves to your server but it's also unable to validate the txt file. The latter is done with a curl request. You can try this as well by running the following: curl -kvv http://domain.tld/.well-known/pki-validation/test.txt
The results of that usually give me a good idea of how things went wrong. In a lot of cases, similar to this one there's something in the .htaccess or a DNS issue preventing the checks from completing0 -
Hi, Thanks for your reply I ran through all the steps in the " 404 Not Found Not Found
The requested URL /.well-known/pki-validation/3B85B33EE5D584F73669975E04F8090E.txt was not found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Apache/2.4.38 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4 Server at example.nl Port 80 * Connection #0 to host example.nl left intact
I also tried to change the htaccess with or without the RewriteCond file but to no avail. Peter0 -
That hash file is removed a lot of the time as soon as the DCV check is requested, this is why I noted that you should use a test.txt file, you can just create an empty one and place it in the pki-validation directory. Can you do that and try again? 0 -
Hi @cPanelLauren, I ran it again, but unfortunately with the same result: 404 Not FoundNot Found
The requested URL /.well-known/pki-validation/test.txt was not found on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Apache/2.4.38 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4 Server at example.nl Port 800 -
Hi @Peterv3210 Just to confirm you created the test.txt file first right? Are you aware of any customizations/includes that would affect the hostname vhost? You can check this at WHM>>Service Configuration>>Apache Configuration -> Include Editor 0 -
Hi @cPanelLauren, Sorry i wasn't aware that i had to create the file manually, thought the .htaccess would handle that. When I run the curl request with the manually created test.text the result is: * Trying 123.456.789.000... * Connected to example.nl (123.456.789.000) port 80 (#0) > GET /.well-known/pki-validation/test.txt HTTP/1.1 > Host: example.nl > User-Agent: curl/7.43.0 > Accept: */* > < HTTP/1.1 200 OK < Date: Sat, 09 Feb 2019 07:20:45 GMT < Server: Apache/2.4.38 (cPanel) OpenSSL/1.0.2q mod_bwlimited/1.4 < Last-Modified: Sat, 09 Feb 2019 07:20:15 GMT < ETag: "0-58170e839e24d" < Accept-Ranges: bytes < Content-Length: 0 < Content-Type: text/plain < * Connection #0 to host example.nl left intact
When checking WHM>>Service Configuration>>Apache Configuration -> Include Editor, the Pre Main Include, Pre Virtual Host Include, Post Virtual Host Include all have the dropdown set to "Select an Apache Version"0 -
Hi @Peterv3210 Sorry i wasn't aware that i had to create the file manually, thought the .htaccess would handle that.
I'm only having you test so the system would not be involved in this. Based on the test.txt curl request it should be able to connect, the 200 response indicates that the request was successful. What's actually in your .htaccess for that domain?When checking WHM>>Service Configuration>>Apache Configuration -> Include Editor, the Pre Main Include, Pre Virtual Host Include, Post Virtual Host Include all have the dropdown set to "Select an Apache Version"
You'd need to choose the Apache version currently on the system. In most cases this is apache 2.40 -
Hi @cPanelLauren, What's actually in your .htaccess for that domain?
My .htaccess file is as follows: (Because of the problems with the certificate I had to comment-out the ssl part, i tried it with and without)RewriteEngine On #RewriteCond %{HTTPS} off [OR] #RewriteCond %{HTTP_HOST} !^example\.nl$ [NC] #RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$ #RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$ #RewriteRule ^ https://example.nl%{REQUEST_URI} [R=301,L,NE] RewriteBase / RewriteRule ^index\.html$ - [L] RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$ RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$ RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.html [L]
You'd need to choose the Apache version currently on the system. In most cases this is apache 2.4
When choosing the 2.4.38 (in my case) and after the restart of apache the dropdown is set back to "Select an Apache Version"0 -
Hi @Peterv3210 I think at this point it's going to just be best if we are able to investigate this with access to the server. Can you please open a ticket using the link in my signature? Once open please reply with the Ticket ID here so that we can update this thread with the resolution once the ticket is resolved. Thanks! 0 -
@cPanelLauren, The suppport ticket id is: 11410755 0 -
Hi @Peterv3210 Thanks! I'm watching that ticket for you and I'll update here when it's resolved. 0
Please sign in to leave a comment.
Comments
11 comments