AutoSSL Renew: DNS DCV Returned No "TXT" Record
Last night my server started spamming me with renew failed errors for alot (if not all) of the domains running on my server.
DNS DCV: The DNS query to "_cpanel-dcv-test-record.example.nl" for the DCV challenge returned no "TXT" record that matches the value "_cpanel-dcv-test-record=P41vq7hHOPfatYqayo0grwo4PLrG5NUIOFHnhDkKTeMed5qoeLzoF6m_Z2G1EZnJ".;
HTTP DCV: The system queried for a temporary file at ", but the web server responded with the following error: 404 (Not Found). A DNS (Domain Name System) or web server misconfiguration may exist.
Recently I switched from LetsEncrypt to cPanel's own and when I switched over there also seemed to be no problems. Now that the server is trying to renew the certs I am having problems.
The TXT file is not generated in the user's folder, the folder is.
I had some problems with Mail verification during mail test, so I added a DKIM TXT record for every domain. And changed my exim conf option "Introduce a delay into the SMTP transaction for unknown hosts and messages detected as spam." to OFF to fix SMTP Transation Time timeouts. I doubt it has anything to do with this.
Hope someone can help me out with this, as all the certificates are running out in 5 days.
-
Hello, I received a very similar email message this morning. I have also opened the following CPanel support ticket: Your Support Request ID is: 11836253. I am the domain and site owner. My hosting service uses CPanel version 78. Thank you for your help. 0 -
My hosting provider and CPanel's ticket support resolved my issue. Since I use Cloudflare, I had to pause CF on the particular domain with this issue, run AutoSSL within my domain's CPanel, then resume CF on this domain. It's a little inconvenient that I will have to do this for my domains every 90 days, but oh well... My hosting provider said he thinks that CPanel is working to resolve this issue. Fingers crossed! 0 -
I also ran into this issue today with a domain that uses Cloudflare. I'm not seeing any AAAA records on the server or in the Cloudflare configuration, so not sure what the fix is? 0 -
I also ran into this issue today with a domain that uses Cloudflare. I'm not seeing any AAAA records on the server or in the Cloudflare configuration, so not sure what the fix is?
Hi @Tearabite, Can you share the specific AutoSSL log output from WHM >> Manage AutoSSL for the affected domain? Ensure to paste the output in CODE tags and replace real domain names and IP addresses with examples. Also, please post the output from the command below:cat /usr/local/cpanel/version
Thank you.0 -
Thanks @cPanelMichael We ended up pausing Cloudflare and forcing AutoSSL to renew the certs, so now I have 89 days to prevent it from happening again.. the problem was with the mail.fakeaccount domain. # cat /usr/local/cpanel/version 11.76.0.21 Log for the AutoSSL run for "AfakeAccount": Wednesday, April 3, 2019 1:37:22 PM GMT-0700 (cPanel (powered by Comodo)) 1:37:22 PM AutoSSL"s configured provider is "cPanel (powered by Comodo)". This AutoSSL provider does not poll for certificate availability immediately after a certificate request submission. Instead, it submits certificate requests then periodically polls the cPanel Store for each requested certificate and installs it after a successful retrieval. The system will record all requests, retrievals, and installations for the current AutoSSL run in this log. Checking websites for "AfakeAccount" " 1:37:23 PM Analyzing "xyz.AfakeAccountldie.com" " 1:37:23 PM TLS Status: Incomplete Certificate expiry: 7/2/19, 12:00 AM UTC (89.14 days from now) 1:37:23 PM Analyzing "AfakeAccountldie.com" " 1:37:23 PM TLS Status: Incomplete Certificate expiry: 7/3/19, 12:00 AM UTC (90.14 days from now) 1:37:23 PM Analyzing "fakedomain.AfakeAccountldie.com" " 1:37:23 PM TLS Status: Incomplete Certificate expiry: 7/2/19, 12:00 AM UTC (89.14 days from now) 1:37:23 PM Performing DCV (Domain Control Validation) " 1:37:23 PM Local HTTP DCV OK: xyz.net Local HTTP DCV OK: fakedomain.com WARN Local HTTP DCV error (AfakeAccountldie.com): The system failed to fetch the DCV (Domain Control Validation) file at "http://AfakeAccountldie.com/.well-known/pki-validation/D874BDF309D268528C1C0F74A286447A.txt" because of an error: The system failed to send an HTTP (Hypertext Transfer Protocol) "GET" request to "http://AfakeAccountldie.com/.well-known/pki-validation/D874BDF309D268528C1C0F74A286447A.txt" because of an error: Could not connect to 'AfakeAccountldie.com:80': Network is unreachable . The domain "AfakeAccountldie.com" resolved to an IP address "2606:4700:30:0:0:0:681c:1c55" that does not exist on this server. Local HTTP DCV OK: www.xyz.net (via xyz.net) Local HTTP DCV OK: mail.xyz.net (via xyz.net) Local HTTP DCV OK: www.fakedomain.com (via fakedomain.com) Local HTTP DCV OK: cpanel.xyz.net (via xyz.net) WARN Local HTTP DCV error (www.AfakeAccountldie.com): The system failed to fetch the DCV (Domain Control Validation) file at "http://www.AfakeAccountldie.com/.well-known/pki-validation/B82D8A09038F7028C07D673A9A04BB8A.txt" because of an error (cached): Could not connect to '2606:4700:30:0:0:0:681c:1c55:80': Network is unreachable . Local HTTP DCV OK: mail.fakedomain.com (via fakedomain.com) Local HTTP DCV OK: webdisk.xyz.net (via xyz.net) Local HTTP DCV OK: webmail.xyz.net (via xyz.net) WARN Local HTTP DCV error (mail.AfakeAccountldie.com): The system failed to fetch the DCV (Domain Control Validation) file at "http://mail.AfakeAccountldie.com/.well-known/pki-validation/3482F109F84F13321CFC1F9A0B307517.txt" because of an error (cached): Could not connect to '2606:4700:30:0:0:0:681c:1c55:80': Network is unreachable . Local HTTP DCV OK: cpanel.fakedomain.com (via fakedomain.com) Local HTTP DCV OK: cpanel.AfakeAccountldie.com Local HTTP DCV OK: webdisk.fakedomain.com (via fakedomain.com) Local HTTP DCV OK: webmail.fakedomain.com (via fakedomain.com) Local HTTP DCV OK: webdisk.AfakeAccountldie.com Local HTTP DCV OK: webmail.AfakeAccountldie.com WARN Local HTTP DCV error (xyz.AfakeAccountldie.com): "xyz.AfakeAccountldie.com" does not resolve to any IP addresses on the internet. WARN Local HTTP DCV error (fakedomain.AfakeAccountldie.com): "fakedomain.AfakeAccountldie.com" does not resolve to any IP addresses on the internet. WARN Local HTTP DCV error (www.xyz.AfakeAccountldie.com): "www.xyz.AfakeAccountldie.com" does not resolve to any IP addresses on the internet. WARN Local HTTP DCV error (www.fakedomain.AfakeAccountldie.com): "www.fakedomain.AfakeAccountldie.com" does not resolve to any IP addresses on the internet. 1:37:30 PM ERROR Local DNS DCV error (AfakeAccountldie.com): The DNS query to "_cpanel-dcv-test-record.AfakeAccountldie.com" for the DCV challenge returned no "TXT" record that matches the value "_cpanel-dcv-test-record=pq9DHh15Km0T0tcJIr7wu5f97iigRBUdzPBC65tZmpLdaPt64EhsdPNgVB6VZSjm". ERROR Local DNS DCV error (www.AfakeAccountldie.com): The DNS query to "_cpanel-dcv-test-record.AfakeAccountldie.com" for the DCV challenge returned no "TXT" record that matches the value "_cpanel-dcv-test-record=pq9DHh15Km0T0tcJIr7wu5f97iigRBUdzPBC65tZmpLdaPt64EhsdPNgVB6VZSjm". ERROR Local DNS DCV error (mail.AfakeAccountldie.com): The DNS query to "_cpanel-dcv-test-record.AfakeAccountldie.com" for the DCV challenge returned no "TXT" record that matches the value "_cpanel-dcv-test-record=pq9DHh15Km0T0tcJIr7wu5f97iigRBUdzPBC65tZmpLdaPt64EhsdPNgVB6VZSjm". ERROR Local DNS DCV error (xyz.AfakeAccountldie.com): The DNS query to "_cpanel-dcv-test-record.AfakeAccountldie.com" for the DCV challenge returned no "TXT" record that matches the value "_cpanel-dcv-test-record=pq9DHh15Km0T0tcJIr7wu5f97iigRBUdzPBC65tZmpLdaPt64EhsdPNgVB6VZSjm". ERROR Local DNS DCV error (fakedomain.AfakeAccountldie.com): The DNS query to "_cpanel-dcv-test-record.AfakeAccountldie.com" for the DCV challenge returned no "TXT" record that matches the value "_cpanel-dcv-test-record=pq9DHh15Km0T0tcJIr7wu5f97iigRBUdzPBC65tZmpLdaPt64EhsdPNgVB6VZSjm". ERROR Local DNS DCV error (www.xyz.AfakeAccountldie.com): The DNS query to "_cpanel-dcv-test-record.AfakeAccountldie.com" for the DCV challenge returned no "TXT" record that matches the value "_cpanel-dcv-test-record=pq9DHh15Km0T0tcJIr7wu5f97iigRBUdzPBC65tZmpLdaPt64EhsdPNgVB6VZSjm". ERROR Local DNS DCV error (www.fakedomain.AfakeAccountldie.com): The DNS query to "_cpanel-dcv-test-record.AfakeAccountldie.com" for the DCV challenge returned no "TXT" record that matches the value "_cpanel-dcv-test-record=pq9DHh15Km0T0tcJIr7wu5f97iigRBUdzPBC65tZmpLdaPt64EhsdPNgVB6VZSjm". 1:37:30 PM Analyzing "xyz.AfakeAccountldie.com""s DCV results " 1:37:30 PM ERROR Impediment: NO_UNSECURED_DOMAIN_PASSED_DCV: Every unsecured domain failed DCV. 1:37:30 PM Analyzing "AfakeAccountldie.com""s DCV results " 1:37:30 PM ERROR Impediment: NO_UNSECURED_DOMAIN_PASSED_DCV: Every unsecured domain failed DCV. 1:37:30 PM Analyzing "fakedomain.AfakeAccountldie.com""s DCV results " 1:37:30 PM ERROR Impediment: NO_UNSECURED_DOMAIN_PASSED_DCV: Every unsecured domain failed DCV. 1:37:30 PM The system has completed the AutoSSL check for "AfakeAccount".0 -
WARN Local HTTP DCV error (www.AfakeAccountldie.com): The system failed to fetch the DCV (Domain Control Validation) file at " because of an error (cached): Could not connect to '2606:4700:30:0:0:0:681c:1c55:80': Network is unreachable .
The log output quoted above show that AutoSSL was attempting to connect to an IPv6 address that wasn't reachable. Case CPANEL-25899 fixes this in version 78.0.15: Implemented case CPANEL-25899: Fallback to IPv4 DCV when IPv6 DCV fails for known proxies.# cat /usr/local/cpanel/version 11.76.0.21
Can you verify if the issue persists after updating to cPanel & WHM version 78? Thank you.0 -
Thanks CPM - Any idea (or a link that shows) when V78 will go "Stable" ? 0 -
Any idea (or a link that shows) when V78 will go "Stable" ?
It's tentatively planned for publication next week, but note that publication dates are always subject to change. Thank you.0 -
Hello @Tearabite, Follow-up: cPanel & WHM Version 78 now in STABLE! | cPanel Newsroom Thanks! 0 -
Hi, I am facing the same problem. Is there a fix for this? Auto SSL is not working I removed my site from cloudflare as Pausing cloudflare was not helping too. DNS DCV: The DNS query to "_cpanel-dcv-test-record.example.com" for the DCV challenge returned no "TXT" record that matches the value "_cpanel-dcv-test-record=OeOzLI0jW8SPe5IlzhCV9PxrKF8W8dJXzvaGFQNCAvMRb7wVS4FWgumTkLpzHsYV".; HTTP DCV: The system failed to fetch the DCV (Domain Control Validation) file at " because of an error: The system failed to send an HTTP (Hypertext Transfer Protocol) "GET" request to "http:/example.com/.well-known/pki-validation/E6B28F18B8344CD15DCBD56021490262.txt" because of an error: Timed out while waiting for socket to become ready for reading. Thanks Shahab 0 -
It would be good if cPanel team could resolve this? It used to be great, but now every 90 days we have to "pause cloudflare" proxy settings so that cpanel DCV can run. Is there a permanent solution to this ? Also I always get failures for domains such as these: cpcontacts.example.com cpcalendars.example.com autodiscover.example.com Is there a setting to remove them? I know there is 0 -
It would be good if cPanel team could resolve this? It used to be great, but now every 90 days we have to "pause cloudflare" proxy settings so that cpanel DCV can run. Is there a permanent solution to this ? Also I always get failures for domains such as these: cpcontacts.example.com cpcalendars.example.com autodiscover.example.com Is there a setting to remove them? I know there is
0
Please sign in to leave a comment.
Comments
15 comments