[CPANEL-27188] AutoSSL - issues with gov.co domains

mateita

• May 15, 2019 23:58

Hello We released 78.0.23 which included a fix for this issue, the case is also listed in the changelogs. You can check them here:

• 

  cPanelLauren

  • May 16, 2019 14:39

  Hello @mateita That's actually a separate issue related to upstream DNS issues specific to gov.co domains. To look into this further you'll need to discuss the issue with your registrar.

  0
• 

  mateita

  • May 28, 2019 22:30

  Hello @mateita That's actually a separate issue related to upstream DNS issues specific to gov.co domains. To look into this further you'll need to discuss the issue with your registrar.

  
  Hello, The registrar for the .gov.co domains for the government of Colombia (Cointernet) answers the following: (1) The main problem for the SSL validation is the script that is being used for it, by the DNS provider/hosting/certificates of yours, since said script assumes - erroneously - that there are name servers (NS's) specific/separate for the GOV.CO zone, which is incorrect, as all domains under GOV.CO are within the (root) zone of ".CO" (2) From what is indicated in number (1), when this script was made to validate the domain XYZ.GOV.CO (for example), the following happens: (i) The paragraph .CO = the NS Query script finds them OK (ii) Query of NS for GOV.CO = the script FAIL because GOV.CO is not a delegated zone (XYZ.GOV.CO is registered directly in the [root] zone .CO) (iii) For XYZ.GOV.CO of NS Query = the script does not arrive, from the ERROR of step (ii) This has been happening for more than 40 days with the new certificates or certificate renewals of .gov.co domains in different servers with cPanel. The installed version is the latest v78.0.24. Regards

  0
• 

  cPanelLauren

  • May 29, 2019 15:21

  Hi @mateita Since this is a completely separate issue than the previous thread I've moved this out to its own thread. I've added your latest response to the internal case we have to track this issue. If/when it is transitioned to a cPanel case as opposed to an upstream case I'll update here. I'll also update here with any new information as it becomes available.

  0
• 

  mateita

  • June 10, 2019 17:20

  Hi @mateita Since this is a completely separate issue than the previous thread I've moved this out to its own thread. I've added your latest response to the internal case we have to track this issue. If/when it is transitioned to a cPanel case as opposed to an upstream case I'll update here. I'll also update here with any new information as it becomes available.

  
  Hello, Is there any progress on this issue ?.

  0
• 

  cPanelLauren

  • June 10, 2019 17:42

  Hello @mateita Unfortunately no, there is no update as of right now though there is an internal case now opened for this CPANEL-27188 I'm adding that case to this thread and I'll update when there is more information but as of now, there has been no movement on either case.

  0
• 

  hmartian

  • June 26, 2019 06:29

  I have the same problem with .gov.co domains. When getting nameservers using DnsRoots perl module it returns a void result. /usr/local/cpanel/3rdparty/bin/perl -MCpanel::DnsRoots -MData::Dumper -e 'print Dumper(Cpanel::DnsRoots->new()->get_nameservers_for_domain("x.gov.co"));' $VAR1 = {};
  But if we try with a .edu.co domain it returns the right result. root@wserver [~]# /usr/local/cpanel/3rdparty/bin/perl -MCpanel::DnsRoots -MData::Dumper -e 'print Dumper(Cpanel::DnsRoots->new()->get_nameservers_for_domain("edu.co"));' $VAR1 = { 'ns6.cctld.co' => '156.154.xxx.xx', 'ns3.cctld.co' => '156.154.xxx.xx', 'ns4.cctld.co' => '156.154.xxx.xx', 'ns5.cctld.co' => '156.154.xxx.xx', 'ns1.cctld.co' => '156.154.xxx.xx', 'ns2.cctld.co' => '156.154.xxx.xx' };
  

  0
• 

  cPanelLauren

  • June 26, 2019 20:10

  This is an issue with only gov.co domains as far as I am aware no other TLD's were affected. The issue remains unresolved at this time as well.

  0
• 

  Oscar Serrano

  • July 17, 2019 11:16

  Dear cPanel, we really need to fix this issue with .GOV domains. We just cant purchase individual certificates and install them manually on every single .GOV client account. How can web renew expired domain if the autoSSL feature wont issue a new certificate.

  0
• 

  cPanelLauren

  • August 06, 2019 18:47

  Hey guys, I'm really excited to let you all know that we've made some changes in how we're doing DNS resolution and we've got a resolution for this issue in testing right now. We're looking at v84 of cPanel/WHM for this to be included in the product. I'll update here again when this is added into a RELEASE version or if there is any new information in relation to this. Thanks!

  0
• 

  alegreiff

  • September 13, 2019 20:32

  Hey guys, I'm really excited to let you all know that we've made some changes in how we're doing DNS resolution and we've got a resolution for this issue in testing right now. We're looking at v84 of cPanel/WHM for this to be included in the product. I'll update here again when this is added into a RELEASE version or if there is any new information in relation to this. Thanks!

  
  When will be the release v84 installed?

  0
• 

  cPanelLauren

  • September 13, 2019 21:12

  This version is in EDGE right now and I'd expect a few weeks before it's put into RELEASE.

  0
• 

  Oscar Serrano

  • September 24, 2019 10:36

  It's really incredible all the time that cPanel takes to solve this issue. It looks like you guys wont take this problem seriously. We justa cant afford to purchase individual SSL certificates for all our .gov.co clients. If you guys have this problem identified and fixed, you should consider release a fix asap. Please let us know any eta so we can provide a serious answer to our clients.

  0
• 

  cPanelLauren

  • December 13, 2019 21:40

  Hello, I am sorry for the delay on this but this issue was marked as resolved in the release of cPanel 84 and is referenced in the changelogs here:

  0

Please sign in to leave a comment.