Skip to main content

Let's Encrypt DCV error external DNS

go4
Hi, Have read similar threads but am unable to find a solution to get a Let's Encrypt cert to issue on a newly created account. Details
  • DNS is managed externally (A record pointing to our server's IP address)
  • I understand that there can be warnings with external DNS but that http validation should do the trick
  • We have at least one other account on the same server where the DNS is managed in exactly the same way at exactly the same place and although logs show warnings the cert issues and renews fine so I'm wondering if something in a recent cpanel update has changed around the validation process for initial cert issue?
7:32:15 AM ERROR TLS Status: Defective Certificate expiry: 6/24/20, 1:14 AM UTC (364.15 days from now) ERROR Defect: OPENSSL_VERIFY: The certificate chain failed OpenSSL"s verification (0:18:DEPTH_ZERO_SELF_SIGNED_CERT). 7:32:15 AM Performing DCV (Domain Control Validation) " 7:32:15 AM WARN Local HTTP DCV error (xxx.com): The system failed to fetch the DCV (Domain Control Validation) file at "xxx.com/.well-known/acme-challenge/M084TGF8FLQ0AL-T2AGDKX7Z3YP5OOU0" because of an error: The system failed to send an HTTP (Hypertext Transfer Protocol) "GET" request to "xxx.com/.well-known/acme-challenge/M084TGF8FLQ0AL-T2AGDKX7Z3YP5OOU0" because of an error: Could not connect to 'xxx.com': Network is unreachable. The domain "xxx.com" resolved to an IP address "2404:8280:a222:bbbb:bba1:66:ffff:ffff" that does not exist on this server. ... etc ...
7:32:22 AM ERROR Local DNS DCV error (xxx.com): The DNS query to "_cpanel-dcv-test-record.xxx.com" for the DCV challenge returned no "TXT" record that matches the value "_cpanel-dcv-test-record=QADkAmKzpLEPSvXi61hntoIk0gsRO5_EN2qmKHwG_wkzwwbnQqoVXBT663YgN_Xp". ... etc ...
Any help appreciated.

Comments

2 comments

Date Votes
  • go4
    Update: fixed. For anyone with similar issues the problem in this case was that the account had IPv6 addresses set in the DNS on the external provider and these were causing the validation to fail.
    0
  • cPanelLauren
    Hello @go4 I'm glad to see you were able to find a resolution for this and thank you so much for updating the thread with the solution that worked for you.
    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post