Using auto signed SSL instead of self signed for one account
Hi, I have many of domains hosted on a VPS with WHM where all of them using SSL free from Cpanel powered by Sectigo, but a new domain didn't get it, and didn't ist in manage hosts, so I've tried to generate self signed SSL and checked autoSSL service but returned with this log
Note: domains are hosted by CloudFlare and local DNS is disabled, any suggestions?
Log for the AutoSSL run for "example": Wednesday, July 17, 2019 1:51:03 PM GMT+0300 (cPanel (powered by Sectigo))
1:51:03 PM AutoSSL"s configured provider is "cPanel (powered by Sectigo)".
This AutoSSL provider does not poll for certificate availability immediately after a certificate request submission. Instead, it submits certificate requests then periodically polls the cPanel Store for each requested certificate and installs it after a successful retrieval. The system will record all requests, retrievals, and installations for the current AutoSSL run in this log.
Checking websites for "example" "
1:51:03 PM Analyzing "example.com" "
1:51:03 PM ERROR TLS Status: Defective
Certificate expiry: 7/16/20, 10:49 AM UTC (365 days from now)
ERROR Defect: OPENSSL_VERIFY: The certificate chain failed OpenSSL"s verification (0:18:DEPTH_ZERO_SELF_SIGNED_CERT).
1:51:03 PM Performing DCV (Domain Control Validation) "
1:51:09 PM Redirection #1 (example.com): http://example.com/.well-known/pki-validation/6DE78F11B9483ED397F98719E9C9A884.txt ? https://example.com/.well-known/pki-validation/6DE78F11B9483ED397F98719E9C9A884.txt
WARN Local HTTP DCV error (example.com): "cPanel (powered by Sectigo)" forbids DCV HTTP redirections.
1:51:14 PM Redirection #1 (www.example.com): http://www.example.com/.well-known/pki-validation/C04558E8197527B9F1AF5F2830F5F3D5.txt ? https://www.example.com/.well-known/pki-validation/C04558E8197527B9F1AF5F2830F5F3D5.txt
WARN Local HTTP DCV error (www.example.com): "cPanel (powered by Sectigo)" forbids DCV HTTP redirections.
WARN Local HTTP DCV error (mail.example.com): "mail.example.com" does not resolve to any IP addresses on the internet.
1:51:21 PM ERROR Local DNS DCV error (example.com): The DNS query to "_cpanel-dcv-test-record.example.com" for the DCV challenge returned no "TXT" record that matches the value "_cpanel-dcv-test-record=DPcCcG2xQVbTjetHCm8zCTV7y49NRP1GpSyxmVaBvUDcw30Yn4bUDe2qTM5fQkmn".
ERROR Local DNS DCV error (www.example.com): The DNS query to "_cpanel-dcv-test-record.example.com" for the DCV challenge returned no "TXT" record that matches the value "_cpanel-dcv-test-record=DPcCcG2xQVbTjetHCm8zCTV7y49NRP1GpSyxmVaBvUDcw30Yn4bUDe2qTM5fQkmn".
ERROR Local DNS DCV error (mail.example.com): The DNS query to "_cpanel-dcv-test-record.example.com" for the DCV challenge returned no "TXT" record that matches the value "_cpanel-dcv-test-record=DPcCcG2xQVbTjetHCm8zCTV7y49NRP1GpSyxmVaBvUDcw30Yn4bUDe2qTM5fQkmn".
1:51:21 PM Analyzing "example.com""s DCV results "
1:51:21 PM ERROR Impediment: TOTAL_DCV_FAILURE: Every domain failed DCV.
1:51:21 PM The system has completed the AutoSSL check for "example".Note: domains are hosted by CloudFlare and local DNS is disabled, any suggestions?
-
I've tried to run autossl for all domains since some of them will expired 21-Jul, but all of these domains will expired soon give the same error, that domain doesn't point to this server, is there any suggestions? 0 -
I've tried to disable proxy over CloudFlare (Orange Cloud Icon) and it works well to renew SSL, is there any way to override this rather than do it every time need to renew SSL? 0 -
Hello @m.eid, Is CloudFlare configured to redirect or forward all HTTP requests to HTTPS for the affected domain? If so, that's likely what's leading to the AutoSSL DCV failure noted below: WARN Local HTTP DCV error (example.tld): "cPanel (powered by Sectigo)" forbids DCV HTTP redirections.
Thank you.0
Please sign in to leave a comment.
Comments
3 comments