Skip to main content

Autossl does not work for addon domain root name but works with www

jibu
The main domain and the addon DNS are managed externally, however, the A record resolves to a server IP. The autossl DCV works for all except the addon subdomain as it does not have A record in the external DNS zone record. Anyway, the issue is that the AutoSSL gets issued for addon is for CN = www.addondomain.tld, so the SSL does show correctly for addondomain.tld (without www). Below is the autossl log. Log for the AutoSSL run for "user": Tuesday, August 6, 2019 1:39:21 AM GMT+05-30 (cPanel (powered by Sectigo)) 1:39:21 AM AutoSSL"s configured provider is "cPanel (powered by Sectigo)". This AutoSSL provider does not poll for certificate availability immediately after a certificate request submission. Instead, it submits certificate requests then periodically polls the cPanel Store for each requested certificate and installs it after a successful retrieval. The system will record all requests, retrievals, and installations for the current AutoSSL run in this log. Checking websites for "user" " 1:39:22 AM Analyzing "subdomain.domain.tld" " 1:39:22 AM TLS Status: Incomplete Certificate expiry: 10/12/19, 12:00 AM UTC (67.16 days from now) 1:39:22 AM Analyzing "domain.tld" " 1:39:22 AM SUCCESS TLS Status: OK Certificate expiry: 10/12/19, 12:00 AM UTC (67.16 days from now) 1:39:22 AM Performing DCV (Domain Control Validation) " 1:39:22 AM Local HTTP DCV OK: addondomain.tld Local HTTP DCV OK: www.addondomain.tld (via addondomain.tld) Local HTTP DCV OK: mail.addondomain.tld (via addondomain.tld) WARN Local HTTP DCV error (subdomain.domain.tld): "subdomain.domain.tld" does not resolve to any IP addresses on the internet. Local HTTP DCV OK: cpanel.addondomain.tld (via addondomain.tld) Local HTTP DCV OK: webdisk.addondomain.tld (via addondomain.tld) Local HTTP DCV OK: webmail.addondomain.tld (via addondomain.tld) WARN Local HTTP DCV error (www.subdomain.domain.tld): "www.subdomain.domain.tld" does not resolve to any IP addresses on the internet. Local HTTP DCV OK: autodiscover.addondomain.tld (via addondomain.tld) 1:39:29 AM ERROR Local DNS DCV error (subdomain.domain.tld): The DNS query to "_cpanel-dcv-test-record.domain.tld" for the DCV challenge returned no "TXT" record that matches the value "_cpanel-dcv-test-record=c2vwKS3AnmYF0ofadsPgueOq_mrSlvLfdatxoE2sbARrK_ngwsd8b7VTpIZ9yMSQR6". ERROR Local DNS DCV error (www.subdomain.domain.tld): The DNS query to "_cpanel-dcv-test-record.domain.tld" for the DCV challenge returned no "TXT" record that matches the value "_cpanel-dcv-test-record=c2vwKS3AnmYF0oeuPgueOq_mrSlvhseftxoE2sbARrK_ngwsd8b7VTpIZ9yMSQR6". 1:39:29 AM Analyzing "subdomain.domain.tld""s DCV results " 1:39:29 AM local DCV has gained domains ERROR Impediment: SECURED_DOMAIN_DCV_FAILURE: One or more currently-secured domains failed DCV. 1:39:29 AM The system has completed the AutoSSL check for "user".

Comments

3 comments

Date Votes
  • cPanelLauren
    The output you've provided indicates that the domain is clearly passing the dcv check: Local HTTP DCV OK: addondomain.tld Local HTTP DCV OK: www.addondomain.tld (via addondomain.tld) Local HTTP DCV OK: mail.addondomain.tld (via addondomain.tld)
    What isn't passing the domain control validation is a subdomain: 1:39:29 AM ERROR Local DNS DCV error (subdomain.domain.tld): The DNS query to "_cpanel-dcv-test-record.domain.tld" for the DCV challenge returned no "TXT" record that matches the value "_cpanel-dcv-test-record=c2vwKS3AnmYF0ofadsPgueOq_mrSlvLfdatxoE2sbARrK_ngwsd8b7VTpIZ9yMSQR6". ERROR Local DNS DCV error (www.subdomain.domain.tld): The DNS query to "_cpanel-dcv-test-record.domain.tld" for the DCV challenge returned no "TXT" record that matches the value "_cpanel-dcv-test-record=c2vwKS3AnmYF0oeuPgueOq_mrSlvhseftxoE2sbARrK_ngwsd8b7VTpIZ9yMSQR6".
    If you haven't implemented an A record for this subdomain where you have DNS hosted for the root domain then this won't be able to pass.
    0
  • cPanelMichael
    Hello :) We introduced a script in cPanel & WHM version 80 to help troubleshoot these types of issues: Implemented case CPANEL-25062: Add "scripts/cpdig" as a diagnostic tool for DNS lookups. Here's a look at the script's contents: [CODE=perl] #!/usr/local/cpanel/3rdparty/bin/perl # cpanel - scripts/cpdig Copyright 2019 cPanel, L.L.C. # All rights reserved. # copyright@cpanel.net http://cpanel.net # This code is subject to the cPanel license. Unauthorized copying is prohibited package scripts::cpdig; use strict; use warnings; =encoding utf-8 =head1 NAME cpdig =head1 USAGE cpdig =head1 DESCRIPTION This script performs a DNS query using cPanel"s custom DNS resolver. Its output should yield the same end results as C. cPanel provides this script solely for diagnostic purposes; no cPanel & WHM feature requires its use. =cut use parent qw( Cpanel::HelpfulScript ); use Cpanel::DnsRoots::Resolver; use constant _OPTIONS => (); use constant _ACCEPT_UNNAMED => 1; __PACKAGE__->new(@ARGV)->run() if !caller; sub run { my ($self) = @_; my ( $name, $type ) = $self->getopt_unnamed(); die $self->help() if grep { !$_ } $name, $type; my $dns = Cpanel::DnsRoots::Resolver->new(); $self->_print("$_\n") for $dns->recursive_query( $name, $type ); return; } 1;
    For example, to check how a "TXT" record resolves: /scripts/cpdig subdomain.domain.tld TXT
    Or, to check how an "A" record resolves: /scripts/cpdig subdomain.domain.tld A
    Thank you.
    0
  • jibu
    Yes, the domain is definitely passing the DCV and hence this question. The addondomain.tld does not get the SSL active even after the DCV, however the same www.addondomain.tld get the SSL with no issues. Anyway, I had already requested the client to set up A record for the subdomain.maindomain.tld (addondomain's subdomain) and once that resolved, the SSL got active for the addondomain.tld. Thank you Script Michael, this would certainly help us all.
    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post