AutoSSL cPanel Certificates Failing With NGINX Reverse Proxy
Hi cPanel Community,
I am having some trouble with AutoSSL cPanel certificates using NGINX as a reverse proxy.
Firstly, using the below include file:
I get the following error for the domain when running AutoSSL: [QUOTE] DNS DCV: The DNS query to "_cpanel-dcv-test-record.novasec.co.za" for the DCV challenge returned no "TXT" record that matches the value "_cpanel-dcv-test-record=OqvRoqrufUhwz2ZW0UD1KtLZlOO2VzXkDVkHoENuGjFzI8koWTeSGfNA3p6Gy_5b".; HTTP DCV: "cPanel (powered by Sectigo)" forbids DCV HTTP redirections.
As it turns out, AutoSSL won"t run with the above
redirection configured, which I had to use as
also doesn"t work with NGINX. This means that I will have to disable redirection every time a certificate has to be renewed. Secondly, AutoSSL also fails for service subdomains when using NGINX with the following error: [QUOTE] DNS DCV: The DNS query to "_cpanel-dcv-test-record.novacloudsa.co.za" for the DCV challenge returned no "TXT" record that matches the value "_cpanel-dcv-test-record=PYUV2b4zl7IsvBrt4oJZDLr8H6g68_fAfA0AZBu7bUBO6VdrszW9zGMIOk30y7WD".; HTTP DCV: The system failed to fetch the DCV (Domain Control Validation) file at " because of an error: The system failed to send an HTTP (Hypertext Transfer Protocol) "GET" request to " because of an error: (XID hnpasa) The response exceeded the maximum length (16 KB). ( ") at /usr/local/cpanel/Cpanel/SSL/DCV.pm line 657..
I"m really hoping to get the above issues resolved, as I have been unsuccessful in reverse proxying our ZKTeco ZKBioSecurity servers using Apache. It breaks the WebUI completely for some reason. With PowerDNS working as a recursor, this is the only outstanding requirement to start using cPanel as a full-fledged web hosting server.
if ($scheme = http) {
return 301 https://$host$request_uri;
}
server_name example.com www.example.com;
location / {
proxy_pass http://192.168.0.1:8080;
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
}I get the following error for the domain when running AutoSSL: [QUOTE] DNS DCV: The DNS query to "_cpanel-dcv-test-record.novasec.co.za" for the DCV challenge returned no "TXT" record that matches the value "_cpanel-dcv-test-record=OqvRoqrufUhwz2ZW0UD1KtLZlOO2VzXkDVkHoENuGjFzI8koWTeSGfNA3p6Gy_5b".; HTTP DCV: "cPanel (powered by Sectigo)" forbids DCV HTTP redirections.
As it turns out, AutoSSL won"t run with the above
return 301 https://$host$request_uri;redirection configured, which I had to use as
Force HTTPS Redirectalso doesn"t work with NGINX. This means that I will have to disable redirection every time a certificate has to be renewed. Secondly, AutoSSL also fails for service subdomains when using NGINX with the following error: [QUOTE] DNS DCV: The DNS query to "_cpanel-dcv-test-record.novacloudsa.co.za" for the DCV challenge returned no "TXT" record that matches the value "_cpanel-dcv-test-record=PYUV2b4zl7IsvBrt4oJZDLr8H6g68_fAfA0AZBu7bUBO6VdrszW9zGMIOk30y7WD".; HTTP DCV: The system failed to fetch the DCV (Domain Control Validation) file at " because of an error: The system failed to send an HTTP (Hypertext Transfer Protocol) "GET" request to " because of an error: (XID hnpasa) The response exceeded the maximum length (16 KB). ( ") at /usr/local/cpanel/Cpanel/SSL/DCV.pm line 657..
I"m really hoping to get the above issues resolved, as I have been unsuccessful in reverse proxying our ZKTeco ZKBioSecurity servers using Apache. It breaks the WebUI completely for some reason. With PowerDNS working as a recursor, this is the only outstanding requirement to start using cPanel as a full-fledged web hosting server.
Please sign in to leave a comment.
Comments
0 comments