autossl_check creates alerts I wish to prevent

eitanc

• November 21, 2020 04:49

I use the latest cpanel, 90.0.17 and latest centos 7 kernel. I get alert emails of: Subject: Cron /usr/local/cpanel/bin/autossl_check --all Body (one sample): [1605954554] libunbound[26582:0] info: response for domain.com. A IN [1605954554] libunbound[26582:0] info: reply from 128.139.34.240#53 [1605954554] libunbound[26582:0] info: query response was REFERRAL Other back samples: [1605889758] libunbound[15561:0] info: response for nsb.ns.il. AAAA IN [1605889758] libunbound[15561:0] info: reply from 128.139.34.240#53 [1605889758] libunbound[15561:0] info: query response was nodata ANSWER [1605846556] libunbound[17473:0] info: response for lmd.mind.org.il. AAAA IN [1605846556] libunbound[17473:0] info: reply from 37.48.76.24#53 [1605846556] libunbound[17473:0] info: query response was NXDOMAIN ANSWER [1605846556] libunbound[17473:0] info: response for ns2.mind.org.il. AAAA IN [1605846556] libunbound[17473:0] info: reply from 37.48.76.25#53 [1605846556] libunbound[17473:0] info: query response was nodata ANSWER [1605846556] libunbound[17473:0] info: response for ns1.mind.org.il. AAAA IN [1605846556] libunbound[17473:0] info: reply from 37.48.76.24#53 [1605846556] libunbound[17473:0] info: query response was nodata ANSWER And this is even in the time that no cert is up to be renewed. How can I prevent these errors from being sent to me? or even get created in the first place? Thanks.

• 

  cPRex Jurassic Moderator

  • November 21, 2020 21:05

  Hey there! Usually when we see "libunbound" errors, that indicates a network problem of some sort. Even though a certificate may not be up for renewal, thi indicates that some of the basic checks are failing to complete. Can you try working through this article here to see if that gets you more information? How to diagnose AutoSSL issues using /scripts/cpdig

  0
• 

  eitanc

  • November 21, 2020 21:06

  Will do, thanks!!

  0
• 

  eitanc

  • November 22, 2020 11:07

  I have a several domain names that does not have an A DNS records to keep them hidden and I add it only for the cert renew event, so it may be the reason for these messages. My issue with these messages is that they do no mention the name of the domain they tried to check the cert renew for - so I cannot tell which domains to look into. Is there a way to make the domain name show in theses messages?

  0
• 

  cPRex Jurassic Moderator

  • November 23, 2020 12:29

  I did see some ".il' domains listed in your original reply before I edited those. Are those not domains that are actively setup on your machine?

  0
• 

  eitanc

  • November 23, 2020 12:35

  Most of them are OK and public but one is for tests so I removed its A record to avoid attacks

  0
• 

  cPRex Jurassic Moderator

  • November 23, 2020 12:46

  That sounds good. If there's still issues you can't explain it might be best to open a ticket so we can check that command on our end and do some additional testing. If you do decide to open a ticket, please post the number here so we can all follow along, and I can provide an update once the issue is resolved.

  0
• 

  eitanc

  • November 23, 2020 12:53

  Sure, will do, thanks

  0

Please sign in to leave a comment.