Primary Domain (No Valid Certificate)
Hello, we have a server with several websites that you can use distinctively.
One of the sites has an SSL certificate from Cpanel, as is the following image.
![]()
But we wanted to install the certificate on another domain, but the process failed, he says.
Primary Domain (No Valid Certificate)
![]()
Which forced us to install cloudflare certificate.
Is it possible to solve this problem and install a free ssl certificate from the cPanal for the last domain?
Thanks in advance.
-
Hey there! There is no reason you couldn't use the free AutoSSL tools for every domain on the machine. cPanel will not overwrite the existing SSL by default, so you would have to remove it before attempting to set up the SSL using cPanel. If you visit WHM >> Manage AutoSSL you would be able to view the SSL logs to see if there is an issue. You can also run the following command on the server to try and issue just the one certificate, which may give you logs that are easier to read: /usr/local/cpanel/bin/autossl_check --user=username
You'll just need to replace the "username" in that command with your actual cPanel username.0 -
Hey there! There is no reason you couldn't use the free AutoSSL tools for every domain on the machine. cPanel will not overwrite the existing SSL by default, so you would have to remove it before attempting to set up the SSL using cPanel. If you visit WHM >> Manage AutoSSL you would be able to view the SSL logs to see if there is an issue. You can also run the following command on the server to try and issue just the one certificate, which may give you logs that are easier to read:
/usr/local/cpanel/bin/autossl_check --user=username
You'll just need to replace the "username" in that command with your actual cPanel username.
Hi You have run the last command and this is the result. [QUOTE] [root@*** ~]# /usr/local/cpanel/bin/autossl_check --user=m*** AutoSSL"s configured provider is "cPanel (powered by Sectigo)". This AutoSSL provider does not poll for certificate availability immediately after a certificate request submission. Instead, it submits certificate requests then periodically polls the cPanel Store for each requested certificate and installs it after a successful retrieval. The system will record all requests, retrievals, and installations for the current AutoSSL run in this log. Analyzing "mzameer""s domains " Analyzing "haramain.mazameer.com" (website) " TLS Status: Defective Defect: NO_SSL: No SSL certificate is installed. Analyzing "legacy.mazameer.com" (website) " TLS Status: Defective Defect: NO_SSL: No SSL certificate is installed. Analyzing "mazameer.com" (website) " TLS Status: Defective Certificate expiry: 6/23/33, 1:38 PM UTC (4,481.05 days from now) Defect: OPENSSL_VERIFY: The certificate chain failed OpenSSL"s verification (0:10:CERT_HAS_EXPIRED). Defect: OPENSSL_VERIFY: The certificate chain failed OpenSSL"s verification (1:19:SELF_SIGNED_CERT_IN_CHAIN). Defect: OPENSSL_VERIFY: The certificate chain failed OpenSSL"s verification (1:10:CERT_HAS_EXPIRED). Impediment: CERTIFICATE_IS_EXTERNALLY_SIGNED: The certificate is neither self-signed nor from AutoSSL. Analyzing "radio.mazameer.com" (website) " TLS Status: Defective Defect: NO_SSL: No SSL certificate is installed. Analyzing "vb12.mazameer.com" (website) " TLS Status: Defective Defect: NO_SSL: No SSL certificate is installed. Analyzing "vb2018.mazameer.com" (website) " TLS Status: Defective Defect: NO_SSL: No SSL certificate is installed. Attempting to ensure the existence of necessary CAA records " No CAA records were created. Verifying 10 domains" management status " Verifying "cPanel (powered by Sectigo)""s authorization on 10 domains via DNS CAA records " "radio.mazameer.com" is managed. "www.radio.mazameer.com" is managed. "www.haramain.mazameer.com" is managed. "vb12.mazameer.com" is managed. "www.vb12.mazameer.com" is managed. "haramain.mazameer.com" is managed. "legacy.mazameer.com" is managed. "www.legacy.mazameer.com" is managed. "vb2018.mazameer.com" is managed. "www.vb2018.mazameer.com" is managed. All of this user"s 10 domains are managed. CA authorized: "haramain.mazameer.com" CA authorized: "www.haramain.mazameer.com" CA authorized: "legacy.mazameer.com" CA authorized: "www.legacy.mazameer.com" CA authorized: "radio.mazameer.com" CA authorized: "www.radio.mazameer.com" CA authorized: "vb12.mazameer.com" CA authorized: "vb2018.mazameer.com" CA authorized: "www.vb12.mazameer.com" CA authorized: "www.vb2018.mazameer.com" "cPanel (powered by Sectigo)" is authorized to issue certificates for 10 of this user"s 10 domains. Performing HTTP DCV (Domain Control Validation) on 10 domains " Redirection #1 (radio.mazameer.com): "cPanel (powered by Sectigo)" forbids DCV HTTP redirections. Redirection #1 (legacy.mazameer.com): "cPanel (powered by Sectigo)" forbids DCV HTTP redirections. Local HTTP DCV error (vb12.mazameer.com): "vb12.mazameer.com" does not resolve to any IP addresses onthe internet. Local HTTP DCV error (radio.mazameer.com): The system queried for a temporary file at ", which was redirected from ". The web server responded with the following error: 404 (Not Found). A DNS (Domain Name System) or web server misconfiguration may exist. The domain "radio.mazameer.com" resolved to an IP address "104.21.46.3" that does not exist on this server. Local HTTP DCV error (legacy.mazameer.com): The system queried for a temporary file at ", which was redirected from ". The web server responded with the following error: 404 (Not Found). A DNS (Domain Name System) or web server misconfiguration may exist. The domain "legacy.mazameer.com" resolved to an IP address "104.21.46.3" that does not exist on this server. Local HTTP DCV error (vb2018.mazameer.com): "vb2018.mazameer.com" does not resolve to any IP addresses on the internet. Local HTTP DCV error (haramain.mazameer.com): "haramain.mazameer.com" does not resolve to any IP addresses on the internet. Local HTTP DCV error (www.vb12.mazameer.com): "www.vb12.mazameer.com" does not resolve to any IP addresses on the internet. Local HTTP DCV error (www.radio.mazameer.com): "www.radio.mazameer.com" does not resolve to any IP addresses on the internet. Local HTTP DCV error (www.legacy.mazameer.com): "www.legacy.mazameer.com" does not resolve to any IP addresses on the internet. Local HTTP DCV error (www.vb2018.mazameer.com): "www.vb2018.mazameer.com" does not resolve to any IP addresses on the internet. Local HTTP DCV error (www.haramain.mazameer.com): "www.haramain.mazameer.com" does not resolve to anyIP addresses on the internet. Verifying local authority for 10 domains " No local authority: "legacy.mazameer.com" No local authority: "vb12.mazameer.com" No local authority: "haramain.mazameer.com" No local authority: "vb2018.mazameer.com" No local authority: "radio.mazameer.com" No local authority: "www.haramain.mazameer.com" No local authority: "www.vb2018.mazameer.com" No local authority: "www.legacy.mazameer.com" No local authority: "www.radio.mazameer.com" No local authority: "www.vb12.mazameer.com" No local DNS DCV is necessary. Processing "mzameer""s local DCV results " Analyzing "haramain.mazameer.com""s DCV results " Impediment: TOTAL_DCV_FAILURE: Every domain failed DCV. Analyzing "legacy.mazameer.com""s DCV results " Impediment: TOTAL_DCV_FAILURE: Every domain failed DCV. Analyzing "radio.mazameer.com""s DCV results " Impediment: TOTAL_DCV_FAILURE: Every domain failed DCV. Analyzing "vb12.mazameer.com""s DCV results " Impediment: TOTAL_DCV_FAILURE: Every domain failed DCV. Analyzing "vb2018.mazameer.com""s DCV results " Impediment: TOTAL_DCV_FAILURE: Every domain failed DCV. The system has completed "mzameer""s AutoSSL check. [root@*** ~]#0 -
Thanks for posting that log file. Can you remove any redireciton that may be affecting the .well-known directory and see if that resolves the issue? 0 -
Thanks for posting that log file. Can you remove any redireciton that may be affecting the .well-known directory and see if that resolves the issue?
Thanks for your replay, but how to remove the redireciton? Here's the record again. [QUOTE] [root@m*** ~]# /usr/local/cpanel/bin/autossl_check --user=mzameer AutoSSL"s configured provider is "cPanel (powered by Sectigo)". This AutoSSL provider does not poll for certificate availability immediately after a certificate request submission. Instead, it submits certificate requests then periodically polls the cPanel Store for each requested certificate and installs it after a successful retrieval. The system will record all requests, retrievals, and installations for the current AutoSSL run in this log. Analyzing "mzameer""s domains " Analyzing "legacy.mazameer.com" (website) " TLS Status: Defective Defect: NO_SSL: No SSL certificate is installed. Analyzing "mazameer.com" (website) " TLS Status: Defective Certificate expiry: 6/23/33, 1:38 PM UTC (4,480.93 days from now) Defect: OPENSSL_VERIFY: The certificate chain failed OpenSSL"s verification (0:10:CERT_HAS_EXPIRED). Defect: OPENSSL_VERIFY: The certificate chain failed OpenSSL"s verification (1:19:SELF_SIGNED_CERT_IN_CHAIN). Defect: OPENSSL_VERIFY: The certificate chain failed OpenSSL"s verification (1:10:CERT_HAS_EXPIRED). Impediment: CERTIFICATE_IS_EXTERNALLY_SIGNED: The certificate is neither self-signed nor from AutoSSL. Analyzing "vb12.mazameer.com" (website) " TLS Status: Defective Defect: NO_SSL: No SSL certificate is installed. Analyzing "vb2018.mazameer.com" (website) " TLS Status: Defective Defect: NO_SSL: No SSL certificate is installed. Attempting to ensure the existence of necessary CAA records " No CAA records were created. Verifying 6 domains" management status " Verifying "cPanel (powered by Sectigo)""s authorization on 6 domains via DNS CAA records " "legacy.mazameer.com" is managed. "www.legacy.mazameer.com" is managed. "vb12.mazameer.com" is managed. "www.vb12.mazameer.com" is managed. "vb2018.mazameer.com" is managed. "www.vb2018.mazameer.com" is managed. All of this user"s 6 domains are managed. CA authorized: "vb12.mazameer.com" CA authorized: "www.vb12.mazameer.com" CA authorized: "legacy.mazameer.com" CA authorized: "www.legacy.mazameer.com" CA authorized: "vb2018.mazameer.com" CA authorized: "www.vb2018.mazameer.com" "cPanel (powered by Sectigo)" is authorized to issue certificates for 6 of this user"s 6 domains. Performing HTTP DCV (Domain Control Validation) on 6 domains " Redirection #1 (legacy.mazameer.com): "cPanel (powered by Sectigo)" forbids DCV HTTP redirections. Local HTTP DCV error (vb12.mazameer.com): "vb12.mazameer.com" does not resolve to any IP addresses onthe internet. Local HTTP DCV error (legacy.mazameer.com): The system queried for a temporary file at ", which was redirected from ". The web server responded with the following error: 404 (Not Found). A DNS (Domain Name System) or web server misconfiguration may exist. The domain "legacy.mazameer.com" resolved to an IP address "104.21.46.3" that does not exist on this server. Local HTTP DCV error (vb2018.mazameer.com): "vb2018.mazameer.com" does not resolve to any IP addresses on the internet. Local HTTP DCV error (www.vb12.mazameer.com" does not resolve to any IP addresses on the internet. Local HTTP DCV error (www.legacy.mazameer.com" does not resolve to any IP addresses on the internet. Local HTTP DCV error (www.vb2018.mazameer.com" does not resolve to any IP addresses on the internet. Verifying local authority for 6 domains " No local authority: "legacy.mazameer.com" No local authority: "vb12.mazameer.com" No local authority: "vb2018.mazameer.com" No local authority: "www.legacy.mazameer.com" No local authority: "www.vb12.mazameer.com" No local authority: "www.vb2018.mazameer.com" No local DNS DCV is necessary. Processing "mzameer""s local DCV results " Analyzing "legacy.mazameer.com""s DCV results " Impediment: TOTAL_DCV_FAILURE: Every domain failed DCV. Analyzing "vb12.mazameer.com""s DCV results " Impediment: TOTAL_DCV_FAILURE: Every domain failed DCV. Analyzing "vb2018.mazameer.com""s DCV results " Impediment: TOTAL_DCV_FAILURE: Every domain failed DCV. The system has completed "mzameer""s AutoSSL check. [root@m** ~]#0 -
I'm not sure exactly how you would remove the redirection. There are many different ways the site can redirect as that could come from the .htaccess file or within the code itself. If you'd like us to check the machine directly you're always welcome to submit a ticket to our team. 0 -
God bless you brother. The important thing is, we want a solution by installing a free ssl certificate on the rest of the domains. How is the solution I wonder? Do I create a ticket or tell me something to do to solve this problem? 0 -
You can create a ticket using the WHM >> Create Support Ticket page, or using the link in my signature :D 0 -
You can create a ticket using the WHM >> Create Support Ticket page, or using the link in my signature :D
Ticket created and numbered #943077760 -
Thanks for posting that - I'm following along with that ticket on my end so we'll see how that goes! 0 -
Thank you. The problem has been resolved. 0 -
I just wanted to follow-up to say the https redirection was happening through Cloudflare as well, which is why this wasn't working properly for a new certificate. After that was disabled, the SSL was issued normally. I'm glad we were able to help track that down. For other users that may run into a similar issue, we have the following article that provides more details on this: 0 -
I just wanted to follow-up to say the https redirection was happening through Cloudflare as well, which is why this wasn't working properly for a new certificate. After that was disabled, the SSL was issued normally. I'm glad we were able to help track that down. For other users that may run into a similar issue, we have the following article that provides more details on this:
0 -
You're welcome! 0
Please sign in to leave a comment.
Comments
13 comments