AutoSSL certificate renew fail, pki-validation error 406 - file not acceptable

accafella

• May 24, 2021 08:47

Hello cPanellers, your help would be most appreciated. AutoSSL (running Sectigo) cannot find any file at .well-known/pki-validation/ but returns a 406 error rather than a 404 that other folk have experienced. The .txt file does not exist, that I can verify, but also ... "the web server responded with the following error: 406 (Not Acceptable). A DNS (Domain Name System) or web server misconfiguration may exist." The AutoSSL log also reports that ; WARN Local HTTP DCV error does not resolve to any IP addresses on the internet. and ERROR Impediment: TOTAL_DCV_FAILURE: Every domain failed DCV. DNS is hosted externally by my WebHost and i've run the domain through leafDNS and intoDNS ; there are no apparent problems. Disabling the relevant .htaccess files has also had no effect. /proc/sys/net/ipv6/conf/all/disable_ipv6 is set to 1 in case that ipv6 is the cause. I'm a little lost and would value some pointers in the right direction. Thanks in advance, Steve.

• 

  cPRex Jurassic Moderator

  • May 24, 2021 14:22

  Hey there! It sounds like there is an issue looking up the DNS from your specific server if there are no issues reported with IntoDNS or other external tools. Could you try running this command on your server, just replacing "google.com" with your specific domain name? This will show if the system is able to check the correct nameservers for that domain: /usr/local/cpanel/3rdparty/bin/perl -MCpanel::DnsRoots -MData::Dumper -e 'print Dumper(Cpanel::DnsRoots->new()->get_nameservers_for_domain("google.com"));'
  If that does return the correct information, feel free to submit a ticket to our team so we can do some additional testing.

  0
• 

  accafella

  • May 24, 2021 14:45

  Thanks @cPRex. The command returned the nameserver ip addresses that it ought to have done which correspond to the WHM nameserver records. I will submit a ticket. Steve.

  0
• 

  cPRex Jurassic Moderator

  • May 24, 2021 15:19

  If you can post the ticket number here I can make sure to follow along and keep this thread updated.

  0
• 

  accafella

  • May 24, 2021 15:28

  thanks. ticket #94328655.

  0
• 

  cPRex Jurassic Moderator

  • May 24, 2021 15:40

  Thanks so much - I'm following along with that ticket on my end now.

  0
• 

  accafella

  • May 24, 2021 18:04

  Thanks enormously @cPRex

  0
• 

  cPRex Jurassic Moderator

  • May 25, 2021 12:56

  Our team was able to find a ModSecurity rule that was interfering with the AutoSSL run. After disabling that rule everything is working normally on the system.

  0
• 

  accafella

  • May 25, 2021 13:27

  Yes, brilliant work. Thanks for all of your efforts.

  0
• 

  cPRex Jurassic Moderator

  • May 25, 2021 13:30

  You're very welcome!

  0

Please sign in to leave a comment.