AutoSSL and Subdomains on Different IP
I've noticed the following warnings in the AutoSSL log, they appear every night for every domain.
Now i'm not overly worried as they are warnings, but I know the support for proxy subdomains (mail only at this time) has been added to WHM 60 which I am running, so is this issue stopping that from working ? The IP Address for the mail.xxxx domains have been configured as a different IP to the www.xxx domains due to a negative reputation on the original ip address and mail getting rejected, I'm not sure if having this different ip is causing the problem.
1:22:02 AM The website "yourdomain.co.uk", owned by "yourdomain", has a valid SSL certificate, but additional SSL coverage may be possible for the domain "mail.yourdomain.co.uk". The system will attempt to replace this certificate with one that includes this additional domain.
1:22:04 AM WARN The domain "mail.yourdomain.co.uk" failed domain control validation: The content "7" of the DCV file, as accessed at "http://www.myvpsaddress.co.uk/domainnotknown.html" and redirected from "http://mail.yourdomain.co.uk/317957.BIN_AUTOSSL_CHECK_PL__.8ejJH0H0.cpaneldcv", did not match the expected value. at bin/autossl_check.pl line 512.
1:22:04 AM WARN All of "yourdomain.co.uk""s unsecured domains failed domain control validation. AutoSSL skip this website. at bin/autossl_check.pl line 441.Now i'm not overly worried as they are warnings, but I know the support for proxy subdomains (mail only at this time) has been added to WHM 60 which I am running, so is this issue stopping that from working ? The IP Address for the mail.xxxx domains have been configured as a different IP to the www.xxx domains due to a negative reputation on the original ip address and mail getting rejected, I'm not sure if having this different ip is causing the problem.
-
The IP Address for the mail.xxxx domains have been configured as a different IP to the How to Configure the Exim Outgoing IP Address - cPanel Knowledge Base - cPanel Documentation Also, just a slight correction regarding your reference of proxy subdomains for anyone else viewing this thread. cPanel version 60 introduced the cpdavd " Calendar, Contacts, and Web Disk services.
- exim " Mail transfer and receiving services.
- dovecot " Mailbox service.
However, AutoSSL support for proxy subdomains is not yet available. That's planned for the future, and can be tracked at: Allow to make certificate for subdomains like cPanel.example.com and mail.Example.com Thank you.0 -
I did add an entry to the /etc/mailips file to add *:1.2.3.4 (where 1.2.3.4 is the ip address used for the mail now). I have also modified the A records of all the domains to use this same ip address, but I'll be honest and say I have no idea why I did this. It might be that I changed DNS first to try and resolve the issue before finding out about the /etc/mailips file. Do you think I will be OK to set the mail dns record back to the main shared IP address ? They are all on the same VPS. My apologies for the incorrect reference of proxy subdomains, thank you for correcting me. 0 -
Do you think I will be OK to set the mail dns record back to the main shared IP address ? They are all on the same VPS.
Yes, please revert to the default configuration and let us know if any additional issues with AutoSSL persist. Thanks!0 -
OK I put the main IP back in for mail subdomains and everything still works, nobody has complained about emails not going. I checked the AutoSSL logs over the weekend and the warnings for mail.subdomain have gone but now I am getting a lot of proper errors (not warnings). 1:22:02 AM Checking websites for "domain" " 1:22:03 AM The website "domainname.co.uk", owned by "domain", has a valid SSL certificate, but additional SSL coverage may be possible for the domain "mail.domainname.co.uk". The system will attempt to replace this certificate with one that includes this additional domain. 1:22:03 AM The system will attempt to renew SSL certificates for the following websites: 1:22:03 AM domainname.co.uk (domainname.co.uk www.domainname.co.uk mail.domainname.co.uk) 1:22:08 AM ERROR AutoSSL failed to request an SSL certificate for "domainname.co.uk" because of an error: Cpanel::Exception::cPStoreError/(XID vb7j8d) The cPanel Store returned an error (X::Item::ActivationFailure) in response to the request "POST ssl/certificate/free": Generic exception at /usr/local/cpanel/Cpanel/Exception/CORE.pm line 77. Cpanel::Exception::create("cPStoreError", HASH(0x402a6f8)) called at /usr/local/cpanel/Cpanel/cPStore.pm line 231 Cpanel::cPStore::__ANON__(Cpanel::Exception::HTTP::Server=HASH(0x41f2430)) called at /usr/local/cpanel/3rdparty/perl/522/lib64/perl5/cpanel_lib/Try/Tiny.pm line 103 Try::Tiny::try(CODE(0x402bb30), Try::Tiny::Catch=REF(0x4029338)) called at /usr/local/cpanel/Cpanel/cPStore.pm line 239 Cpanel::cPStore::_request(Cpanel::cPStore::LicenseAuthn=HASH(0x19e94c0), "post", "ssl/certificate/free", "item_params", HASH(0x402db98)) called at /usr/local/cpanel/Cpanel/cPStore.pm line 178 Cpanel::cPStore::post(Cpanel::cPStore::LicenseAuthn=HASH(0x19e94c0), "ssl/certificate/free", "item_params", HASH(0x402db98)) called at /usr/local/cpanel/Cpanel/SSL/Auto/Provider/cPanel.pm line 169 Cpanel::SSL::Auto::Provider::cPanel::__ANON__() called at /usr/local/cpanel/3rdparty/perl/522/lib64/perl5/cpanel_lib/Try/Tiny.pm line 80 eval {...} called at /usr/local/cpanel/3rdparty/perl/522/lib64/perl5/cpanel_lib/Try/Tiny.pm line 71 Try::Tiny::try(CODE(0x362ca80), Try::Tiny::Catch=REF(0x401ff68)) called at /usr/local/cpanel/Cpanel/SSL/Auto/Provider/cPanel.pm line 193 Cpanel::SSL::Auto::Provider::cPanel::renew_ssl_for_vhosts(Cpanel::SSL::Auto::Provider::cPanel=HASH(0x2fb96f0), "domain", "domainname.co.uk", ARRAY(0x1926b20)) called at bin/autossl_check.pl line 259 bin::autossl_check::__ANON__() called at /usr/local/cpanel/3rdparty/perl/522/lib64/perl5/cpanel_lib/Try/Tiny.pm line 80 eval {...} called at /usr/local/cpanel/3rdparty/perl/522/lib64/perl5/cpanel_lib/Try/Tiny.pm line 71 Try::Tiny::try(CODE(0x355a4e8), Try::Tiny::Catch=REF(0x3559d98)) called at bin/autossl_check.pl line 266 bin::autossl_check::__ANON__() called at /usr/local/cpanel/Cpanel/PIDFile.pm line 101 Cpanel::PIDFile::do("Cpanel::PIDFile", "/var/cpanel/autossl_check.pid", CODE(0x3268850)) called at bin/autossl_check.pl line 287 bin::autossl_check::_run_maybe_captured("--all") called at bin/autossl_check.pl line 109 bin::autossl_check::__ANON__() called at /usr/local/cpanel/Cpanel/CaptureFH.pm line 50 Cpanel::CaptureFH::do_with_output_captured_to_path_if_non_tty("/usr/local/cpanel/logs/error_log", CODE(0x323e590)) called at bin/autossl_check.pl line 110 bin::autossl_check::run("--all") called at bin/autossl_check.pl line 78 1:22:08 AM The system has completed the AutoSSL check for "domain".0 -
Hello, I'm happy to see the initial issue is now addressed. The second problem you have reported is discussed on the following thread: Errors from cPanel Store API when requesting autossl certs Thank you. 0
Please sign in to leave a comment.
Comments
5 comments