AutoSSL Fails for all accounts
Hi All
I am using
CENTOS 6.8 x86_64 hyper-v " server WHM 60.0 (build 24)
23 accounts, some with internal only websites and some public facing.
AutoSSL enabled for all user accounts.
Some have existing good SSL certificates
Some have expired SSL certificates
The rest don't have any SSL certificates
My problem is that AutoSSL is failing on every website, all with the common message, saying that the domain does not resolve to any IPv4 addresses on the internet. at bin/autossl_check.pl line 512.
In the snip below it also states that the certificate has expired which is correct. So I would like it to be replaced.
I have left the domain name in so you can see that it does resolve. FYI I have looked through other AutoSSL problems on this forum but can't see any relevant, so apologise in advance if it has been covered.
12:35:55 AM Checking websites for "xxxxxxxx" "
12:35:55 AM The website "example.com", owned by "xxxxxxxx", has a faulty SSL certificate (OPENSSL_VERIFY:0:10:CERT_HAS_EXPIRED NOT_ALL_DOMAINS ALMOST_EXPIRED). AutoSSL will attempt to replace this certificate.
12:36:47 AM WARN The domain "example.com" failed domain control validation: "retiredbutable.com" does not resolve to any IPv4 addresses on the internet. at bin/autossl_check.pl line 512.
12:36:47 AM WARN The domain "www.example.com" failed domain control validation: "www.example.com" does not resolve to any IPv4 addresses on the internet. at bin/autossl_check.pl line 512.
12:36:47 AM WARN The domain "mail.example.com" failed domain control validation: "mail.example.com" does not resolve to any IPv4 addresses on the internet. at bin/autossl_check.pl line 512.
12:36:47 AM The system has completed the AutoSSL check for "xxxxxxxx".I have left the domain name in so you can see that it does resolve. FYI I have looked through other AutoSSL problems on this forum but can't see any relevant, so apologise in advance if it has been covered.
-
Hello @Bluemerlin, There are a few potential causes of this problem. For instance, I've seen a case where the data center blocked UDP connections to the root name servers. Could you open a support ticket using the link in my signature so we can take a closer look and figure out what's happening? You can post the ticket number here and we will update this thread with the outcome. Thanks! 0 -
Thanks I will do that. 0 -
I have exactly the same issue. Have tried with both DC provided name servers and Google's public DNS. Same result. I would greatly appreciate a list of common reasons, since I know that all the domains in question resolve just fine. 0 -
Hello @Mads Nordholm, Feel free to open a support ticket so we can take a closer look and verify why the DNS resolution is failing. Thank you. 0 -
It is looking like I have found the problem. The Cisco that the server is sitting behind was using the default DNS packet length of 512. I have increased this to 1500 using. fixup protocol dns maximum-length 1500 The console message that gave me the clue was Dropped UDP DNS reply from outside:192.5.5.241/53 to Servers:xxx.xxx.xxx.xx/46173; packet length 517 bytes exceeds configured limit of 512 bytes This appears to have fixed it for most of all the sites (once a quota issue was fixed). 0 -
It is looking like I have found the problem. The Cisco that the server is sitting behind was using the default DNS packet length of 512. I have increased this to 1500 using. fixup protocol dns maximum-length 1500 The console message that gave me the clue was Dropped UDP DNS reply from outside:192.5.5.241/53 to Servers:xxx.xxx.xxx.xx/46173; packet length 517 bytes exceeds configured limit of 512 bytes This appears to have fixed it for most of all the sites (once a quota issue was fixed).
I'm happy to see the issue is now resolved. Thank you for updating this thread with the outcome.0
Please sign in to leave a comment.
Comments
6 comments