AutoSSL issues
I use the AutoSSL cPanel signed certificates for all my domains that don't run e-commerce or don't need a paid SSL certificate. I ran into an issue last week when one of those AutoSSL certificates did not renew. It took a week of discussion with support for where I have my dedicated server to figure out the issue. It had something to do with the .htaccess file making it fail.
So we removed that file and ran it again and it installed but I noticed today it just did it for the domain with and without www but when you look at SSL/TLS Status in cPanel it does not have a green icon for mail, webmail, webdisk and cpanel. Next to those it says "The installed certificate does not cover this domain. The certificate will renew via AutoSSL."
So then I looked at the Logs and for the domain having the issue it says (replaced domain with example):
4:46:18 AM Checking websites for "example" "
4:46:18 AM The website "example.com", owned by "example", has a valid SSL certificate, but additional SSL coverage may be possible for the domains "mail.example.com", "cpanel.example.com", "webmail.example.com", and "webdisk.example.com". The system will attempt to replace this certificate with one that includes these additional domains.
4:46:31 AM WARN The domain "example.com" failed domain control validation: "example.com" does not resolve to any IPv4 addresses on the internet.
4:46:31 AM WARN The current SSL certificate for "example.com" secures the domain "example.com". However, this domain failed local domain control validation. In order to maintain SSL domain coverage for this domain, the system will not attempt to replace the current certificate.
4:46:31 AM The system has completed the AutoSSL check for "example".
All sites are running Drupal and the only thing I have added to the bottom of .htaccess file is:
RewriteCond %{HTTP_HOST} !^example\.com$ [NC,OR]
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$
-
Hello, I recommend browsing to "WHM >> Tweak Settings" and enabling the following option under the "Domains" tab: "Use a Global DCV Passthrough instead of .htaccess modification (requires EA4)" Here's the description for this option: When you enable this option, Apache adds global rewrite rules to the webserver configuration so that the system does not process additional rewrite rules for DCV filenames. These global rules make it unnecessary for cPanel & WHM to modify each virtual host"s .htaccess file. Note: When you enable this option, the system receives a trivial performance penalty because all of the HTTP requests must be matched against the DCV filename regular expressions. Note this option is enabled by default in cPanel version 66. Additionally, I noticed the following in your AutoSSL log output: :46:31 AM WARN The domain "example.com" failed domain control validation: "example.com" does not resolve to any IPv4 addresses on the internet.
Can you confirm the domain name resolves to an IP address associated with the cPanel server? Thank you.0 -
I did just test the site for the IP and it came back as the same IP WHM lists for it as well as the other sites on the dedicated server. I did look at the setting you are talking about but it is italicized and greyed out. It is set as Off which is the default. Does something else need to be turned on for it to be available to be turned on or should I contact my hosting company? 0 -
Hello, That option requires EasyApache 4. Are you currently using EasyApache 3 on this system? If so, is there anything we can do to help you migrate over to EasyApache 4? Thank you. 0 -
Looks like my server is running 3. I will ask my provider about moving to 4. 0
Please sign in to leave a comment.
Comments
4 comments