Skip to main content

cPanel AutoSSL Redirect Error: Exclude files from being redirected

Comments

23 comments

  • cPanelMichael
    Hello David, The following thread includes a workaround you may find helpful: SOLVED - AutoSSL and WordPress Multisite Thank you.
    0
  • David Digal
    Thanks Michael, I'll go through the thread that you've suggested and will get you know if i'm able to solve the problem. Thanks, David.
    0
  • David Digal
    Hi Michael, I article that you suggested didn't help with the problem that I am having. Still struggling with the problem. My problem is when when AutoSSL is trying to access this file "
    0
  • Tearabite
    Is the site using Cloudflare?
    0
  • David Digal
    Yes, the website is using CloudFlare.
    0
  • David Digal
    Hi there, I have identified part of the problem which is that the non-www was pointing to a different server and then redirecting to www. So that is why my htaccess code posted above wasn't working. I still have the problem, but have identified it more clearly in this new thread:
    0
  • Tearabite
    Yes, the website is using CloudFlare.

    Try disabling cloudflare temporarily and forcing the AutoSSL to see if it works then (there is a known/documented issue with AutoSSL and CloudFlare).. If that works, you will still run into this issue every 90 days when it"s time to renew the cert so I"m wondering if it"s possible to create a rule in Cloudflare to bypass this path...
    0
  • cPanelMichael
    Hello David, Thank you for the additional information. I'm assuming you already have "Use a Global DCV Passthrough instead of .htaccess modification (requires EA4)" enabled under the "Domains" tab in "WHM >> Tweak Settings". If so, here are a couple of rules you could add to the .htaccess file that have worked for others facing the same issue:
    RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$ RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
    Let us know if this helps. Thank you.
    0
  • Nirjonadda
    Hello David, Thank you for the additional information. I'm assuming you already have "Use a Global DCV Passthrough instead of .htaccess modification (requires EA4)" enabled under the "Domains" tab in "WHM >> Tweak Settings". If so, here are a couple of rules you could add to the .htaccess file that have worked for others facing the same issue:
    RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$ RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
    Let us know if this helps. Thank you.

    I am already have enabled "Use a Global DCV Passthrough instead of .htaccess modification (requires EA4)" but still getting The validation required 2 HTTP redirects. So do we need this rules add in .htaccess file?
    0
  • cPanelMichael
    I am already have enabled "Use a Global DCV Passthrough instead of .htaccess modification (requires EA4)" but still getting The validation required 2 HTTP redirects. So do we need this rules add in .htaccess file?

    Yes, those rules may help if you have existing Mod_Rewrite rules that are redirecting the requests to the AutoSSL DCV files. Thank you.
    0
  • Nirjonadda
    Yes, those rules may help if you have existing Mod_Rewrite rules that are redirecting the requests to the AutoSSL DCV files. Thank you.

    Still does not work. I think need to disable Always use HTTPS in cloudflare. 49995
    0
  • cPanelMichael
    Hello, Let us know if disabling that option helps. Thank you.
    0
  • Nirjonadda
    Hello, Let us know if disabling that option helps. Thank you.

    Still are AutoSSL Pending Queue from Request Time Dec 15, 2017 6:09:41 PM
    0
  • cPanelMichael
    Hello, It's possible your CloudFlare configuration is causing this issue. Feel free to open a support ticket if you'd like us to take a closer look to rule out any issues with the cPanel server. Thank you.
    0
  • grayloon
    It's possible your CloudFlare configuration is causing this issue.

    I'm also using Cloudflare in front of my cPanel sites, and I can confirm that it doesn't play well with AutoSSL. In most cases, Cloudflare providing the SSL isn't an issue. However, some of my customers have their own domain in internal DNS. This bypasses Cloudflare and goes directly to my cPanel server where I must have an SSL in place via AutoSSL. Since Cloudflare is forcing HTTPS, the AutoSSL request is redirected and fails.
    0
  • cPWilliamL
    The CloudFlare option 'Always use HTTPS' will certainly cause issues with AutoSSL. This should be disabled.
    0
  • philsward
    Ok, so just to clarify... We're supposed to have SSL on a website, and do our best (redirect) all non ssl requests to https, however when we re-direct an incoming request from non-ssl to ssl, this causes the recent updates to the DCV to fail because it won't allow a redirect? What gives? The workaround is to go add a whitelist rule to every .htaccess on the server? Are you kidding?? It's easier for tens of thousands of people running hundreds of thousands of websites to add a custom redirect than it is for the devs at cPanel to write a check against a non-ssl redirect? So confused... BTW, when was this locked down? I didn't have problems until the most recent round of updates required for late April 2018... I've always had redirects and it's never been an issue.
    0
  • Nirjonadda
    The CloudFlare option 'Always use HTTPS' will certainly cause issues with AutoSSL. This should be disabled.

    No, This way does not fixed.
    0
  • philsward
    Wrote up some instructions that "might" help some folks if you have control over your entire server (i.e VPS) - Removed -
    0
  • Infopro
    Please feel free to share your solution on this forum if you like, instead of linking to it on an external site. Link removed.
    0
  • cPanelMichael
    Hello @philsward, Thank you for sharing the workaround. As far as why this happens, the AutoSSL DCV check needs to access the control file via the HTTP protocol in order to validate. Thus, when a global redirect for HTTP to HTTPS is configured, it will lead to the validation failure you have reported. I encourage you to vote and add feedback to the following feature request, as it would allow for DNS-based AutoSSL verification: AutoSSL: DNS challenge validation Thank you.
    0
  • WorkinOnIt
    I'm assuming you already have "Use a Global DCV Passthrough instead of .htaccess modification (requires EA4)" enabled under the "Domains" tab in "WHM >> Tweak Settings". If so, here are a couple of rules you could add to the .htaccess file that have worked for others facing the same issue:
    RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$ RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$

    I would like to chime in to this - I also have the same error message in Auto SSL - due to a domain in CloudFlare having Strict SSL and the "Always use HTTPS" = true setting enabled. I checked to ensure that the "Use a Global DCV Passthrough" in WHM tweak settings was ON - but it didn't help. However, adding the .htaccess rules worked - but that is definitely a pain to do for lots of sites. Why can't this check be added to the AutoSSL function in WHM?
    0
  • cPanelMichael
    Hello @WorkinOnIt, Support for DNS-based domain control validation (DCV) is tentatively planned for cPanel & WHM version 74. This will help ensure the validation succeeds in cases where the current HTTP-based DCV fails. Thank you.
    0

Please sign in to leave a comment.