Skip to main content

AutoSSL unable to renew

Comments

10 comments

  • cPanelMichael
    (Forbidden). A DNS (Domain Name System) or web server misconfiguration may exist.

    Hello, It looks like access to the DCV file was blocked. Could you let us know the contents of the .htaccess file in one of the affected account's public_html directory? Ensure to replace any real domain names or IP addresses with examples. Thank you.
    0
  • mreidgs

    # BEGIN iThemes Security - Do not modify or remove this line # iThemes Security Config Details: 2 # Ban Hosts - Security > Settings > Banned Users SetEnvIF REMOTE_ADDR "^x\.x\.x\.x$" DenyAccess SetEnvIF X-FORWARDED-FOR "^x\.x\.x\.x$" DenyAccess SetEnvIF X-CLUSTER-CLIENT-IP "^x\.2x\.x\.x$" DenyAccess **bunch of these repeated** Require all granted Require not env DenyAccess Require not ip x.x.x.x **bunch of these repeated** Order allow,deny Allow from all Deny from env=DenyAccess Deny from x.x.x.x **bunch of these repeated** # END iThemes Security - Do not modify or remove this line # BEGIN WordPress RewriteEngine On RewriteBase / RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$ RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$ RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$ RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$ RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$ RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$ RewriteRule . /index.php # END WordPress
    0
  • cPanelMichael
    Hello, Does this system use EasyApache 4? If so, check to verify "Use a Global DCV Passthrough instead of .htaccess modification (requires EA4)" is enabled under the "Domains" tab in "WHM >> Tweak Settings". Otherwise, if you are using EasyApache 3, you will need to modify your .htaccess rules to ensure access attempts from Comodo to the ".well-known" directory are not blocked or restricted. Thank you.
    0
  • mreidgs
    I'm looking at a server using EA4 and I do not see that setting in Tweak settings.
    0
  • cPanelMichael
    I'm looking at a server using EA4 and I do not see that setting in Tweak settings.

    What version of cPanel is installed on this server? Are you logged in via WHM as root? Thank you.
    0
  • mreidgs
    v68.0.20 and logged in as root.
    0
  • cPanelMichael
    Hello, Could you scroll down to the last options listed under the "Domains" tab in "WHM >> Tweak Settings" and upload a screenshot of what you see? Thank you.
    0
  • mreidgs
    Here is a screenshot. What specifically would I add to .htaccess so that access to ".well-known" directory is not blocked?
    0
  • cPanelMichael

    # BEGIN iThemes Security - Do not modify or remove this line # iThemes Security Config Details: 2 # Ban Hosts - Security > Settings > Banned Users SetEnvIF REMOTE_ADDR "^x\.x\.x\.x$" DenyAccess SetEnvIF X-FORWARDED-FOR "^x\.x\.x\.x$" DenyAccess SetEnvIF X-CLUSTER-CLIENT-IP "^x\.2x\.x\.x$" DenyAccess **bunch of these repeated** Require all granted Require not env DenyAccess Require not ip x.x.x.x **bunch of these repeated** Order allow,deny Allow from all Deny from env=DenyAccess Deny from x.x.x.x **bunch of these repeated** # END iThemes Security - Do not modify or remove this line # BEGIN WordPress RewriteEngine On RewriteBase / RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$ RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$ RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$ RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$ RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$ RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$ RewriteRule . /index.php # END WordPress

    Hello, It looks like it's your "Deny" rules as opposed to your Mod_Rewrite rules that are preventing AutoSSL from completing the domain validation process. The rules look similar to what's referenced by another user on the following thread: AutoSSL: The certificate is not available. (processing) A workaround is suggested on the above post, so you may want to see if that helps. As far as the "Use a Global DCV Passthrough instead of .htaccess modification (requires EA4)" option, that won't solve this particular issue, however you should still see the option if you are using cPanel version 68 and EasyApache 4. The fact that it's missing suggests you might be using an older version of cPanel. You can verify the version of cPanel installed with the following command:
    cat /usr/local/cpanel/version
    Thank you.
    0
  • mreidgs
    Looking into this solution. Thanks.
    0

Please sign in to leave a comment.