Cpanel can't issue a new hostname ssl
I hope you're doing well.
I wanted to bring to your attention that the SSL certificate for our hostname has expired a few days ago. As a result, we're experiencing issues with browser warnings due to the self-signed certificate. When I ran the following command, here's the output I received:
and i have this problem with 2 servers.
[root@ns3 ~]# /usr/local/cpanel/bin/checkallsslcerts --verbose
The system will check for the certificate for the “cpanel” service.
The system will attempt to replace the expired certificate for the “cpanel” service with a signed certificate from the “Let’s Encrypt™” provider.
The system will attempt to install a certificate for the “cpanel” service from the system SSL storage.
None of the certificates in the system SSL storage were acceptable to use for the “cpanel” service.
The system will attempt to get a new certificate for the domains: ns3.edisoft-dz.com, autoconfig.ns3.edisoft-dz.com, autodiscover.ns3.edisoft-dz.com, cpanel.ns3.edisoft-dz.com, cpcalendars.ns3.edisoft-dz.com, cpcontacts.ns3.edisoft-dz.com, ipv6.ns3.edisoft-dz.com, mail.ns3.edisoft-dz.com, webdisk.ns3.edisoft-dz.com, webmail.ns3.edisoft-dz.com, whm.ns3.edisoft-dz.com, www.ns3.edisoft-dz.com
The system failed to validate domain control for the domain “cpanel.ns3.edisoft-dz.com” using the “HTTP” DCV method: 400 urn:ietf:params:acme:error:dns (There was a problem with a DNS query) (DNS problem: NXDOMAIN looking up A for cpanel.ns3.edisoft-dz.com - check that a DNSrecord exists for this domain; DNS problem: NXDOMAIN looking up AAAA for cpanel.ns3.edisoft-dz.com - check that a DNS record exists for this domain)
The system failed to validate domain control for the domain “cpcalendars.ns3.edisoft-dz.com” using the “HTTP” DCV method: 400 urn:ietf:params:acme:error:dns (There was a problem with a DNS query) (DNS problem: NXDOMAIN looking up A for cpcalendars.ns3.edisoft-dz.com - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for cpcalendars.ns3.edisoft-dz.com - check that a DNS record exists for this domain)
The system failed to validate domain control for the domain “webdisk.ns3.edisoft-dz.com” using the “HTTP” DCV method: 400 urn:ietf:params:acme:error:dns (There was a problem with a DNS query) (DNS problem: NXDOMAIN looking up A for webdisk.ns3.edisoft-dz.com - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for webdisk.ns3.edisoft-dz.com - check that a DNS record exists for this domain)
The system failed to validate domain control for the domain “webmail.ns3.edisoft-dz.com” using the “HTTP” DCV method: 400 urn:ietf:params:acme:error:dns (There was a problem with a DNS query) (DNS problem: NXDOMAIN looking up A for webmail.ns3.edisoft-dz.com - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for webmail.ns3.edisoft-dz.com - check that a DNS record exists for this domain)
The system failed to validate domain control for the domain “autoconfig.ns3.edisoft-dz.com” using the “HTTP” DCV method: 400 urn:ietf:params:acme:error:dns (There was a problem with a DNS query) (DNS problem: NXDOMAIN looking up A for autoconfig.ns3.edisoft-dz.com - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for autoconfig.ns3.edisoft-dz.com - check that a DNS record exists for this domain)
The system failed to validate domain control for the domain “whm.ns3.edisoft-dz.com” using the “HTTP” DCV method: 400 urn:ietf:params:acme:error:dns (There was a problem with a DNS query) (DNS problem: NXDOMAIN looking up A for whm.ns3.edisoft-dz.com - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for whm.ns3.edisoft-dz.com - check that a DNS record exists for this domain)
The system failed to validate domain control for the domain “autodiscover.ns3.edisoft-dz.com” using the “HTTP” DCV method: 400 urn:ietf:params:acme:error:dns (There was a problem with a DNS query) (DNS problem: NXDOMAIN looking up A for autodiscover.ns3.edisoft-dz.com - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for autodiscover.ns3.edisoft-dz.com - check that a DNS record exists for this domain)
The system failed to validate domain control for the domain “mail.ns3.edisoft-dz.com” using the “HTTP” DCV method: 400 urn:ietf:params:acme:error:dns (There was a problem with a DNS query) (DNS problem: NXDOMAIN looking up A for mail.ns3.edisoft-dz.com - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for mail.ns3.edisoft-dz.com - check that a DNS record exists for this domain)
The system failed to validate domain control for the domain “cpcontacts.ns3.edisoft-dz.com” using the “HTTP” DCV method: 400 urn:ietf:params:acme:error:dns (There was a problem with a DNS query) (DNS problem: NXDOMAIN looking up A for cpcontacts.ns3.edisoft-dz.com - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for cpcontacts.ns3.edisoft-dz.com - check that a DNS record exists for this domain)
The system failed to validate domain control for the domain “ipv6.ns3.edisoft-dz.com” using the “HTTP” DCV method: 400 urn:ietf:params:acme:error:dns (There was a problem with a DNS query) (DNS problem: NXDOMAIN looking up A for ipv6.ns3.edisoft-dz.com - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for ipv6.ns3.edisoft-dz.com - check that a DNS record exists for this domain)
The system failed to validate domain control for the domain “www.ns3.edisoft-dz.com” using the “HTTP” DCV method: 400 urn:ietf:params:acme:error:dns (There was a problem with a DNS query) (DNS problem: NXDOMAIN looking up A for www.ns3.edisoft-dz.com - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for www.ns3.edisoft-dz.com - check that a DNS record exists for this domain)
warn [checkallsslcerts] Cpanel::DnsUtils::Install::Processor::_add_error: There is no zone file on this system that can contain “_acme-challenge.cpanel.ns3.edisoft-dz.com.”.
warn [checkallsslcerts] Cpanel::DnsUtils::Install::Processor::_add_error: There is no zone file on this system that can contain “_acme-challenge.mail.ns3.edisoft-dz.com.”.
warn [checkallsslcerts] Cpanel::DnsUtils::Install::Processor::_add_error: There is no zone file on this system that can contain “_acme-challenge.autodiscover.ns3.edisoft-dz.com.”.
warn [checkallsslcerts] Cpanel::DnsUtils::Install::Processor::_add_error: There is no zone file on this system that can contain “_acme-challenge.cpcontacts.ns3.edisoft-dz.com.”.
warn [checkallsslcerts] Cpanel::DnsUtils::Install::Processor::_add_error: There is no zone file on this system that can contain “_acme-challenge.autoconfig.ns3.edisoft-dz.com.”.
warn [checkallsslcerts] Cpanel::DnsUtils::Install::Processor::_add_error: There is no zone file on this system that can contain “_acme-challenge.ipv6.ns3.edisoft-dz.com.”.
warn [checkallsslcerts] Cpanel::DnsUtils::Install::Processor::_add_error: There is no zone file on this system that can contain “_acme-challenge.cpcalendars.ns3.edisoft-dz.com.”.
warn [checkallsslcerts] Cpanel::DnsUtils::Install::Processor::_add_error: There is no zone file on this system that can contain “_acme-challenge.webdisk.ns3.edisoft-dz.com.”.
warn [checkallsslcerts] Cpanel::DnsUtils::Install::Processor::_add_error: There is no zone file on this system that can contain “_acme-challenge.whm.ns3.edisoft-dz.com.”.
warn [checkallsslcerts] Cpanel::DnsUtils::Install::Processor::_add_error: There is no zone file on this system that can contain “_acme-challenge.webmail.ns3.edisoft-dz.com.”.
warn [checkallsslcerts] Cpanel::DnsUtils::Install::Processor::_add_error: There is no zone file on this system that can contain “_acme-challenge.www.ns3.edisoft-dz.com.”.
Cpanel::DnsUtils::Install::Processor:678: There is no zone file on this system that can contain “_acme-challenge.cpanel.ns3.edisoft-dz.com.”.
Cpanel::DnsUtils::Install::Processor:678: There is no zone file on this system that can contain “_acme-challenge.mail.ns3.edisoft-dz.com.”.
Cpanel::DnsUtils::Install::Processor:678: There is no zone file on this system that can contain “_acme-challenge.autodiscover.ns3.edisoft-dz.com.”.
Cpanel::DnsUtils::Install::Processor:678: There is no zone file on this system that can contain “_acme-challenge.cpcontacts.ns3.edisoft-dz.com.”.
Cpanel::DnsUtils::Install::Processor:678: There is no zone file on this system that can contain “_acme-challenge.autoconfig.ns3.edisoft-dz.com.”.
Cpanel::DnsUtils::Install::Processor:678: There is no zone file on this system that can contain “_acme-challenge.ipv6.ns3.edisoft-dz.com.”.
Cpanel::DnsUtils::Install::Processor:678: There is no zone file on this system that can contain “_acme-challenge.cpcalendars.ns3.edisoft-dz.com.”.
Cpanel::DnsUtils::Install::Processor:678: There is no zone file on this system that can contain “_acme-challenge.webdisk.ns3.edisoft-dz.com.”.
Cpanel::DnsUtils::Install::Processor:678: There is no zone file on this system that can contain “_acme-challenge.whm.ns3.edisoft-dz.com.”.
Cpanel::DnsUtils::Install::Processor:678: There is no zone file on this system that can contain “_acme-challenge.webmail.ns3.edisoft-dz.com.”.
Cpanel::DnsUtils::Install::Processor:678: There is no zone file on this system that can contain “_acme-challenge.www.ns3.edisoft-dz.com.”. at /usr/local/cpanel/Cpanel/DnsUtils/Batch.pm line 243.
Could someone please assist with resolving this issue? Your help would be greatly appreciated.
Thank you.
-
Hey there! Please don't include public domains in Forums posts, for security reasons.
I wouldn't expect most of those domains to resolve as they are subdomains on top of the hostname, but the actual hostname of the server should still be issued a certificate.
Is this a DNSOnly machine or a full cPanel & WHM server?
0 -
Hi, Thank you for your reply, the server in question is a shared hosting server, i have no problem with useraccout ssl, only with the namserver with i use to access Whm and it's a full cPanel & WHM server
0 -
If you run the following, does it report the correct IP for the server's hostname?
/scripts/cpdig your.servers.hostname A
0 -
Yes it gives me the correct ip
0 -
If you create a test page inside /var/www/html/.well-known/acme-challenge are you then able to access it at http://your.hostname.com/.well-known/acme-challenge/test.txt without an error?
0 -
yes, i can acces with no error, i created a test.txt no problem
0 -
Thanks for the additional details. I think this is related to case CPANEL-44035 where the SSL can't be issued if there isn't a unique DNS zone for the hostname. Can you run this command and see if that gets things working?
whmapi1 adddns domain=your.server's.hostname ip=IP
Just edit that hostname to yours and the IP as well and then run the command.
0 -
Thank you very much, it is working now, so this is the resolution for this problem, thank you
0 -
Great! I believe we are planning to have this fixed in a future version of 120.
0 -
That will be great.
Thank you again.
1 -
Once the command is run, is there anything else to do? Our system is the same but hasn't changed after running the command.
Thanks
0 -
Run this command
usr/local/cpanel/bin/checkallsslcerts --verbose1 -
Thanks!
0
Please sign in to leave a comment.
Comments
13 comments