checkallsslcerts using old hostname (and failing issuance) - unable to find source
The cPanel provided SSL certificate on my main server hostname recently expired and was unable to be auto-renewed. Running /usr/local/cpanel/bin/checkallsslcerts manually shows up the OLD (datacentre provided) hostname in addition to my set hostname.
The system will check for the certificate for the “cpanel” service.
The system will attempt to replace the self-signed certificate for the “cpanel” service with a signed certificate from the “Let’s Encrypt™” provider.
The system will attempt to install a certificate for the “cpanel” service from the system SSL storage.
None of the certificates in the system SSL storage were acceptable to use for the “cpanel” service.
The system will attempt to get a new certificate for the domains: [NEW HOSTNAME], autoconfig.[NEW HOSTNAME], autodiscover.[NEW HOSTNAME], cpanel.[NEW HOSTNAME], cpcalendars.[NEW HOSTNAME], cpcontacts.[NEW HOSTNAME], ipv6.[NEW HOSTNAME], mail.[NEW HOSTNAME], webdisk.[NEW HOSTNAME], webmail.[NEW HOSTNAME], whm.[NEW HOSTNAME], www.[NEW HOSTNAME], [OLD HOSTNAME], autoconfig.[OLD HOSTNAME], autodiscover.[OLD HOSTNAME], cpanel.[OLD HOSTNAME], cpcalendars.[OLD HOSTNAME], cpcontacts.[OLD HOSTNAME], ipv6.[OLD HOSTNAME], mail.[OLD HOSTNAME], webdisk.[OLD HOSTNAME], webmail.[OLD HOSTNAME], whm.[OLD HOSTNAME], www.[OLD HOSTNAME]
This is causing the SSL generation to fail with
The system failed to validate domain control for the domain “[OLD HOSTNAME]” using the “HTTP” DCV method: 400 urn:ietf:params:acme:error:dns (There was a problem with a DNS query) (DNS problem: NXDOMAIN looking up A for [OLD HOSTNAME] - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for [OLD HOSTNAME] - check that a DNS record exists for this domain)
finishing with checkallsslcerts crashing:
Cpanel::DnsUtils::Install::Processor:678: There is no zone file on this system that can contain “_acme-challenge.webmail.[OLD HOSTNAME].”.
Cpanel::DnsUtils::Install::Processor:678: There is no zone file on this system that can contain “_acme-challenge.autodiscover.[OLD HOSTNAME].”.
Cpanel::DnsUtils::Install::Processor:678: There is no zone file on this system that can contain “_acme-challenge.webdisk.[OLD HOSTNAME].”.
(_acme-challenge.autoconfig.[OLD HOSTNAME]): [FAIL:missing zone]
(_acme-challenge.autodiscover.[OLD HOSTNAME]): [FAIL:missing zone]
(_acme-challenge.cpanel.[OLD HOSTNAME]): [FAIL:missing zone]
(_acme-challenge.cpcalendars.[OLD HOSTNAME]): [FAIL:missing zone]
(_acme-challenge.cpcontacts.[OLD HOSTNAME]): [FAIL:missing zone]
(_acme-challenge.ipv6.[OLD HOSTNAME]): [FAIL:missing zone]
(_acme-challenge.mail.[OLD HOSTNAME]): [FAIL:missing zone]
(_acme-challenge.webdisk.[OLD HOSTNAME]): [FAIL:missing zone]
(_acme-challenge.webmail.[OLD HOSTNAME]): [FAIL:missing zone]
(_acme-challenge.whm.[OLD HOSTNAME]): [FAIL:missing zone]
(_acme-challenge.www.[OLD HOSTNAME]): [FAIL:missing zone] at /usr/local/cpanel/Cpanel/DnsUtils/Batch.pm line 258.
I've run "grep [old hostname] /etc/* -r" and "grep [old hostname] /var/cpanel -r" and the only mentions of the old hostname (which was changed over a year ago) are in:
- /var/cpanel/analytics/data/system_config_at_install.json
- /var/cpanel/ssl/mail_apns/{mail_apns-CN,mail_apns-DOMAINS,mail_apns-CRTINFO}
- /var/cpanel/ssl/cpanel/mycpanel.pem.cache
- /var/cpanel/ssl/ftp/pure-ftpd.pem.cache
- /var/cpanel/ssl/{ftp-CN,ftp-DOMAINS,ftp-CRTINFO}
- /var/cpanel/ssl/dovecot/mydovecot.crt.cache
- /var/cpanel/ssl/system/certs/ec-[NEW HOSTNAME]-[serial].crt.cache
- /var/cpanel/ssl/system/certs/[OLD HOSTNAME]-[serial].crt.cache
- /var/cpanel/ssl/system/ssl.db
- /var/cpanel/ssl/system/ssl.db.cache
- /var/cpanel/ssl/exim/myexim.crt.cache
- /var/cpanel/authn/client_config/openid_connect/cpanelid
- /var/cpanel/user_notifications/root/history/*
- /var/cpanel/hostname_history.json (which shows 20th August 2022 as the date change)
The only file I would expect to make a difference would be /var/cpanel/ssl/system/ssl.db , but I don't know where that is being built from.
`hostname`, WHM etc all report the correct NEW HOSTNAME (which was changed via WHM originally). I have tried restarting cpsrvd without it changing things. I've ensured an "A entry for the hostname" is set.
I've had no problems until this most recent renewal (when I suspect the certificate being issued switched to Lets Encrypt).
Annoyingly, I've now hit Let's Encrypt's rate limit
429 urn:ietf:params:acme:error:rateLimited (The request exceeds a rate limit) (Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/failed-validation-limit/) at bin/checkallsslcerts.pl line 691
so apart from saying it is still including the old hostname, I can't run "checkallsllcerts -verbose".
Has anybody got any ideas where the h*ll the server is getting the old invalid hostname from and how to give the server a dose of amnesia?
[note: It seems similar to https://support.cpanel.net/hc/en-us/community/posts/19162794614167-Phantom-Hostname , would it be possible to make public the fix or is it caused by https://support.cpanel.net/hc/en-us/articles/22913165191575-checkallsslcerts-LetsEncrypt-error-if-DNS-Zone-is-not-present-for-the-hostname ?]
-
Hey hey! Have you tried the details here? https://support.cpanel.net/hc/en-us/articles/5208055750039-Old-hostname-shows-up-in-new-hostname-certificates
0 -
Brilliant - thanks cPRex : I did think /var/cpanel/hostname_history.json was just a log file - I wasn't actually expecting it to be consulted during the checkallsslcerts command.
0 -
I'm glad that's all it took!
0 -
Hi!!! I have the same problem (for a while), and I've tried everything with no success. In my case, the file is not available: ‘/var/cpanel/hostname_history.json’: No such file or directory
Any other options? Thanks :)
I got these errors when "/usr/local/cpanel/bin/checkallsslcerts" :
The system will check for the certificate for the “cpanel” service.
The system will attempt to replace the self-signed certificate for the “cpanel” service with a signed certificate from the “Let’s Encrypt™” provider.
The system will attempt to install a certificate for the “cpanel” service from the system SSL storage.
None of the certificates in the system SSL storage were acceptable to use for the “cpanel” service.
The system will attempt to get a new certificate for the domains: vps-3ad4caef.vps.ovh.net, autoconfig.vps-3ad4caef.vps.ovh.net, autodiscover.vps-3ad4caef.vps.ovh.net, cpanel.vps-3ad4caef.vps.ovh.net, cpcalendars.vps-3ad4caef.vps.ovh.net, cpcontacts.vps-3ad4caef.vps.ovh.net, ipv6.vps-3ad4caef.vps.ovh.net, mail.vps-3ad4caef.vps.ovh.net, webdisk.vps-3ad4caef.vps.ovh.net, webmail.vps-3ad4caef.vps.ovh.net, whm.vps-3ad4caef.vps.ovh.net, www.vps-3ad4caef.vps.ovh.net
The system failed to validate domain control for the domain “autoconfig.vps-3ad4caef.vps.ovh.net” using the “HTTP” DCV method: 400 urn:ietf:params:acme:error:dns (There was a problem with a DNS query) (DNS problem: NXDOMAIN looking up A for autoconfig.vps-3ad4caef.vps.ovh.net - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for autoconfig.vps-3ad4caef.vps.ovh.net - check that a DNS record exists for this domain)
The system failed to validate domain control for the domain “cpcontacts.vps-3ad4caef.vps.ovh.net” using the “HTTP” DCV method: 400 urn:ietf:params:acme:error:dns (There was a problem with a DNS query) (DNS problem: NXDOMAIN looking up A for cpcontacts.vps-3ad4caef.vps.ovh.net - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for cpcontacts.vps-3ad4caef.vps.ovh.net - check that a DNS record exists for this domain)
The system failed to validate domain control for the domain “webdisk.vps-3ad4caef.vps.ovh.net” using the “HTTP” DCV method: 400 urn:ietf:params:acme:error:dns (There was a problem with a DNS query) (DNS problem: NXDOMAIN looking up A for webdisk.vps-3ad4caef.vps.ovh.net - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for webdisk.vps-3ad4caef.vps.ovh.net - check that a DNS record exists for this domain)
The system failed to validate domain control for the domain “mail.vps-3ad4caef.vps.ovh.net” using the “HTTP” DCV method: 400 urn:ietf:params:acme:error:dns (Therewas a problem with a DNS query) (DNS problem: NXDOMAIN looking up A for mail.vps-3ad4caef.vps.ovh.net - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for mail.vps-3ad4caef.vps.ovh.net - check that a DNS record exists for this domain)
The system failed to validate domain control for the domain “ipv6.vps-3ad4caef.vps.ovh.net” using the “HTTP” DCV method: 400 urn:ietf:params:acme:error:dns (Therewas a problem with a DNS query) (DNS problem: NXDOMAIN looking up A for ipv6.vps-3ad4caef.vps.ovh.net - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for ipv6.vps-3ad4caef.vps.ovh.net - check that a DNS record exists for this domain)
The system failed to validate domain control for the domain “whm.vps-3ad4caef.vps.ovh.net” using the “HTTP” DCV method: 400 urn:ietf:params:acme:error:dns (There was a problem with a DNS query) (DNS problem: NXDOMAIN looking up A for whm.vps-3ad4caef.vps.ovh.net - check that a DNS record exists for this domain; DNS problem:NXDOMAIN looking up AAAA for whm.vps-3ad4caef.vps.ovh.net - check that a DNS record exists for this domain)
The system failed to validate domain control for the domain “autodiscover.vps-3ad4caef.vps.ovh.net” using the “HTTP” DCV method: 400 urn:ietf:params:acme:error:dns (There was a problem with a DNS query) (DNS problem: NXDOMAIN looking up A for autodiscover.vps-3ad4caef.vps.ovh.net - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for autodiscover.vps-3ad4caef.vps.ovh.net - check that a DNS record exists for this domain)
The system failed to validate domain control for the domain “www.vps-3ad4caef.vps.ovh.net” using the “HTTP” DCV method: 400 urn:ietf:params:acme:error:dns (There was a problem with a DNS query) (DNS problem: NXDOMAIN looking up A for www.vps-3ad4caef.vps.ovh.net - check that a DNS record exists for this domain; DNS problem:NXDOMAIN looking up AAAA for www.vps-3ad4caef.vps.ovh.net - check that a DNS record exists for this domain)
The system failed to validate domain control for the domain “cpanel.vps-3ad4caef.vps.ovh.net” using the “HTTP” DCV method: 400 urn:ietf:params:acme:error:dns (There was a problem with a DNS query) (DNS problem: NXDOMAIN looking up A for cpanel.vps-3ad4caef.vps.ovh.net - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for cpanel.vps-3ad4caef.vps.ovh.net - check that a DNS record exists for this domain)
The system failed to validate domain control for the domain “cpcalendars.vps-3ad4caef.vps.ovh.net” using the “HTTP” DCV method: 400 urn:ietf:params:acme:error:dns(There was a problem with a DNS query) (DNS problem: NXDOMAIN looking up A for cpcalendars.vps-3ad4caef.vps.ovh.net - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for cpcalendars.vps-3ad4caef.vps.ovh.net - check that a DNS record exists for this domain)
The system failed to validate domain control for the domain “webmail.vps-3ad4caef.vps.ovh.net” using the “HTTP” DCV method: 400 urn:ietf:params:acme:error:dns (There was a problem with a DNS query) (DNS problem: NXDOMAIN looking up A for webmail.vps-3ad4caef.vps.ovh.net - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for webmail.vps-3ad4caef.vps.ovh.net - check that a DNS record exists for this domain)
warn [checkallsslcerts] Cpanel::DnsUtils::Install::Processor::_add_error: There is no zone file on this system that can contain “_acme-challenge.cpanel.vps-3ad4caef.vps.ovh.net.”.
warn [checkallsslcerts] Cpanel::DnsUtils::Install::Processor::_add_error: There is no zone file on this system that can contain “_acme-challenge.whm.vps-3ad4caef.vps.ovh.net.”.
warn [checkallsslcerts] Cpanel::DnsUtils::Install::Processor::_add_error: There is no zone file on this system that can contain “_acme-challenge.mail.vps-3ad4caef.vps.ovh.net.”.
warn [checkallsslcerts] Cpanel::DnsUtils::Install::Processor::_add_error: There is no zone file on this system that can contain “_acme-challenge.www.vps-3ad4caef.vps.ovh.net.”.
warn [checkallsslcerts] Cpanel::DnsUtils::Install::Processor::_add_error: There is no zone file on this system that can contain “_acme-challenge.autoconfig.vps-3ad4caef.vps.ovh.net.”.
warn [checkallsslcerts] Cpanel::DnsUtils::Install::Processor::_add_error: There is no zone file on this system that can contain “_acme-challenge.ipv6.vps-3ad4caef.vps.ovh.net.”.
warn [checkallsslcerts] Cpanel::DnsUtils::Install::Processor::_add_error: There is no zone file on this system that can contain “_acme-challenge.cpcontacts.vps-3ad4caef.vps.ovh.net.”.
warn [checkallsslcerts] Cpanel::DnsUtils::Install::Processor::_add_error: There is no zone file on this system that can contain “_acme-challenge.webdisk.vps-3ad4caef.vps.ovh.net.”.
warn [checkallsslcerts] Cpanel::DnsUtils::Install::Processor::_add_error: There is no zone file on this system that can contain “_acme-challenge.cpcalendars.vps-3ad4caef.vps.ovh.net.”.
warn [checkallsslcerts] Cpanel::DnsUtils::Install::Processor::_add_error: There is no zone file on this system that can contain “_acme-challenge.webmail.vps-3ad4caef.vps.ovh.net.”.
warn [checkallsslcerts] Cpanel::DnsUtils::Install::Processor::_add_error: There is no zone file on this system that can contain “_acme-challenge.autodiscover.vps-3ad4caef.vps.ovh.net.”.
Cpanel::DnsUtils::Install::Processor:678: There is no zone file on this system that can contain “_acme-challenge.cpanel.vps-3ad4caef.vps.ovh.net.”.
Cpanel::DnsUtils::Install::Processor:678: There is no zone file on this system that can contain “_acme-challenge.whm.vps-3ad4caef.vps.ovh.net.”.
Cpanel::DnsUtils::Install::Processor:678: There is no zone file on this system that can contain “_acme-challenge.mail.vps-3ad4caef.vps.ovh.net.”.
Cpanel::DnsUtils::Install::Processor:678: There is no zone file on this system that can contain “_acme-challenge.www.vps-3ad4caef.vps.ovh.net.”.
Cpanel::DnsUtils::Install::Processor:678: There is no zone file on this system that can contain “_acme-challenge.autoconfig.vps-3ad4caef.vps.ovh.net.”.
Cpanel::DnsUtils::Install::Processor:678: There is no zone file on this system that can contain “_acme-challenge.ipv6.vps-3ad4caef.vps.ovh.net.”.
Cpanel::DnsUtils::Install::Processor:678: There is no zone file on this system that can contain “_acme-challenge.cpcontacts.vps-3ad4caef.vps.ovh.net.”.
Cpanel::DnsUtils::Install::Processor:678: There is no zone file on this system that can contain “_acme-challenge.webdisk.vps-3ad4caef.vps.ovh.net.”.
Cpanel::DnsUtils::Install::Processor:678: There is no zone file on this system that can contain “_acme-challenge.cpcalendars.vps-3ad4caef.vps.ovh.net.”.
Cpanel::DnsUtils::Install::Processor:678: There is no zone file on this system that can contain “_acme-challenge.webmail.vps-3ad4caef.vps.ovh.net.”.
Cpanel::DnsUtils::Install::Processor:678: There is no zone file on this system that can contain “_acme-challenge.autodiscover.vps-3ad4caef.vps.ovh.net.”.
(_acme-challenge.autoconfig.vps-3ad4caef.vps.ovh.net): [FAIL:missing zone]
(_acme-challenge.autodiscover.vps-3ad4caef.vps.ovh.net): [FAIL:missing zone]
(_acme-challenge.cpanel.vps-3ad4caef.vps.ovh.net): [FAIL:missing zone]
(_acme-challenge.cpcalendars.vps-3ad4caef.vps.ovh.net): [FAIL:missing zone]
(_acme-challenge.cpcontacts.vps-3ad4caef.vps.ovh.net): [FAIL:missing zone]
(_acme-challenge.ipv6.vps-3ad4caef.vps.ovh.net): [FAIL:missing zone]
(_acme-challenge.mail.vps-3ad4caef.vps.ovh.net): [FAIL:missing zone]
(_acme-challenge.webdisk.vps-3ad4caef.vps.ovh.net): [FAIL:missing zone]
(_acme-challenge.webmail.vps-3ad4caef.vps.ovh.net): [FAIL:missing zone]
(_acme-challenge.whm.vps-3ad4caef.vps.ovh.net): [FAIL:missing zone]
(_acme-challenge.www.vps-3ad4caef.vps.ovh.net): [FAIL:missing zone] at /usr/local/cpanel/Cpanel/DnsUtils/Batch.pm line 258.0 -
I only see one hostname being checked in that output. That looks like a default hostname your provider would have configured when the server was initially created, so you may need to reach out to OVH to see if that is configured in another area of the system.
0 -
Thanks a lot for your response, I will check with OVH. If something comes up, I'll share (to help anyone with the same problem). Thanks a lot.
0 -
Sure thing!
0
Please sign in to leave a comment.
Comments
7 comments