New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Auto SSL error when engintron is enabled #675
Comments
That's because you have redirection enabled and htaccess login control for https://purple.intersite.us:2078/.well-known/pki-validation/8F1264A8A519054BF23B1E328957443D.txt - just click that link and you'll see. All subdomains for zonesh.net redirect back to port 2078. That's not even Engintron (which runs on port 80 & 443), that's purely cPanel's webserver. Remove the redirections from Tweak Settings in WHM. |
will give it a ry |
those are redirecting all subdomains of clients to cPanel Main hostname. which make the problem with SSL. (Got this output when Proxy subdomains was OFF)
So should we remove those or turn off "Proxy subdomains" ?! Tried to turn off Proxy subdomains but nginx was redirecting them again. after removing that what i said they doesn't redirect anymore but i'm having another problem. cPanel is failing for
also i got the same output on apache port.. |
When you disable proxy subdomain creation, the proxy subdomains that are already there are not removed I think. And why would you want to remove them? Your customers use them... I think it's the custom templates nginx has put in place that may be causing an issue with the verification of SSL certificates. Specifically the template [ /var/cpanel/templates/apache2_4/ea4_main.local ]. It would need to be updated to include the following:
|
However, you should modify one of the include files, perhaps @fevangelou can help here... |
im have the same problem in cpanel, oly work ssl if im disable the engitron. |
I too am seeing this issue, any updates? |
For me, the main domain, www, and subdomain is work smooth.
@Friends4U, where should I put those rewrite rule? |
Same problems here. |
I have the same problem as well, on the subdomains, cpanel, webdisk, and webmail.. they all fail auto ssl. |
I have the same problem, cpanel, webdisk, webmail and autodiscover subdomains fail auto ssl. |
@fevangelou it appears quite a few people need this functionality and are struggling with the subdomains cpanel, webdisk, webmail etc. including myself. We can't just turn this feature off in WHM as we actually need them. Is there anything you can do to help eliminate the error messages? Here's an example of the error I'm getting (I've replaced the domain name and file name in this error for security): "The system failed to fetch the DCV (Domain Control Validation) file at “http://cpanel.domain.com/.well-known/pki-validation/XXXXXXXXXXXXXXXXXXXXXX.txt” because of an error: The system failed to send an HTTP (Hypertext Transfer Protocol) “GET” request to “http://cpanel.domain.com/.well-known/pki-validation/XXXXXXXXXXXXXXXXXXXXXX.txt” because of an error: Size of response body exceeds the maximum allowed of 16384" |
have exactly same problem.. it helps when I turn off engintron.. |
We are experiencing the same problem but only with auto-discover. I am guessing the entries for auto-discover haven't been added to the latest version of Engintron? |
cPanel 70.0.5 should fix this. https://documentation.cpanel.net/display/CL/70+Change+Log |
@apocas - Issue still remains on cPanel 70.0.10. |
Hi im solved im my cpanel. Update to easyapache4 ans update reisntall
engitron.
cpanel v 7.012 easyapache4
*Enrique Herrero*
*21988012676*
013 Conecte Estúdio Design Ltda - Todos os direitos reservados. Este email
e seus anexos estão protegidos pela Lei 9.610 de 19 de fevereiro de 1998
não podendo ser copiado, editado, alterado ou mesmo manipulado por pessoa
não autorizada pela Conecte Estúdio Design Ltda sob pena de violação de
direitos autorais. Esta mensagem, incluindo seus anexos, pode conter
informações privilegiadas e/ou de caráter confidencial, nao podendo ser
retransmitida sem autorizacao do remetente. Se você não e o destinatário ou
pessoa autorizada a recebe-la, informamos que o seu uso, divulgação, cópia
ou arquivamento são proibidos. Portanto, se você recebeu esta mensagem por
engano, por favor, nos informe respondendo imediatamente a este e-mail e em
seguida apague-a.
2018-02-10 18:49 GMT-02:00 teenhype902102 <notifications@github.com>:
… @apocas <https://github.com/apocas> - Issue still remains on cPanel
70.0.10.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#675 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AgB6dUqO9m25Ueu6g7L97rQWachsQzYtks5tTgDmgaJpZM4QKTer>
.
|
@herrerogarcia - no luck for me, even with easyapache4 and reinstalling engintron =/ |
@fevangelou - any thoughts? |
This is not an Engintron issue, it's a cPanel issue. A subdomain in the form cpanel.domain.tld points to a part in the disk that has nothing to do with the actual domain, that's why the validation fails. |
Well, it's a tradeoff then. I can't fix every implementation. And Engintron's Nginx probably has the best reverse caching proxy configuration for a long time now. But it can't do miracles. I explained the reason above. I don't know why it works with Nginx off and not when it's enabled. I mean, Nginx does not modify the routing. |
My version its 7.012 of cpanel.
*Enrique Herrero*
*21988012676*
013 Conecte Estúdio Design Ltda - Todos os direitos reservados. Este email
e seus anexos estão protegidos pela Lei 9.610 de 19 de fevereiro de 1998
não podendo ser copiado, editado, alterado ou mesmo manipulado por pessoa
não autorizada pela Conecte Estúdio Design Ltda sob pena de violação de
direitos autorais. Esta mensagem, incluindo seus anexos, pode conter
informações privilegiadas e/ou de caráter confidencial, nao podendo ser
retransmitida sem autorizacao do remetente. Se você não e o destinatário ou
pessoa autorizada a recebe-la, informamos que o seu uso, divulgação, cópia
ou arquivamento são proibidos. Portanto, se você recebeu esta mensagem por
engano, por favor, nos informe respondendo imediatamente a este e-mail e em
seguida apague-a.
2018-02-22 12:53 GMT-03:00 teenhype902102 <notifications@github.com>:
… @herrerogarcia <https://github.com/herrerogarcia> - no luck for me, even
with easyapache4 and reinstalling engintron =/
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#675 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AgB6daz3Zi1bAFEdzL8Se_T7Uh0qnJF3ks5tXY2GgaJpZM4QKTer>
.
|
# THE SOLUTION! |
Log for the AutoSSL run for “zoneshne”: Sunday, October 29, 2017 6:07:43 PM GMT+05-30 (cPanel (powered by Comodo))
6:07:43 PM This system has AutoSSL set to use “cPanel (powered by Comodo)”.
6:07:43 PM Checking websites for “zoneshne” …
6:07:43 PM WARN The certificate for the website “zonesh.net” will not contain the domains “zonesh.net”, “www.zonesh.net”, and “mail.zonesh.net” because the current configuration excludes these domains. at /usr/local/cpanel/Cpanel/SSL/Auto/Report.pm line 134.
6:07:43 PM The website “zonesh.net”, owned by “zoneshne”, has no SSL certificate. AutoSSL will attempt to obtain a new certificate and install it.
6:07:43 PM WARN The domain “cpanel.zonesh.net” failed domain control validation: The system failed to fetch the DCV file at “http://cpanel.zonesh.net/.well-known/pki-validation/D200348724F1615B7BC5A54627C42531.txt” because of an error: The system failed to send an HTTP “GET” request to “http://cpanel.zonesh.net/.well-known/pki-validation/D200348724F1615B7BC5A54627C42531.txt” because of an error: Size of response body exceeds the maximum allowed of 16384 .
6:07:43 PM WARN The domain “webdisk.zonesh.net” failed domain control validation: The system queried for a temporary file at “https://purple.intersite.us:2078/.well-known/pki-validation/8F1264A8A519054BF23B1E328957443D.txt”, which was redirected from “http://webdisk.zonesh.net/.well-known/pki-validation/8F1264A8A519054BF23B1E328957443D.txt”. The web server responded with the following error: 401 (Unauthorized). A DNS or web server misconfiguration may exist.
6:07:43 PM WARN The domain “webmail.zonesh.net” failed domain control validation: The system failed to fetch the DCV file at “http://webmail.zonesh.net/.well-known/pki-validation/2231B7C7FD1A2FCD1ABE0AC74E58ABA9.txt” because of an error: The system failed to send an HTTP “GET” request to “http://webmail.zonesh.net/.well-known/pki-validation/2231B7C7FD1A2FCD1ABE0AC74E58ABA9.txt” because of an error: Size of response body exceeds the maximum allowed of 16384 .
6:07:43 PM The system has completed the AutoSSL check for “zoneshne”.
================================================================
here is the complete log,
it only happens when engintron is enabled
The text was updated successfully, but these errors were encountered: