SOLVED cPanel Service SSL Certificate Warnings with Nginx

[Nile Youth]

Hello I have got this warning from My Server

The system failed to acquire a signed certificate from the cPanel Store because of the following error: Neither HTTP nor DNS DCV preflight checks succeeded!

I try to tun the script : /usr/local/cpanel/bin/checkallsslcerts

& I got this:

The system will check for the certificate for the “cpanel” service.
The system will attempt to verify that the certificate for the “cpanel” service is still valid using OCSP (Online Certificate Status Protocol).
The “cpanel” service’s current certificate comes with the server’s cPanel license. This certificate expires in less than 25 days. The system will attempt to renew and install a new certificate to the “cpanel” service and any other services that use the old certificate.
The system will attempt to install a certificate for the “cpanel” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “cpanel” service.
The system will attempt to install a certificate for the “cpanel” service from the cPanel store.
Received error “X::NoCertificate” from cPanel Store; requesting new certificate …
Setting up HTTP DCV (/var/www/html/.well-known/pki-validation/254EDC5C2E35AE8EA4AAAC8EE446A48A.txt) …
… complete.
Setting up DNS DCV (CNAME _254edc5c2e35ae8ea4aaac8ee446a48a.main.nileyouth.net) …
… complete.
Attempting DNS DCV preflight check …
FAILED: The DNS DCV check (_254edc5c2e35ae8ea4aaac8ee446a48a.main.nileyouth.net IN CNAME) did not return the expected value (947157153fe2fc87e6c90d6eb51d2ddb.ac9b3bb8abffcfc1cfa94dbbf2bd2d0d.comodoca.com).
Attempting HTTP DCV preflight check …
FAILED: Cpanel::Exception/(XID ww3kt4) The system queried for a temporary file at “http://main.nileyouth.net/.well-known/pki-validation/254EDC5C2E35AE8EA4AAAC8EE446A48A.txt”, but the web server responded with the following error: 404 (Not Found). A DNS (Domain Name System) or web server misconfiguration may exist.
at /usr/local/cpanel/Cpanel/SSL/DCV.pm line 386.
Cpanel::SSL::DCV::__ANON__(Cpanel::Exception::HTTP::Server=HASH(0x4014310)) called at /usr/local/cpanel/3rdparty/perl/528/lib/perl5/cpanel_lib/Try/Tiny.pm line 118
Try::Tiny::try(CODE(0x3ff6c80), Try::Tiny::Catch=REF(0x3a70448)) called at /usr/local/cpanel/Cpanel/SSL/DCV.pm line 446
Cpanel::SSL::DCV::_verify_http("http://main.nileyouth.net/.well-known/pki-validation/254EDC5C"..., "947157153fe2fc87e6c90d6eb51d2ddbac9b3bb8abffcfc1cfa94dbbf2bd2"..., "COMODO DCV") called at /usr/local/cpanel/Cpanel/SSL/DCV.pm line 284
Cpanel::SSL::DCV::verify_http("http://main.nileyouth.net/.well-known/pki-validation/254EDC5C"..., "947157153fe2fc87e6c90d6eb51d2ddbac9b3bb8abffcfc1cfa94dbbf2bd2"..., "COMODO DCV") called at /usr/local/cpanel/Cpanel/Market/Provider/cPStore/Utils.pm line 88
Cpanel::Market::Provider::cPStore::Utils::imitate_http_dcv_check_locally("main.nileyouth.net", ".well-known/pki-validation/254EDC5C2E35AE8EA4AAAC8EE446A48A.txt", "947157153fe2fc87e6c90d6eb51d2ddbac9b3bb8abffcfc1cfa94dbbf2bd2"...) called at /usr/local/cpanel/Cpanel/cPStore/HostnameCert/DCV.pm line 193
eval {...} called at /usr/local/cpanel/Cpanel/cPStore/HostnameCert/DCV.pm line 189
Cpanel::cPStore::HostnameCert::DCV::set_up("-----BEGIN CERTIFICATE REQUEST-----\x{a}MIICkjCCAXoCAQAwHTEbMBkGA"...) called at /usr/local/cpanel/Cpanel/cPStore/HostnameCert.pm line 159
Cpanel::cPStore::HostnameCert::_request_new_certificate(Cpanel::cPStore::HostnameCert=HASH(0x3620cb8)) called at /usr/local/cpanel/Cpanel/cPStore/HostnameCert.pm line 129
Cpanel::cPStore::HostnameCert::get_hostname_cert_from_store(Cpanel::cPStore::HostnameCert=HASH(0x3620cb8)) called at bin/checkallsslcerts.pl line 528
bin::checkallsslcerts::_get_certificate_pem_from_store(bin::checkallsslcerts=HASH(0x2c93798)) called at bin/checkallsslcerts.pl line 450
bin::checkallsslcerts::__ANON__() called at /usr/local/cpanel/3rdparty/perl/528/lib/perl5/cpanel_lib/Try/Tiny.pm line 97
eval {...} called at /usr/local/cpanel/3rdparty/perl/528/lib/perl5/cpanel_lib/Try/Tiny.pm line 88
Try::Tiny::try(CODE(0x31a9be8), Try::Tiny::Catch=REF(0x2f76b18)) called at bin/checkallsslcerts.pl line 454
bin::checkallsslcerts::_replace_cert_with_ca_signed_cert_from_cpstore(bin::checkallsslcerts=HASH(0x2c93798), "cpanel") called at bin/checkallsslcerts.pl line 310
bin::checkallsslcerts::_check_notify_and_auto_renew_cert_for_service(bin::checkallsslcerts=HASH(0x2c93798), "cpanel") called at bin/checkallsslcerts.pl line 86
bin::checkallsslcerts::run(bin::checkallsslcerts=HASH(0x2c93798)) called at bin/checkallsslcerts.pl line 50
Undoing HTTP DCV setup …
… complete.
Undoing DNS DCV setup …
… complete.
[WARN] The system failed to acquire a signed certificate from the cPanel Store because of the following error: Neither HTTP nor DNS DCV preflight checks succeeded!

The system will check for the certificate for the “dovecot” service.
The system will attempt to verify that the certificate for the “dovecot” service is still valid using OCSP (Online Certificate Status Protocol).
The “dovecot” service’s current certificate comes with the server’s cPanel license. This certificate expires in less than 25 days. The system will attempt to renew and install a new certificate to the “dovecot” service and any other services that use the old certificate.
The system will attempt to install a certificate for the “dovecot” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “dovecot” service.
The system will check for the certificate for the “exim” service.
The system will attempt to verify that the certificate for the “exim” service is still valid using OCSP (Online Certificate Status Protocol).
The “exim” service’s current certificate comes with the server’s cPanel license. This certificate expires in less than 25 days. The system will attempt to renew and install a new certificate to the “exim” service and any other services that use the old certificate.
The system will attempt to install a certificate for the “exim” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “exim” service.
The system will check for the certificate for the “ftp” service.
The system will attempt to verify that the certificate for the “ftp” service is still valid using OCSP (Online Certificate Status Protocol).
The “ftp” service’s current certificate comes with the server’s cPanel license. This certificate expires in less than 25 days. The system will attempt to renew and install a new certificate to the “ftp” service and any other services that use the old certificate.
The system will attempt to install a certificate for the “ftp” service from the system ssl storage.
None of the certificates in the system ssl storage were acceptable to use for the “ftp” service.

Can any one help in this please ??
thanks everybody

 

[Nile Youth]

I have found the issue finally:

the custom_rules for Nginx I have put this value on it :

in

# === WHEN TO SPECIFY A DOMAIN IP ===

if ($host ~ "nileyouth.net") {
     set $PROXY_DOMAIN_OR_IP "5.9.49.88";
 }

When I Add the same for the Main Host name with the Other IP It solve the issue

Thanks for all

 

[cPanelMichael]

Hello @Nile Youth,

I'm glad to see you were able to solve the problem. Thank you for sharing the outcome.

 

[redhoney]

Hi,

I am facing the same issue. could your explain a bit in detail how & where should I add the custom_rule for nginx. thanks

 

[cPanelAnthony]

Hi,

I am facing the same issue. could your explain a bit in detail how & where should I add the custom_rule for nginx. thanks

Hello! This article might help.