Neither HTTP nor DNS DCV preflight checks succeeded

[Lillike]

Hello,

The following message received:

The following cPanel service generated warnings from the checkallsslcerts script.

cpanel​

The system failed to acquire a signed certificate from the cPanel Store because of the following error: Neither HTTP nor DNS DCV preflight checks succeeded!


AutoSSL checked: AutoSSL run.

The system has finished checking all users.

12:45:03 PM Analyzing … 12:45:03 PM SUCCESS TLS Status: OK

VPS:

• CENTOS 6.10 virtuozzo

• v78.0.15

Please, advice.

 

[cPanelMichael]

Hello @Lillike,

Can you review this post and verify if the workaround helps?

Thank you.

 

[Lillike]

Hi Michael,

Thanks for your answer.

I tried to configure ipv6.

/etc/sysconfig/network: NETWOTKING_IPV6=yes

/etc/sysconfig/network-scripts/ifcfg-eth0:

added IPV6address and default gateway: :::ff:::

after server restarted

But

root@ip-192-xxx-xxx [/]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:1....
inet addr:192.xxxx Bcast:192.xxx Mask:255.xxx


Please, advice... Thanks.

 

[cPanelMichael]

Hello @Lillike,

There's no need to configure IPv6 address in order to address the issue reported on that thread. The issue reported on that thread occurs because the IPv6 virtual host isn't setup when the hostname resolves to an IPv6 address. Can you revert the change you made and instead open a support ticket so we can take a closer look to see why DCV is failing on your system? You can post the ticket number here and we'll link this thread to it.

Thank you.

 

[Lillike]

Hello @Lillike,

There's no need to configure IPv6 address in order to address the issue reported on that thread. The issue reported on that thread occurs because the IPv6 virtual host isn't setup when the hostname resolves to an IPv6 address. Can you revert the change you made and instead open a support ticket so we can take a closer look to see why DCV is failing on your system? You can post the ticket number here and we'll link this thread to it.

Thank you.

Thanks Michael.
My Support Request ID is: 11646629.

 

[cPanelMichael]

Hello @Lillike,

To update, it looks like this was the result of your license provider disabling the AutoSSL features on your server. Can you confirm if your AutoSSL questions have been addressed?

Thank you.

 

[Lillike]

Hello @Lillike,

To update, it looks like this was the result of your license provider disabling the AutoSSL features on your server. Can you confirm if your AutoSSL questions have been addressed?

Thank you.

Hi Michael,
To tell you the truth, I have already contacted with GoDaddy support (hosting provider) and the agent suggested me to turn off the notification - nothing else...

Naturally, all messages received every day.

 

[cPanelMichael]

Hello @Lillike,

I recommend contacting them again to request a verification about their policy regarding the use of AutoSSL on cPanel & WHM servers. Let me know the outcome, as if it's not permitted, then /scripts/checkallsslcerts should be able to detect that instead of reporting the precheck failure message.

Thank you.

 

[Lillike]

Hello @Lillike,

I recommend contacting them again to request a verification about their policy regarding the use of AutoSSL on cPanel & WHM servers. Let me know the outcome, as if it's not permitted, then /scripts/checkallsslcerts should be able to detect that instead of reporting the precheck failure message.

Thank you.

Hello Michael,

I have already contacted with my hosting provider. So Let's Encrypt offered as 3-party SSL.
I can see the following on their homepage:
We recommend that most people with shell access use the Certbot ACME client. It can automate certificate issuance and installation with no downtime.


And the following article/post can be found:
You must not run Certbot on cPanel. It is not compatible and can very badly screw up your virtual hosts.
Which folder to install Cerbot on a Virtual Private Server(VPS)?

Please, advice. Thanks.

 

[cPanelMichael]

Hello @Lillike,

We provide a Let's Encrypt plugin as part of the AutoSSL feature only. If your license provider is not allowing AutoSSL certificates, then you'd have to explore setting up a third-party solution such as certbot. This third-party utility isn't something that we test with on cPanel & WHM so it's not recommended unless you're an experienced system administrator with the capacity to test the implementation on a non-production server. Additionally, keep in mind that you'd have to manually generate all certificates (or setup a custom script to generate them automatically) and it won't integrate with any of the AutoSSL features in cPanel or Web Host Manager.

Thank you.

 

[Nirraymond]

My server has the same issue and I still couldn't find a solution yet.

 

[Michael569]

My server has the same issue and I still couldn't find a solution yet.

I found a solution reading the above link ( SOLVED - How to fix preflight checks failure? )
as i run mine through cloudflare, what i did was:
-we will use example
Server1.Example.com <---- VPS hostname (where you would connect on port 2087)
255.255.255.01 as VPS hostname ip
1. go to my main domain(that i use/selected as main for WHM)
2. go to the DNS section
3. add an A record with Server1.Example.com and 255.255.255.01
save and done

 

[Michael-Inet]

The below may or may not help (it seemed to at first).

Ref: Ticket #93504007 [in process]

Best,
Michael

I found a solution reading the above link ( SOLVED - How to fix preflight checks failure? )
as i run mine through cloudflare, what i did was:
-we will use example
Server1.Example.com <---- VPS hostname (where you would connect on port 2087)
255.255.255.01 as VPS hostname ip
1. go to my main domain(that i use/selected as main for WHM)
2. go to the DNS section
3. add an A record with Server1.Example.com and 255.255.255.01
save and done

Hi Michael,

Would you be so kind as to cat the .db record and paste it here? DNSOnly boxes do not have the GUI interface you've referenced, but we can manually add it to bind.

# cat /var/named/Server1.Example.com.db

Change out what you need to for privacy

With that we can build a similar record for DNSOnly boxes and add the two zone entries to /etc/named.conf

*) Add Server1.Example.com.db to /var/named
*) chown named:named Server1.Example.com.db

*) Make a backup of /etc/named.conf
*) Change for your setup and add this to both the view "internal" and view "external" sections of /etc/named.conf

zone "Server1.Example.com" {
        type master;
        file "/var/named/Server1.Example.com.db";
};

*) restart bind

# systemctl enable named
# systemctl start named
# systemctl status named
# systemctl restart named