I have AutoSSL enabled in WHM and set up to use Let’s Encrypt. At the moment things are not working and I am getting an error like this in the log:
WARN Local HTTP DCV error (example.com): An internal error occurred. Check the system log. (XID: xnek22)
Does anyone have any idea where the “system log” is? The error tells me little to nothing about what happened and “Check the system log” is equally vague.
And I am on the Logs tab. I click the most recent log and view log and there’s something like this (domain name replaced):
12:37:08 PM Performing DCV (Domain Control Validation) …
WARN Local HTTP DCV error (example.com): An internal error occurred. Check the system log. (XID: q2k795)
WARN Local HTTP DCV error (www.example.com): An internal error occurred. Check the system log. (XID: fggrv8)
12:37:15 PM ERROR Local DNS DCV error (example.com): The DNS query to “_cpanel-dcv-test-record.example.com” for the DCV challenge returned no “TXT” record that matches the value “_cpanel-dcv-test-record=5bNVtdyIJM8u954mQJuV6UlG0jJ8iJLVcNTMsvcXMzpBq4S1jSJ__0PCBegqLUdH”.
ERROR Local DNS DCV error (www.example.com): The DNS query to “_cpanel-dcv-test-record.example.com” for the DCV challenge returned no “TXT” record that matches the value “_cpanel-dcv-test-record=5bNVtdyIJM8u954mQJuV6UlG0jJ8iJLVcNTMsvcXMzpBq4S1jSJ__0PCBegqLUdH”.
Analyzing “example.com”’s DCV results …
12:37:15 PM ERROR Impediment: TOTAL_DCV_FAILURE: Every domain failed DCV.
12:37:15 PM The system has completed the AutoSSL check for “example”.
DNS DCV is not going to work because the DNS is not hosted through WHM or cPanel. So I need to use HTTP DCV but I am not understanding where to find out more about this error or why HTTP DCV is failing.
The DNS query to “_cpanel-dcv-test-record.example.com” for the DCV challenge returned no “TXT” record that matches the value “_cpanel-dcv-test-record=5bNVtdyIJM8u954mQJuV6UlG0jJ8iJLVcNTMsvcXMzpBq4S1jSJ__0PCBegqLUdH”.
looks like cPanel creates an own dns - test record to do some checks. And this doesn't work if the DNS is hosted somewhere else.
Is there an update?
Or is it possible to skip this test? I don't use cPanel
If not, looks like you have to use http-01 - validation
In cPanel & WHM version 74, we added DNS-based Domain Control Validation (DCV), which the server automatically runs if HTTP-based DCV fails. DNS-based DCV provides an additional method for cPanel & WHM servers to prove domain control to certificate authorities. This new method will significantly improve SSL issuance rates and reduce AutoSSL notifications.
The real issue at hand is the HTTP DCV is failing. I think I could figure this out if I knew what "Check the system log" was referring to.
You are correct! There was a redirect in place to send all traffic to https. I’m not sure why this is an issue since I use certbot on other servers where a similar redirect is in place and causes no issues. In this case it does. Shrug.
For the sake of any future googlers who come here looking for answers, I added the following just before my ssl redirect (which is being handled by mod_rewrite) and this took care of the issue: