My domain is: host106.jikometrix.net
I ran this command: /usr/local/cpanel/bin/checkallsslcerts
It produced this output:
[root@host106 ~]# /usr/local/cpanel/bin/checkallsslcerts
The system will check for the certificate for the “cpanel” service.
The system will attempt to replace the self-signed certificate for the “cpanel” service with a signed certificate from the “Let’s Encrypt™” provider.
The system will attempt to install a certificate for the “cpanel” service from the system SSL storage.
None of the certificates in the system SSL storage were acceptable to use for the “cpanel” service.
The system will attempt to get a new certificate for the domains: autoconfig.host106.jikometrix.net, autoconfig.ns569334.ip-51-79-72.net, autodiscover.host106.jikometrix.net, autodiscover.ns569334.ip-51-79-72.net, cpanel.host106.jikometrix.net, cpanel.ns569334.ip-51-79-72.net, cpcalendars.host106.jikometrix.net, cpcalendars.ns569334.ip-51-79-72.net, cpcontacts.host106.jikometrix.net, cpcontacts.ns569334.ip-51-79-72.net, host106.jikometrix.net, ipv6.host106.jikometrix.net, ipv6.ns569334.ip-51-79-72.net, mail.host106.jikometrix.net, mail.ns569334.ip-51-79-72.net, ns569334.ip-51-79-72.net, webdisk.host106.jikometrix.net, webdisk.ns569334.ip-51-79-72.net, webmail.host106.jikometrix.net, webmail.ns569334.ip-51-79-72.net, whm.host106.jikometrix.net, whm.ns569334.ip-51-79-72.net, www.host106.jikometrix.net, www.ns569334.ip-51-79-72.net
The domain “autoconfig.ns569334.ip-51-79-72.net” is not suitable for HTTP DCV because the system did not find any A or AAAA records with a public IP address.
The domain “autodiscover.host106.jikometrix.net” is not suitable for HTTP DCV because the system did not find any A or AAAA records with a public IP address.
The domain “autodiscover.ns569334.ip-51-79-72.net” is not suitable for HTTP DCV because the system did not find any A or AAAA records with a public IP address.
The domain “cpanel.host106.jikometrix.net” is not suitable for HTTP DCV because the system did not find any A or AAAA records with a public IP address.
The domain “cpanel.ns569334.ip-51-79-72.net” is not suitable for HTTP DCV because the system did not find any A or AAAA records with a public IP address.
The domain “cpcalendars.host106.jikometrix.net” is not suitable for HTTP DCV because the system did not find any A or AAAA records with a public IP address.
The domain “cpcalendars.ns569334.ip-51-79-72.net” is not suitable for HTTP DCV because the system did not find any A or AAAA records with a publicIP address.
The domain “cpcontacts.host106.jikometrix.net” is not suitable for HTTP DCV because the system did not find any A or AAAA records with a public IPaddress.
The domain “cpcontacts.ns569334.ip-51-79-72.net” is not suitable for HTTP DCV because the system did not find any A or AAAA records with a public IP address.
The domain “ipv6.host106.jikometrix.net” is not suitable for HTTP DCV because the system did not find any A or AAAA records with a public IP address.
The domain “ipv6.ns569334.ip-51-79-72.net” is not suitable for HTTP DCV because the system did not find any A or AAAA records with a public IP address.
The domain “mail.host106.jikometrix.net” is not suitable for HTTP DCV because the system did not find any A or AAAA records with a public IP address.
The domain “mail.ns569334.ip-51-79-72.net” is not suitable for HTTP DCV because the system did not find any A or AAAA records with a public IP address.
The domain “webdisk.ns569334.ip-51-79-72.net” is not suitable for HTTP DCV because the system did not find any A or AAAA records with a public IP address.
The domain “webmail.host106.jikometrix.net” is not suitable for HTTP DCV because the system did not find any A or AAAA records with a public IP address.
The domain “webmail.ns569334.ip-51-79-72.net” is not suitable for HTTP DCV because the system did not find any A or AAAA records with a public IP address.
The domain “whm.host106.jikometrix.net” is not suitable for HTTP DCV because the system did not find any A or AAAA records with a public IP address.
The domain “whm.ns569334.ip-51-79-72.net” is not suitable for HTTP DCV because the system did not find any A or AAAA records with a public IP address.
The domain “www.host106.jikometrix.net” is not suitable for HTTP DCV because the system did not find any A or AAAA records with a public IP address.
The domain “www.ns569334.ip-51-79-72.net” is not suitable for HTTP DCV because the system did not find any A or AAAA records with a public IP address.
The system failed to validate domain control for the domain “host106.jikometrix.net” using the “HTTP” DCV method: 403 urn:ietf:params:acme:error:unauthorized (The client lacks sufficient authorization) (51.79.72.19: Invalid response from http://host106.jikometrix.net/.well-known/acme-challenge/Fu3sGfe8EwCfuRVp8s3bIREUDj1kMtZWdUX9E_-OOag: 404)
The system failed to validate domain control for the domain “ns569334.ip-51-79-72.net” using the “HTTP” DCV method: 403 urn:ietf:params:acme:error:unauthorized (The client lacks sufficient authorization) (51.79.72.19: Invalid response from http://ns569334.ip-51-79-72.net/.well-known/acme-challenge/WgnfES0Idt-XHBVuJRFN-ArtyXTRHOMxTZ41mRxz0Rg: 404)
The system failed to validate domain control for the domain “autoconfig.host106.jikometrix.net” using the “HTTP” DCV method: 403 urn:ietf:params:acme:error:unauthorized (The client lacks sufficient authorization) (51.79.72.19: Invalid response from http://autoconfig.host106.jikometrix.net/.well-known/acme-challenge/Lu3KC1cZLcm93A7nrs2QMsRKhsp4P4ThdSxUTPG77b0: 404)
The system failed to validate domain control for the domain “webdisk.host106.jikometrix.net” using the “HTTP” DCV method: 403 urn:ietf:params:acme:error:unauthorized (The client lacks sufficient authorization) (51.79.72.19: Invalid response from http://webdisk.host106.jikometrix.net/.well-known/acme-challenge/nqmNORTtCO4u1S9ik_1jOmJV1ZAODr9yjN0u-4s9Qpc: 400)
The domain “autoconfig.host106.jikometrix.net” is not suitable for DNS DCV because this system is not the authoritative nameserver.
The domain “autoconfig.ns569334.ip-51-79-72.net” is not suitable for DNS DCV because this system is not the authoritative nameserver.
The domain “autodiscover.host106.jikometrix.net” is not suitable for DNS DCV because this system is not the authoritative nameserver.
The domain “autodiscover.ns569334.ip-51-79-72.net” is not suitable for DNS DCV because this system is not the authoritative nameserver.
The domain “cpanel.host106.jikometrix.net” is not suitable for DNS DCV because this system is not the authoritative nameserver.
The domain “cpanel.ns569334.ip-51-79-72.net” is not suitable for DNS DCV because this system is not the authoritative nameserver.
The domain “cpcalendars.host106.jikometrix.net” is not suitable for DNS DCV because this system is not the authoritative nameserver.
The domain “cpcalendars.ns569334.ip-51-79-72.net” is not suitable for DNS DCV because this system is not the authoritative nameserver.
The domain “cpcontacts.host106.jikometrix.net” is not suitable for DNS DCV because this system is not the authoritative nameserver.
The domain “cpcontacts.ns569334.ip-51-79-72.net” is not suitable for DNS DCV because this system is not the authoritative nameserver.
The domain “host106.jikometrix.net” is not suitable for DNS DCV because this system is not the authoritative nameserver.
The domain “ipv6.host106.jikometrix.net” is not suitable for DNS DCV because this system is not the authoritative nameserver.
The domain “ipv6.ns569334.ip-51-79-72.net” is not suitable for DNS DCV because this system is not the authoritative nameserver.
The domain “mail.host106.jikometrix.net” is not suitable for DNS DCV because this system is not the authoritative nameserver.
The domain “mail.ns569334.ip-51-79-72.net” is not suitable for DNS DCV because this system is not the authoritative nameserver.
The domain “ns569334.ip-51-79-72.net” is not suitable for DNS DCV because this system is not the authoritative nameserver.
The domain “webdisk.host106.jikometrix.net” is not suitable for DNS DCV because this system is not the authoritative nameserver.
The domain “webdisk.ns569334.ip-51-79-72.net” is not suitable for DNS DCV because this system is not the authoritative nameserver.
The domain “webmail.host106.jikometrix.net” is not suitable for DNS DCV because this system is not the authoritative nameserver.
The domain “webmail.ns569334.ip-51-79-72.net” is not suitable for DNS DCV because this system is not the authoritative nameserver.
The domain “whm.host106.jikometrix.net” is not suitable for DNS DCV because this system is not the authoritative nameserver.
The domain “whm.ns569334.ip-51-79-72.net” is not suitable for DNS DCV because this system is not the authoritative nameserver.
The domain “www.host106.jikometrix.net” is not suitable for DNS DCV because this system is not the authoritative nameserver.
The domain “www.ns569334.ip-51-79-72.net” is not suitable for DNS DCV because this system is not the authoritative nameserver.
The system will not attempt to get a new certificate from the “Let’s Encrypt™” provider because no suitable domains were found.
The system will check for the certificate for the “dovecot” service.
The system will attempt to replace the self-signed certificate for the “dovecot” service with a signed certificate from the “Let’s Encrypt™” provider.
The system will attempt to install a certificate for the “dovecot” service from the system SSL storage.
None of the certificates in the system SSL storage were acceptable to use for the “dovecot” service.
The system previously attempted to get a new certificate from the “Let’s Encrypt™” provider and will not make another attempt.
The system will check for the certificate for the “exim” service.
The system will attempt to replace the self-signed certificate for the “exim” service with a signed certificate from the “Let’s Encrypt™” provider.
The system will attempt to install a certificate for the “exim” service from the system SSL storage.
None of the certificates in the system SSL storage were acceptable to use for the “exim” service.
The system previously attempted to get a new certificate from the “Let’s Encrypt™” provider and will not make another attempt.
My web server is (include version): Apache/2.4.63 (cPanel
cPanel Version [126.0.19]
The operating system my web server runs on is (include version): OS AlmaLinux v8.10.0 STANDARD standard
My hosting provider, if applicable, is: JIKOmetrix
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): cpanel
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): [root@host106 ~]# certbot --version
bash: certbot: command not found
[root@host106 ~]# certbot-auto --version
bash: certbot-auto: command not found
[root@host106 ~]#
Out of 7 cpanel servers this one host116 is giving a 404 error for HTTP validiation. I checked and the /var/www/html/.well-known folder is accessable. I have renamed the folder and the system creates a new folder with correct path for primary host host116.jikometrix.net .
Let's Debug HTTP test gives ok:
No issues were found with host106.jikometrix.net
DNS test seems to pass too.
It seems like the challenge file is not being created. I've tried disabling configserver firewall too.
It is a real head scratcher as to why the 404/403 thrown:
The system failed to validate domain control for the domain “autoconfig.host106.jikometrix.net” using the “HTTP” DCV method: 403 urn:ietf:params:acme:error:unauthorized (The client lacks sufficient authorization) (51.79.72.19: Invalid response from http://autoconfig.host106.jikometrix.net/.well-known/acme-challenge/Lu3KC1cZLcm93A7nrs2QMsRKhsp4P4ThdSxUTPG77b0: 404)
The system failed to validate domain control for the domain “webdisk.host106.jikometrix.net” using the “HTTP” DCV method: 403 urn:ietf:params:acme:error:unauthorized (The client lacks sufficient authorization) (51.79.72.19: Invalid response from http://webdisk.host106.jikometrix.net/.well-known/acme-challenge/nqmNORTtCO4u1S9ik_1jOmJV1ZAODr9yjN0u-4s9Qpc: 400)
I also didi this:
echo "test" > /var/www/html/.well-known/acme-challenge/test.txt
curl -IL http://host106.jikometrix.net/.well-known/acme-challenge/test.txt
[root@host106 acme-challenge]# curl -IL http://host106.jikometrix.net/.well-known/acme-challenge/test.txt
HTTP/1.1 404 Not Found
Date: Sat, 07 Jun 2025 12:32:50 GMT
Server: Apache
Content-Security-Policy: font-src *; data *;
Permissions-Policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Referrer-Policy: strict-origin-when-cross-origin
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Type: text/html; charset=iso-8859-1
It shows a 404 but if I go to a browser and load http://host106.jikometrix.net/.well-known/acme-challenge/test.txt is redirects to HTTPS displays the test file.
Is it the HTTP redirect the issue?
I then tried this:
[root@host106 html]# curl -IL JIKOmetrix - Reliable Web Hosting
HTTP/1.1 200 OK
Date: Sat, 07 Jun 2025 12:45:51 GMT
Server: Apache
Content-Security-Policy: font-src *; data *;
Permissions-Policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Referrer-Policy: strict-origin-when-cross-origin
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Wed, 19 Jul 2023 12:54:22 GMT
Accept-Ranges: bytes
Content-Length: 1720
Vary: Accept-Encoding,User-Agent
Content-Type: text/html
[root@host106 html]#
Looks good HTTP/1.1 200 OK.
But this:
[root@host106 .well-known]# touch index.html
[root@host106 .well-known]# ls
acme-challenge index.html
[root@host106 .well-known]# curl -IL http://host106.jikometrix.net/.well-known/index.html
HTTP/1.1 404 Not Found
Date: Sat, 07 Jun 2025 12:46:56 GMT
Server: Apache
Content-Security-Policy: font-src *; data *;
Permissions-Policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Referrer-Policy: strict-origin-when-cross-origin
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Type: text/html; charset=iso-8859-1
I get a 404 inside the .well-known folder on HTTP.
But HTTP/1.1 200 OK on HTTPS, see below.
[root@host106 .well-known]# curl -IL https://host106.jikometrix.net/.well-known/index.html
HTTP/1.1 200 OK
Date: Sat, 07 Jun 2025 12:49:35 GMT
Server: Apache
Content-Security-Policy: font-src *; data *;
Permissions-Policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Referrer-Policy: strict-origin-when-cross-origin
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Last-Modified: Sat, 07 Jun 2025 12:46:37 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Content-Type: text/html
How can that be?