Author Topic: AutoSSL not working  (Read 81994 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
AutoSSL not working
« on: October 20, 2019, 01:35:25 AM »
I can't figure out how to set up my account/domain/subdomain on CWP. For example, let's assume my domain name is: mysite.com.

I want only www.mysite.com hosted on CWP, not mysite.com. mysite.com is on a different server, with a different public IP.

www.mysite.com is not an option to choose from when attempting to use AutoSSL; only "mysite.com" or "All Domains".

So how am I supposed to set this up? Also, my CWP is behind a gateway so I use NAT.

Offline
*
Re: AutoSSL not working
« Reply #1 on: October 20, 2019, 01:20:46 PM »
In your panel docreate yoursite.com
- then go ahead and create a subdomain for yoursite.com, like cars.yoursite.com

After creation go to your DNS settings click edit records and change the IP number of yoursite.com don't change cars.yoursite.com.
When done correctly CWP will host only cars.yoursite.com and all other traffic will be send to the other server where yoursite.com is hosted. In the home directory of yoursite.com on the cwp server you could replace the standard index.html with one who who redirects to yoursite.com on the other server.

When creating the subdomain pay attention to the folder it shows, correct the folder name by adding the name of the subdomain to it, like so: public_html/cars
In that folder you put everything you want for the subdomain and will the system direct users to the right folder.

Offline
*
Re: AutoSSL not working
« Reply #2 on: October 20, 2019, 03:42:32 PM »
Thanks but your suggestion doesn't seem to work with www as the subdomain.

Offline
*
Re: AutoSSL not working
« Reply #3 on: October 21, 2019, 10:46:48 AM »
try to create a seprate A records for www, I have not tested but it should work. Also you can use domains default DNS settings and create A records for www (A=IP of server 1)  and non-www ( A= IP of server 2) and create the host records.
7G Hosting -  Build for Speed | Domain , Hosting, VPS, Cloud Server
Web Hosting : https://www.7ghosting.in/shared-hosting/
Domain : https://www.7ghosting.in/domains/

Offline
*
Re: AutoSSL not working
« Reply #4 on: October 21, 2019, 12:52:59 PM »
try to create a seprate A records for www, I have not tested but it should work. Also you can use domains default DNS settings and create A records for www (A=IP of server 1)  and non-www ( A= IP of server 2) and create the host records.
My CWP is NAT'ed so all IP's for the domains are local. I use a DNS provider so I rely on the vanity DNS servers that I have specified with them for resolution.  I already have separate A records for the public IP's of 'mysite.com' and 'www.mysite.com' registered with my DNS provider.

Below is what is currently in my HOSTS file:
Code: [Select]
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
127.0.0.1 cwp.mysite.com
127.0.0.1 autoreply.cwp.mysite.com
« Last Edit: October 21, 2019, 12:55:41 PM by jeffshead »

Offline
**
Re: AutoSSL not working
« Reply #5 on: October 23, 2019, 11:00:11 AM »
I am getting confused at what you are writing here...which host record is that...each system has its own...not one for both. Is that for your desktop PC (I am assuming it is but if so, why use third party DNS, you would be over riding dns with the hosts file on desktop PC...see why I'm confused?)

This is how it has to work...

1. At your domain registrar create 2  "A records"
 www.domain.com - A record - ipaddress 1.1.1.1
Domain.com - A record - ipaddress 1.1.1.2

This has to resolve both domains to their respective unique hosts/virtual host's  (different hosts/systems/or unique ipaddresses)

2. On each system, set letsencrypt to only obtain SSL for what is on that system...see following url for some guidance on how Certbot can be used  for this https://community.letsencrypt.org/t/single-certificate-for-sub-domains-pointing-to-different-ip-addresses/21764/6

I haven't done this in CWP, but it does work with other control panels.

There "was" a catch with lets encrypt  in that your domains had to be public...https://community.letsencrypt.org/t/private-domains-nat-and-lets-encrypt/61362/2
« Last Edit: October 23, 2019, 11:11:57 AM by adamjedgar »

Offline
*
Re: AutoSSL not working
« Reply #6 on: October 23, 2019, 11:39:08 PM »
Ok… Let me start over.

I currently have commercial SSL certs for all of my domains. I manually installed them and they are working. I wanted to start using AutoSSL but it always fails without any errors when I remove an existing cert and use the AutoSSL tab. It actually says it completed successfully but it never does for any domain.

I am behind a gateway so CWP is NAT’ed. I do not use CWP’s BIND DNS Server nor do I use CWP’s email services. I use an external DNS provider and I have a separate email server that handles all email for all of the domains I host on the CWP server.

My DNS records at my DNS provider are all correct. In fact, my gateway appliance has built-in Let’s Encrypt functionality and it can successfully obtain a Let’s Encrypt SSL cert for any of my domains so that means the DNS records are correct. The problem I run into is that I also have to have certs on the CWP server or a couple of my web apps fail to work properly.

@adamjedgar
- The records I posted in my previous reply are the contents of the HOSTS file on the CWP server.
- I do have a separate/different A record for each domain just as you posted in number 1 of your response.
- Number 2 of your response is part of the issue. CWP automatically creates a CNAME for the www sub of every account and it will not let you create a separate www subdomain so there is no option on the AutoSSL tab to get a cert for only www.

AutoSSL fails to work for any of my domains including the domains that have both the base domain and the www sub hosted on the CWP server. I even created a test.mysite.com subdomain and allowed enough time for the DNS to propagate. It failed too. Just to be clear, I'm not actually using mysite.com. I'm using it as a substitute for my real domain names, only in my forum posts.
« Last Edit: October 23, 2019, 11:44:30 PM by jeffshead »

Offline
*
Re: AutoSSL not working
« Reply #7 on: October 24, 2019, 09:33:12 AM »
Hello. I have exactly the same problem here. I wonder if the problem did not appear after an update. Subdomains are now reported as problematic when everything was working until now after I requested a refresh of the certificate. No site on which I have performed the same operation accepts www as a prefix anymore.

Offline
*
Re: AutoSSL not working
« Reply #8 on: October 24, 2019, 04:31:36 PM »
@jeffshead

This may help you:
The most common rate limit of 50 certificates per domain per 7 days in a place that is set by Let's Encrypt. As the limit is defined by Let's Encrypt directly, it cannot be managed through CWP. To overcome the issue wait for this week period to pass and reissue the certificate.

There are two other limits:

    User can create a maximum of 10 Accounts per IP Address per 3 hours.
    User can create a maximum of 500 Accounts per IP Range within an IPv6 /48 per 3 hours.

Offline
*
Re: AutoSSL not working
« Reply #9 on: October 24, 2019, 08:08:00 PM »
@jeffshead

This may help you:
...rate limit...

Thanks but as I mentioned in my last post, I can obtain certs from LE (for the same domains) using my gateway so I haven't hit any limits. I encounter the issue only with CWP.

What CWP logs should I be checking to see what is happening?