cPanel AutoSSL via Comodo FIX suggestion

3 posts Page 1 of 1
cautery
Junior Member
Posts: 2
Joined: 22 May 2015, 07:06


I just recently switched cPanel AutoSSL provider from "Let's Encrypt" to cPanel via Comodo.

The SSL cert requests stayed in queue for an excessive time, and I wound up logging a paid support request with cPanel.

It was discovered that the DCV was failing and thus blocking cert delivery due to either 1) because I had a number of the remote domain "query from" addresses blocked (Russia, China, Turkey, et al) blocked, OR 2) because I had one or more of the following blocked:

178.255.81.12
178.255.81.13
91.199.212.132
199.66.201.132

On further investigation, I discovered that the fine folks at ConfigServer HAD in fact created:

cpanel.comodo.allow: with rules to ALLOW Port 80 and Port 443
cpanel.comodo.ignore: with those 4 IP addresses

AND added include statements for those two files in csf.allow and csf.ignore.

Which is awesome!!!

BUT, cPanel Support ALSO says that they HIGHLY recommend adding Port 53 to the ALLOW list of Ports. They say that their validation procedures use this port and it is likely that cert deliver/installation may fail if Port 53 is not open for those 4 IP addresses for inbound traffic.

Here is how I have kludged it until you guys can add Port 53 to y'alls file:

1) I created cpanel.comodo53.allow and added:

tcp|in|d=53|s=178.255.81.12 # Comodo SSL Resolver
tcp|in|d=53|s=178.255.81.13 # Comodo SSL Resolver
tcp|in|d=53|s=91.199.212.132 # Comodo DCV Server
tcp|in|d=53|s=199.66.201.132 # Comodo DCV Server

2) I added this include statement to csf.allow:

Include /etc/csf/cpanel.comodo53.allow

PLEASE consider adding the 4 statements above to y'alls cpanel.comodo.allow file so that it updates automagically for all folks and I THINK it will FIX a lot of the Comodo-related issues.

And then I can delete the kludge file and extra include statement.

Thanks!
ForumAdmin
Moderator
Posts: 1391
Joined: 01 Oct 2008, 09:24


Thank you for this. It will be added in the next release of csf.
JasonXor
Junior Member
Posts: 1
Joined: 22 Oct 2018, 07:24


Can we use Lst's Encrypt with Digital Ocean?
3 posts Page 1 of 1