cPanel

General cPanel-related topics

AutoSSL

------------------------------------------------------------------------------------------------------------------------------------------------

Quick fixes

DCV Required Port: 53 UDP  

AutoSSL detecting an internal IP?

Check using cpdig command:

/scripts/cpdig domain.com A 

If this returns an internal IP, and the server is AlmaLinux8/9 then DNS Doctoring is likely enabled - will need Networks to disable.

------------------------------------------------------------------------------------------------------------------------------------------------

Server Hostname and Service SSL Certificates

https://docs.cpanel.net/whm/service-configuration/manage-service-ssl-certificates/ 

remoteIP

cPanel

install the mod_remoteip Apache module via EasyApache in WHM

Create the following file on the server:



1
vim /etc/apache2/conf.modules.d/370_mod_remoteip.conf


In here, we need to enter the addresses for proxying, in this example I'm using CloudFlare's IP ranges:



1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
RemoteIPHeader CF-Connecting-IP
RemoteIPTrustedProxy 103.21.244.0/22
RemoteIPTrustedProxy 103.22.200.0/22
RemoteIPTrustedProxy 103.31.4.0/22
RemoteIPTrustedProxy 104.16.0.0/13
RemoteIPTrustedProxy 104.24.0.0/14
RemoteIPTrustedProxy 108.162.192.0/18
RemoteIPTrustedProxy 131.0.72.0/22
RemoteIPTrustedProxy 141.101.64.0/18
RemoteIPTrustedProxy 162.158.0.0/15
RemoteIPTrustedProxy 172.64.0.0/13
RemoteIPTrustedProxy 173.245.48.0/20
RemoteIPTrustedProxy 188.114.96.0/20
RemoteIPTrustedProxy 190.93.240.0/20
RemoteIPTrustedProxy 197.234.240.0/22
RemoteIPTrustedProxy 198.41.128.0/17
RemoteIPTrustedProxy 2400:cb00::/32
RemoteIPTrustedProxy 2606:4700::/32
RemoteIPTrustedProxy 2803:f800::/32
RemoteIPTrustedProxy 2405:b500::/32
RemoteIPTrustedProxy 2405:8100::/32
RemoteIPTrustedProxy 2a06:98c0::/29
RemoteIPTrustedProxy 2c0f:f248::/32


This list is correct as of April 2024, it may be worth double checking CloudFlares IP range list to ensure all IPs are included.

Once you've done this, we need to update the log formatting to instruct Apache to write logs correctly.

Via WHM, browse to the following page:

WHM > Service Configuration > Apache Configuration > Global Configuration 

From here we need to amend the combined and common LogFormat variables.

In short, any reference to 'h' needs to be replaced with an 'a'

Before:



1
%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"


After:



1
"%a %l %u %t \"%r\" %>s %b \"%{Referer}i\ \"%{User-Agent}i\"


Save the configuration and make sure Apache reloads without any issues.