AutoSSL DCV: CNAME entries from comodoca

[WaldoPepper]

I just reviewed my DNS zones and noticed that there are more than 30 CNAME entries from comodoca. I thought each time AutoSSL ran the DCV through DNS the old CNAME would be deleted.

Is this a misunderstanding, a misconfiguration or just a bug? Is it safe to clear all record types referring to comodoca.com?

TIA. Sam.

 

[cPanelLauren]

The old CNAME should be removed, is there anything in the cPanel error logs indicating anything in relation to this?

 

[PeteS]

Can I get some docs on this record?

I found a domain with 15 (three sets of 5, for cpcalendars, webmail, cpanel, cpcontacts, and webdisk). I checked some other DNS zones and they have none. All domains have autoSSL.

 

[cPRex]

@PeteS - these would all be related to AutoSSL checks, and are safe to remove. They likely look something like this:

_7e3a11259b8306275bef9b1e59b150e1.testing 300 IN CNAME 6be5e17b5ac27acaae876259dfaeb409.7493a8970fa5d32a2644f719c00fd4ec.comodoca.com.

 

[PeteS]

@PeteS - these would all be related to AutoSSL checks, and are safe to remove. They likely look something like this:

_7e3a11259b8306275bef9b1e59b150e1.testing 300 IN CNAME 6be5e17b5ac27acaae876259dfaeb409.7493a8970fa5d32a2644f719c00fd4ec.comodoca.com.

Thank you. Do you know what causes/how to prevent these?

 

[cPRex]

In theory, these should get removed after the SSL verification process is complete. If that isn't happening, can you submit a ticket to our team so we can check your particular system?

 

[PeteS]

In theory, these should get removed after the SSL verification process is complete. If that isn't happening, can you submit a ticket to our team so we can check your particular system?

Thanks.

#grep -l "comodoca.com" /var/named/*.db tells me there are only three other domain zone files with a CNAME like this, and they each have just one, not many. I will monitor for it and reach back here if it is ongoing.