AutoSSL error for non-www record: DCV challenge returned no “TXT” record that matches the value

[FrisOnline]

Hi,

I'm running into an issue where AutoSSL won't install a SSL-certificate for the non-www version of the domain while the www version of the domain get's validated and also has a SSL certificate installed.

I've already contacted out host but with no success so far. This is the full error:

DNS DCV: The DNS query to “_cpanel-dcv-test-record.domain.com” for the DCV challenge returned no “TXT” record that matches the value “_cpanel-dcv-test-record=4KaofcL0TKEWQQRO1Mgc0S31ZdQcKk4mLnpVQDLY9iKXhsTjaqa143OVRz9sx9ca”.; HTTP DCV: “domain.com” does not resolve to any IP addresses on the internet.

The A-records of the domain which are hosted externally ( we don't own the domain either) have been changed last thursday to point to our own VPS as the older site was hosted somewhere else. When pinging the domain (www and non-www) it shows the correct IP-address.

The domain is setup as an alias. I don't have any issues validating the other domains connected to the account, it's only the non-www version of the domain which fails. Never had his issue before but found similar errors when searching the cPanel forums.

Is there any way to solve this issue? I can share a screenshot of all DNS-records if needed in private.

Thanks in advance,
Niels

 

[cPanelLauren]

Because DNS is not hosted locally you wouldn't be able to complete the DNS DCV check.

HTTP DCV is failing due to a failed lookup for the IP address. How long after the A record was changed did you run AutoSSL? What is present in the Zone Editor for this domain (Type of records)?

 

[FrisOnline]

Because DNS is not hosted locally you wouldn't be able to complete the DNS DCV check.

HTTP DCV is failing due to a failed lookup for the IP address. How long after the A record was changed did you run AutoSSL? What is present in the Zone Editor for this domain (Type of records)?

Hi Lauren,

That is quite strange though as all other domains / DNS are not hosted locally too but they do get verified. In fact all the domains / DNS that we're using are not hosted locally and we've never run into this issue before.

I've run the AutoSSL once I noticed that the IP-address has been changed with a ping check which was half an hour after changing the DNS. I've run AutoSSL again yesterday (monday)

See attached screenshot for the records in the Zone Editor.

 

[cPanelLauren]

Anytime DNS Is not hosted locally the DNS DCV will fail, that's ok because we fallback to HTTP DCV

In this case what is causing the issue is that the HTTP DCV is also failing. When performing a curl request to the domain as follows:

curl -kvv domain.nl

I get a response which indicates that it's being redirected via the CMS to HTTPS. The HTTP DCV check CANNOT complete when the domain is forced to HTTPS in this manner.

< HTTP/1.1 301 Moved Permanently
< Date: Wed, 29 Jul 2020 01:16:37 GMT
< Server: Apache
< Expires: Wed, 29 Jul 2020 02:16:38 GMT
< Cache-Control: max-age=3600
< X-Redirect-By: WordPress
< Location: https://domain.nl/

 

[FrisOnline]

We found the issue Lauren, there was a mismatch between the NS-records in the DNS, both values were incorrect and used ns1.domain and ns2.domain instead of the correct value of ns3.domain and ns4.domain. After changing both records we could verify the domain and install the certificate.

 

[cPanelLauren]

Awesome news, I'm glad you were able to resolve this and thank you for updating here!

 

[latiendamiga]

Hello I have a simmilar issue,
I have reviewed dns zone and it shows nice.
Could somebodyt help?

When I try RunAutoSSL it shows:

DNS DCV: The DNS query to “_cpanel-dcv-test-record.domain.com” for the DCV challenge returned no “TXT” record that matches the value “_cpanel-dcv-test-record=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx”.; HTTP DCV: The system queried for a temporary file at “https://domain.com/.well-known/pki-validation/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.txt”, which was redirected from “http://domain.com/.well-known/pki-validation/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.txt”. The web server responded with the following error: 404 (). A DNS (Domain Name System) or web server misconfiguration may exist.

where xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx are a key or a file name.

Thanks in advance.

 

[cPanelLauren]

The forced redirect to https will cause the query to fail as COMODO does not allow redirection.

 

[latiendamiga]

The forced redirect to https will cause the query to fail as COMODO does not allow redirection.

Txs lauren, I'll try to configure in this way.

All the best.