AutoSSL failing because of www being added to sub domains

meta7gear

Registered
Jun 4, 2018
2
0
1
Russia
cPanel Access Level
Root Administrator
Hi all,

I've taken over management of a group of sites running on a server with cPanel. On one of the accounts the clients previous developer added a number of sub-domains eg..

secure.website.com
support.website.com
affiliate.website.com


However, for AutoSSL check, it's attempting to access versions of these subdomains with www appended to them eg.

www.secure.website.com

Obviously, this doesn't resolve and it's causing problems. Will this cause the renewal of the SSL certificates for the actual subdomains to fail? How can this be fixed?

Here is the log file...

10:01:58 PM AutoSSL’s configured provider is “Let’s Encrypt™”.
Checking websites for “realbeauty” …
10:01:59 PM Checking “affiliate.example1.com” …
10:01:59 PM TLS Status: Ready for Renewal
WARN Certificate expiry: 6/9/18, 4:23 AM UTC (4.39 days from now)
WARN Local DCV error (www.affiliate.example1.com): “www.affiliate.example1.com” does not resolve to any IPv4 addresses on the internet.

ERROR Impediment: SECURED_DOMAIN_DCV_FAILURE: One or more currently-secured domains failed DCV.
10:01:59 PM Checking “contact.example1.com” …
10:01:59 PM TLS Status: Ready for Renewal
WARN Certificate expiry: 6/9/18, 4:23 AM UTC (4.39 days from now)
WARN Local DCV error (www.contact.example1.com): “www.contact.example1.com” does not resolve to any IPv4 addresses on the internet.

ERROR Impediment: SECURED_DOMAIN_DCV_FAILURE: One or more currently-secured domains failed DCV.
10:01:59 PM Checking “join.example1.com” …
10:01:59 PM TLS Status: Ready for Renewal
WARN Certificate expiry: 7/2/18, 3:23 AM UTC (27.35 days from now)
WARN Local DCV error (www.join.example1.com): “www.join.example1.com” does not resolve to any IPv4 addresses on the internet.

ERROR Impediment: SECURED_DOMAIN_DCV_FAILURE: One or more currently-secured domains failed DCV.
10:01:59 PM Checking “example1.com” …
10:01:59 PM SUCCESS TLS Status: OK
Certificate expiry: 9/1/18, 3:23 AM UTC (88.35 days from now)
10:01:59 PM Checking “secure.example1.com” …
10:01:59 PM TLS Status: Ready for Renewal
WARN Certificate expiry: 6/24/18, 3:23 AM UTC (19.35 days from now)
WARN Local DCV error (www.secure.example1.com): “www.secure.example1.com” does not resolve to any IPv4 addresses on the internet.

ERROR Impediment: SECURED_DOMAIN_DCV_FAILURE: One or more currently-secured domains failed DCV.
10:01:59 PM Checking “support.example1.com” …
10:01:59 PM TLS Status: Incomplete
Certificate expiry: 9/1/18, 3:23 AM UTC (88.35 days from now)
Number of domains: 2
Number of secured domains: 1
WARN Local DCV error (www.support.example1.com): “www.support.example1.com” does not resolve to any IPv4 addresses on the internet.
ERROR Impediment: NO_UNSECURED_DOMAIN_PASSED_DCV: Every unsecured domain failed DCV.
10:01:59 PM The system has completed the AutoSSL check for “realbeauty”.
 
Last edited by a moderator:

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,271
313
Houston
Hi @meta7gear

Based on this the autoSSL check is only failing for the www. subdomains it's not failing for the actual subdomain. Note that only the www. subdomains are only listed here. While I did remove the actual domain name I took a look at the status of the certificate for the domain name before I removed it at SSL Checker - SSL Certificate Verify and the certificate for the subdomains seems to be good for another 187 days.


Thanks!
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,271
313
Houston
Hi @meta7gear

You should actually be able to exclude them for AutoSSL checks by going to cPanel>>Security>>SSL/TLS Status and selecting the domains you don't want checked.

Thanks!