AutoSSL failing because of www being added to sub domains

meta7gear

Registered
Jun 4, 2018
2
0
1
Russia
cPanel Access Level
Root Administrator
Hi all,

I've taken over management of a group of sites running on a server with cPanel. On one of the accounts the clients previous developer added a number of sub-domains eg..

secure.website.com
support.website.com
affiliate.website.com


However, for AutoSSL check, it's attempting to access versions of these subdomains with www appended to them eg.

www.secure.website.com

Obviously, this doesn't resolve and it's causing problems. Will this cause the renewal of the SSL certificates for the actual subdomains to fail? How can this be fixed?

Here is the log file...

10:01:58 PM AutoSSL’s configured provider is “Let’s Encrypt™”.
Checking websites for “realbeauty” …
10:01:59 PM Checking “affiliate.example1.com” …
10:01:59 PM TLS Status: Ready for Renewal
WARN Certificate expiry: 6/9/18, 4:23 AM UTC (4.39 days from now)
WARN Local DCV error (www.affiliate.example1.com): “www.affiliate.example1.com” does not resolve to any IPv4 addresses on the internet.

ERROR Impediment: SECURED_DOMAIN_DCV_FAILURE: One or more currently-secured domains failed DCV.
10:01:59 PM Checking “contact.example1.com” …
10:01:59 PM TLS Status: Ready for Renewal
WARN Certificate expiry: 6/9/18, 4:23 AM UTC (4.39 days from now)
WARN Local DCV error (www.contact.example1.com): “www.contact.example1.com” does not resolve to any IPv4 addresses on the internet.

ERROR Impediment: SECURED_DOMAIN_DCV_FAILURE: One or more currently-secured domains failed DCV.
10:01:59 PM Checking “join.example1.com” …
10:01:59 PM TLS Status: Ready for Renewal
WARN Certificate expiry: 7/2/18, 3:23 AM UTC (27.35 days from now)
WARN Local DCV error (www.join.example1.com): “www.join.example1.com” does not resolve to any IPv4 addresses on the internet.

ERROR Impediment: SECURED_DOMAIN_DCV_FAILURE: One or more currently-secured domains failed DCV.
10:01:59 PM Checking “example1.com” …
10:01:59 PM SUCCESS TLS Status: OK
Certificate expiry: 9/1/18, 3:23 AM UTC (88.35 days from now)
10:01:59 PM Checking “secure.example1.com” …
10:01:59 PM TLS Status: Ready for Renewal
WARN Certificate expiry: 6/24/18, 3:23 AM UTC (19.35 days from now)
WARN Local DCV error (www.secure.example1.com): “www.secure.example1.com” does not resolve to any IPv4 addresses on the internet.

ERROR Impediment: SECURED_DOMAIN_DCV_FAILURE: One or more currently-secured domains failed DCV.
10:01:59 PM Checking “support.example1.com” …
10:01:59 PM TLS Status: Incomplete
Certificate expiry: 9/1/18, 3:23 AM UTC (88.35 days from now)
Number of domains: 2
Number of secured domains: 1
WARN Local DCV error (www.support.example1.com): “www.support.example1.com” does not resolve to any IPv4 addresses on the internet.
ERROR Impediment: NO_UNSECURED_DOMAIN_PASSED_DCV: Every unsecured domain failed DCV.
10:01:59 PM The system has completed the AutoSSL check for “realbeauty”.
 
Last edited by a moderator:

cPanelLauren

Product Owner II
Staff member
Nov 14, 2017
13,274
1,285
313
Houston
Hi @meta7gear

Based on this the autoSSL check is only failing for the www. subdomains it's not failing for the actual subdomain. Note that only the www. subdomains are only listed here. While I did remove the actual domain name I took a look at the status of the certificate for the domain name before I removed it at SSL Checker - SSL Certificate Verify and the certificate for the subdomains seems to be good for another 187 days.


Thanks!
 

cPanelLauren

Product Owner II
Staff member
Nov 14, 2017
13,274
1,285
313
Houston
Hi @meta7gear

You should actually be able to exclude them for AutoSSL checks by going to cPanel>>Security>>SSL/TLS Status and selecting the domains you don't want checked.

Thanks!
 

AdrianP

Registered
Oct 9, 2021
1
0
1
Canada
cPanel Access Level
Root Administrator
I do not understand WHY you check domains that do not exist? Adding www in front of a subdomain is making no sense to me. Also, all these cpcalendars, webdisk, cpcontacts should be excluded by default if not set up in DNS. WHY make things complicated? WHY not add a feature to select ONLY domains existing in DNS? I don't know if someone is using those subdomains but it should be optional for auto SSL checker and you will avoid any questions about failing DCV.