Autossl failing for all domains if single subdomain fails

Feb 28, 2014
15
1
3
cPanel Access Level
Root Administrator
I'm using AutoSSL with cpanel 76.0.18 using Let's Encrypt as the provider. Recently some domains which are not using my server as their nameserver started to fail the DVC check when renewing a certificate. The weird part is that only one subdomain for the entire account fails (all others pass via http check) but this results in no certificates being installed for any domains. Here's the logs:
Code:
Log for the AutoSSL run for “rempelin”: Wednesday, January 23, 2019 12:12:21 PM GMT-0600 (Let’s Encrypt™)
12:12:21 PM AutoSSL’s configured provider is “Let’s Encrypt™”.
Checking websites for “rempelin” …
12:12:21 PM Analyzing “example.com” …
12:12:21 PM TLS Status: Ready for Renewal
WARN Certificate expiry: 1/31/19, 12:00 AM UTC (7.24 days from now)
12:12:21 PM Performing DCV (Domain Control Validation) …
12:12:22 PM Local HTTP DCV OK: example.ca
Local HTTP DCV OK: example.com
Local HTTP DCV OK: www.example.ca
Local HTTP DCV OK: mail.example.ca
Local HTTP DCV OK: www.example.com
WARN Local HTTP DCV error (mail.example.com): “mail.example.com” does not resolve to any IPv4 addresses on the internet.
Local HTTP DCV OK: cpanel.example.com
Local HTTP DCV OK: webdisk.example.com
Local HTTP DCV OK: webmail.example.com
12:12:29 PM ERROR Local DNS DCV error (mail.example.com): The DNS query to “_cpanel-dcv-test-record.example.com” for the DCV challenge returned no “TXT” record that matches the value “_cpanel-dcv-test-record=PrdxBl_HvnyJS3U1wwaBV1Z2losScoUC4twNPCfwKuxMBaLhzofhhbpEWLE49MfV”.
12:12:29 PM Analyzing “example.com”’s DCV results …
12:12:29 PM ERROR Impediment: SECURED_DOMAIN_DCV_FAILURE: One or more currently-secured domains failed DCV.
12:12:29 PM The system has completed the AutoSSL check for “rempelin”.
I'd expect verification to fail for mail.example.com and in turn no ssl certificate installed. But I would expect that example.com should receive a new certificate since it passed.

What am I missing here? The only way to solve this is to manually go into every account and disable autossl for the particular subdomain that is failing.
 
Last edited by a moderator:

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,266
313
Houston
Hi @greatwitenorth

The issue is in the error message:
12:12:29 PM ERROR Impediment: SECURED_DOMAIN_DCV_FAILURE: One or more currently-secured domains failed DCV.
This is saying that AutoSSL is attempting to add coverage to a domain but when the DCV check fails it's not going to supply a new cert to the domains that are already covered. It would replace the certificate in the event the DCV check passed.

If you dont want specific domains or subdomains covered by AutoSSL you can exclude them from within cPanel>>SSL/TLS>>SSL/TLS Status

Thanks!