Autossl failing for all domains if single subdomain fails

G

greatwitenorth

Member
Feb 28, 2014
15
1
3
cPanel Access Level
Root Administrator
I'm using AutoSSL with cpanel 76.0.18 using Let's Encrypt as the provider. Recently some domains which are not using my server as their nameserver started to fail the DVC check when renewing a certificate. The weird part is that only one subdomain for the entire account fails (all others pass via http check) but this results in no certificates being installed for any domains. Here's the logs:
Code: 
Log for the AutoSSL run for “rempelin”: Wednesday, January 23, 2019 12:12:21 PM GMT-0600 (Let’s Encrypt™)
12:12:21 PM AutoSSL’s configured provider is “Let’s Encrypt™”.
Checking websites for “rempelin” …
12:12:21 PM Analyzing “example.com” …
12:12:21 PM TLS Status: Ready for Renewal
WARN Certificate expiry: 1/31/19, 12:00 AM UTC (7.24 days from now)
12:12:21 PM Performing DCV (Domain Control Validation) …
12:12:22 PM Local HTTP DCV OK: example.ca
Local HTTP DCV OK: example.com
Local HTTP DCV OK: www.example.ca
Local HTTP DCV OK: mail.example.ca
Local HTTP DCV OK: www.example.com
WARN Local HTTP DCV error (mail.example.com): “mail.example.com” does not resolve to any IPv4 addresses on the internet.
Local HTTP DCV OK: cpanel.example.com
Local HTTP DCV OK: webdisk.example.com
Local HTTP DCV OK: webmail.example.com
12:12:29 PM ERROR Local DNS DCV error (mail.example.com): The DNS query to “_cpanel-dcv-test-record.example.com” for the DCV challenge returned no “TXT” record that matches the value “_cpanel-dcv-test-record=PrdxBl_HvnyJS3U1wwaBV1Z2losScoUC4twNPCfwKuxMBaLhzofhhbpEWLE49MfV”.
12:12:29 PM Analyzing “example.com”’s DCV results …
12:12:29 PM ERROR Impediment: SECURED_DOMAIN_DCV_FAILURE: One or more currently-secured domains failed DCV.
12:12:29 PM The system has completed the AutoSSL check for “rempelin”.
I'd expect verification to fail for mail.example.com and in turn no ssl certificate installed. But I would expect that example.com should receive a new certificate since it passed.

What am I missing here? The only way to solve this is to manually go into every account and disable autossl for the particular subdomain that is failing.
 
Last edited by a moderator:
cPanelLauren

cPanelLauren

Product Owner II
Staff member
Nov 14, 2017
13,266
1,301
363
Houston
Hi @greatwitenorth

The issue is in the error message:
greatwitenorth said:
12:12:29 PM ERROR Impediment: SECURED_DOMAIN_DCV_FAILURE: One or more currently-secured domains failed DCV.
Click to expand...
This is saying that AutoSSL is attempting to add coverage to a domain but when the DCV check fails it's not going to supply a new cert to the domains that are already covered. It would replace the certificate in the event the DCV check passed.

If you dont want specific domains or subdomains covered by AutoSSL you can exclude them from within cPanel>>SSL/TLS>>SSL/TLS Status

Thanks!
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
C AutoSSL failing for addon domain Security 3
C AutoSSL failing for domains with external DNS but hosted and resolving to cpanel server Security 5
V AutoSSL script failing on server. Security 1
M AutoSSL failing because of www being added to sub domains Security 6
R AutoSSL installation failing on cPanel created subdomains Security 3
Similar threads
AutoSSL failing for addon domain
AutoSSL failing for domains with external DNS but hosted and resolving to cpanel server
AutoSSL script failing on server.
AutoSSL failing because of www being added to sub domains
AutoSSL installation failing on cPanel created subdomains
Top Bottom