We've discovered a similar problem where, due to authentication, cpanel.domain.com can't validate and holds up the validation process. Now we have a bunch of certs that, for the first time since using AutoSSL, aren't renewing automatically. I fixed one by going into the user's cPanel account and turning off the proxy subdomains that would require authentication and it then updated. That kind of defeats the purpose though.
9:14:29 AM WARN The domain “cpanel.******.***” failed domain control validation: The system failed to fetch the DCV (Domain Control Validation) file at “http://cpanel.*****.***/.well-known/pki-validation/8BD71991E9521971A5AC289031BE1B5E.txt” because of an error: The system failed to send an HTTP (Hypertext Transfer Protocol) “GET” request to “http://cpanel.*****.***/.well-known/pki-validation/8BD71991E9521971A5AC289031BE1B5E.txt” because of an error: Size of response body exceeds the maximum allowed of 16384 .
9:14:29 AM WARN The current SSL certificate for “*****.***” secures the domain “cpanel.*****.***”. However, this domain failed local domain control validation. In order to maintain SSL domain coverage for this domain, the system will not attempt to replace the current certificate.
9:14:29 AM WARN The domain “cpanel.******.***” failed domain control validation: The system failed to fetch the DCV (Domain Control Validation) file at “http://cpanel.*****.***/.well-known/pki-validation/8BD71991E9521971A5AC289031BE1B5E.txt” because of an error: The system failed to send an HTTP (Hypertext Transfer Protocol) “GET” request to “http://cpanel.*****.***/.well-known/pki-validation/8BD71991E9521971A5AC289031BE1B5E.txt” because of an error: Size of response body exceeds the maximum allowed of 16384 .
9:14:29 AM WARN The current SSL certificate for “*****.***” secures the domain “cpanel.*****.***”. However, this domain failed local domain control validation. In order to maintain SSL domain coverage for this domain, the system will not attempt to replace the current certificate.