AutoSSL / Wildcard / Error? / Can't Disable Request?

[BobtheWebguy]

We have a VPS running CPanel 110.0.2 on Apache. We use Let's Encrypt with AutoSSL. DNS is done by another server at another provider.

It's been working fine for a few years. As of a couple of months ago, we started getting error messages related to SSL certificate renewal. The error is "DNS DCV: No local authority: “*.example.com”. The error is only occurring on the wildcard entry. The entries for example.com and www.example.com are working fine and renew as expected. (Mail is not handled by this web server).

After checking in SSL/TLS Status, I see that I can exclude certain entries from the AutoSSL process. This would work for us as we don't need wildcard domain coverage for this domain. However, there is no option to EXCLUDE the wild card entry. I can exclude any other entry in the list, but not the wildcard. There's no checkbox.

Another solution that would work for us would be to make the certificate issuance for the wildcard work. Let's Encrypt says it will, but it fails with the above error. I've tried running it manually but it still fails.

Ideas? Some way to manually remove the wildcard entry from the AutoSSL list? Some way to get it to properly renew?

 

[cPRex]

Hey there! Usually after the "no local authority" message there is a sentence or two that provides more details. For example, I'm used to seeing this if there is a DNS issue:

 DNS DCV: No local authority: “domain.net”; HTTP DCV: “domain.net” does not resolve to any IP addresses on the internet.

Does your log provide any more information?

 

[BobtheWebguy]

There's nothing further in the email message. When I run AutoSSL manually from Cpanel, that's all that shows up in the web form where the messages post. Is there any other log available that has more detail?

Speaking of logs in another area: The logs at Let's Encrypt do not show a wildcard certificate ever being issued for the domain. So, either: Cpanel changed in operation; or somehow the list of what domains/SSL to fetch got updated; or the hosting firm (Bluehost) changed something (not supposed to; it's a VPS; but that doesn't mean it didn't happen).

 

[cPRex]

Well that isn't a very helpful error message on our side then.

Could you submit a ticket with our team so we could take a look at this?

 

[BobtheWebguy]

Well that isn't a very helpful error message on our side then.

Could you submit a ticket with our team so we could take a look at this?

Will do.

 

[BobtheWebguy]

Well that isn't a very helpful error message on our side then.

Could you submit a ticket with our team so we could take a look at this?

The Submit a Ticket link sends me to a CPanel Login. I try to log in with the email addy in my account and the same password I use to login to the forums and it gives me a "Wrong Credentials" message. I updated my email and confirmed that... no help. I also changed my password, no help. I tried another browser, no help.

My account is old as dirt... are there issues with that?

 

[cPRex]

The Forums account is currently unrelated to the ticket system, so they wouldn't share a login. We'll be fixing that soon, but in the mean time you may need to sign up for a new cPanel Store account or try resetting your password there.

 

[BobtheWebguy]

h

The Forums account is currently unrelated to the ticket system, so they wouldn't share a login. We'll be fixing that soon, but in the mean time you may need to sign up for a new cPanel Store account or try resetting your password there.

Ah, thanks. I will set up a new account.

 

[BobtheWebguy]

The Forums account is currently unrelated to the ticket system, so they wouldn't share a login. We'll be fixing that soon, but in the mean time you may need to sign up for a new cPanel Store account or try resetting your password there.

Ugh. I create a Store account and I was able to login. When I try to Submit a Ticket, it sends me to a prompt to to verify through WebPros. They email me a validation code... I get it... enter it.... it gives me "The provided verification code was invalid".

I tried it three times. I copy/pasted the code. I manually typed it. No luck either way. I then tried another browser a couple more times. Same message.

?

 

[cPRex]

That's definitely odd - you can always create a ticket by emailing [email protected]. They will also be able to check your account and ensure the login is working normally.

 

[BobtheWebguy]

Hmmm.... figured I'd try it one more time. Logged into the store, "Submit", send a code. When I entered the code, it went back to the login screen. I logged back in and it sent me to the "Submit a Ticket" page. So I'm good on that!

I will move ahead to submitting a ticket.

Thanks.

 

[cPRex]

It sounds like it might have been bad browser cache or an old cookie causing the confusion. I'm glad you were able to get logged in!

 

[BobtheWebguy]

Ticket submitted - 95052720

 

[cPRex]

Thanks for letting me know - I'm following along with this on my end now.

 

[BobtheWebguy]

Thanks for staying with it.

 

[cPRex]

It looks like our team was able to check and confirm that the nameservers are not being handled on the cPanel system, so changes would need to be made at GoDaddy for that DNS.

 

[BobtheWebguy]

Yes, thanks. I sent some followup questions on that...