SOLVED [CPANEL-26207] AutoSSL - Domains not passing validation

adeyjones

Member
Apr 26, 2019
7
1
3
Merseyside, UK
cPanel Access Level
Root Administrator
Hi all

I have always had SSL certificates signed for domains via AutoSSL but recently I have noticed that domains using the private .nhs.uk TLD have been failing validation and therefore not being renewed causing problems for the site owners.

In the AutoSSL log it simply says domain.nhs.uk is not a registered internet domain (apparently simply because it is not in the nominet registry not known on WHOIS).

I have highlighted a few examples in the attached PNG.

My host support opened a ticket with cPanel who say that this is an ongoing issue which is being looked in to. Comodo/Sectigo support have told me that I can get these domains through validation using other methods such as http or CNAME/TXT records which is fine, but I can't generate a .txt file to upload nor generate a hash for a CNAME record via AutoSSL.

So how can I general SSL certificates that wont pass DCV using the AutoSSL method?

Thanks in advance.
 

Attachments

adeyjones

Member
Apr 26, 2019
7
1
3
Merseyside, UK
cPanel Access Level
Root Administrator
Hi @cPanelLauren

Thanks for letting me know, is there anywhere that I can see the details of 26207, or release notes etc.. and see an estimated release date for the udpate?

I have about 15 sites at the mo which are without their SSL, I have been speaking with Sectigo (Comodo) who have not been very helpful with trying to get domains passed validation and my only other option is to buy an SSL for each site which would be expensive and there's no point in doing that if the update is imminent.

Adrian
 

adeyjones

Member
Apr 26, 2019
7
1
3
Merseyside, UK
cPanel Access Level
Root Administrator
Hi @cPanelLauren

I am just wondering if anything has changed in the last 24 hours, because I notice that v28.0.22 is not yet out and I am still on v28.0.21 but I put a new website live this morning and the .nhs.uk domain has somehow passed validation and is fully certified.

That said, looking down the list of domains via "Manage SSL hosts" none of the others that I have been having problems with have changed and still have red padlocks, so I have ran AutoSSL for that account and they have still all failed validation, there is no difference in the config or DNS between the one that has passed and all the .nhs.uk domains that have failed, so I can't explain why this one has passed?

Adrian
 

adeyjones

Member
Apr 26, 2019
7
1
3
Merseyside, UK
cPanel Access Level
Root Administrator
Hi @cPanelLauren

As above, I put 2 new .nhs.uk domain websites live over the weekend and they have been assigned an SSL via AutoSSL which is very strange, especially because I have run AutoSSL again to see if the other .nhs.uk domains (which previously said not registered internet domains) would be assigned one, and only one out of several has been picked up (although this is one that is due to expire soon, not one that has already expired).