In Progress CPANEL-37526 - SECURED_DOMAIN_DCV_FAILURE: One or more currently-secured domains failed DCV.

katmai

Well-Known Member
Mar 13, 2006
564
4
168
Brno, Czech Republic
Hello,

We have about 4 servers with ~100 domains on each server. AutoSSL has been renewing the SSL Certificates just fine till recently. Some customers are using mail external, some aren't.

The problem that we are experiencing is that when one or more subdomains aren't pointing to the server, or are missing, AutoSSL now fails to renew the remaining certificates like it used to.

If we have 1 account with say ... 20 subdomains and 2-3 of them are broken, AutoSSL now fails to renew the remaining fully working domains certificate because those 2 3 subdomains are broken.

The workaround is to delete the SSL certificate from "Manage SSL certificates" and rerun autossl again, which surprisingly after doing that, works.

Is anyone else experiencing the same thing? I don't want to have to go through 400 500 domains and have to exclude subdomains when AutoSSL was just working properly before the recent updates.

Thanks in advance,
 
Last edited by a moderator:

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
6,984
921
313
cPanel Access Level
Root Administrator
Hey there! That hasn't been my experience with the AutoSSL tools as I would expect it to renew normally and then send you notification about a reduction in coverage. If that isn't happening, could you please open a ticket with our team about one of the affected systems so we can do some additional troubleshooting on that?
 

katmai

Well-Known Member
Mar 13, 2006
564
4
168
Brno, Czech Republic
we have a ticket but we've been doing a bit of ping pong #94337637.

and yeah, that's exactly what I am experiencing, it doesn't renew normally. i have a few domains sitting at below the 15 days that normally would be renewed.

i wanted to see if anyone else is experiencing the same, since I know for a fact that autossl renewals have been working without any interference on my part till I did the last upgrade. 94-96
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
6,984
921
313
cPanel Access Level
Root Administrator
Thanks for posting that ticket number. It looks like JC just replied to that ticket explaining the issue - in your case, the server is using Let's Encrypt, which will cause those failures, unlike the default Sectigo certificates.
 

katmai

Well-Known Member
Mar 13, 2006
564
4
168
Brno, Czech Republic
So, something in the upgrade from cpanel 94 to 96 broke letsencrypt? our company doesn't want to swap to sectigo. we just want normal behavior to happen.
 

katmai

Well-Known Member
Mar 13, 2006
564
4
168
Brno, Czech Republic
yup, that sounds about right. thanks for the help! i swapped to sectigo for the time being, so I don't have to do manual work.
 
  • Like
Reactions: cPRex