LetsEncrypt Wildcard DNS verification when not using cPanel's name servers

Operating System & Version
CentOS 7.7
cPanel & WHM Version
11.86.0.18

Fozzie

Registered
May 10, 2020
2
0
1
World
cPanel Access Level
Website Owner
I want to create a wildcard certificate through the Lets Encrypt SSL page however I have to use DNS verification for this which is fine, yet cPanel does not display the TXT record it wants me to add it just blatantly assumes that we're using cPanel's DNS manager, how do I get the TXT record so I can actually add it to my domain?

This seems like a massive oversight as the TXT record isn't exactly meant to be secret.
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,252
313
Houston
The txt record that is added when we do this is automatically generated and as of right now you cannot successfully perform DNS DCV with AutoSSL if your server is not authoritative for the domain. This is also noted in the documentation under Limitations for Wildcard Domains:


https://docs.cpanel.net/knowledge-base/third-party/the-lets-encrypt-plugin/88/#wildcard-domains said:
Limitations
If you use the Let’s Encrypt plugin to issue certificates for wildcard domains, be aware that:

  • This plugin cannot use HTTP DCV challenges to issue certificates for wildcard domains. This is because Let’s Encrypt does not support this type of challenge. For more information, read Let’s Encrypt’s HTTP-01 challenge type documentation.
  • You cannot use this plugin to obtain certificates for wildcard domains if you use third-party DNS hosting. You must host DNS on your local cPanel & WHM server or within the server’s DNS cluster.
 

Fozzie

Registered
May 10, 2020
2
0
1
World
cPanel Access Level
Website Owner
The txt record that is added when we do this is automatically generated and as of right now you cannot successfully perform DNS DCV with AutoSSL if your server is not authoritative for the domain. This is also noted in the documentation under Limitations for Wildcard Domains:
Why though? Why is there not a text box that pops up saying the TXT record to add? Why did the development team just assume everyone is going to use cPanel's DNS?
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,252
313
Houston
As I don't have specifics I can assume that this was done this way to match with the existing method of DCV check generation - we auto-generate the HTTP CSR Hash as well. It looks like one of our teams is working on something for this (I see an improvement case marked as To Do) but there is no timeframe for competition. I'd also assume they'd have to change the way the entire module works doing this since for all other certificate types the fallback to HTTP DCV check will bypass the need for locally managed nameservers.