Symptoms
When AutoSSL runs, the HTTP DCV check fails with an error similar to the following.
Local HTTP DCV error (domain.tld): “domain.tld” resolves to a private IP address. The system will skip HTTP DCV (Domain Control Validation) for “domain.tld”.
Description
A domain must resolve to a public IP address. If the domain resolves to a private IP address from the server, the DCV check fails. Some network providers use DNS doctoring instead of configuring NAT loopback. This results in the private IP address being returned when querying a domain's A record from within the server, which then results in AutoSSL not being able to function as expected.
Workaround
Please make sure that your network uses NAT loopback and that it is working. You can test this using the following command after replacing domain.tld with the failing domain.
/usr/local/cpanel/scripts/cpdig domain.tld A