My domain's DNS is hosted by a third-party, not on my server or in a DNS cluster. Can I add a DNS record to get DNS DCV to pass?
No. AutoSSL randomly generates the DNS record each time, so a third-party DNS server cannot be updated fast enough.
If you use the Let's Encrypt plugin to issue certificates for wildcard domains, be aware that:
- This plugin cannot use HTTP DCV challenges to issue certificates for wildcard domains because Let's Encrypt does not support this type of challenge. For more information, read Let's Encrypt's HTTP-01 challenge type documentation.
- You cannot use this plugin to obtain certificates for wildcard domains if you use third-party DNS hosting. You need to host DNS on your local cPanel & WHM server or within the server's DNS cluster for wildcard certificates to issue as expected.
For more information, please review: The Let's Encrypt Plugin
While this is not explicitly supported, we have found that the wildcard DNS DCV can pass if you set up two specific NS records that point to domains that point directly at the server. The workaround will not work if the domain selected is routed through a proxy.
For this example, say server.hostname.tld is the server's hostname, which resolves to the server's IP address, and example.tld is the domain on a cPanel account. To have Let's Encrypt validate *.example.tld, while pointing the domain to remote nameservers, set up the following records at the third-party provider:
_acme-challenge.example.tld. 300 IN NS server.hostname.tld.
_cpanel-dcv-test-record.example.tld. 300 IN NS server.hostname.tld.
Your mileage may vary. This will only allow for the wildcard subdomain to validate on it's own to obtain a Let's Encrypt certificate. You will then need to install it on subdomains as needed manually.