AutoSSL orders for a specific domain are failing with an error like the following in the logs.
ERROR AutoSSL failed to request an SSL certificate for “domain.tld” because of an error: (XID jdcze9) The cPanel Store returned an error (X::Item::Validation) in response to the request “POST ssl/certificate/free”: The provided CSR has invalid PKCS10 or banned TLDs
This error is a specific response code that reports the order was rejected by the signing authority. This can be caused by either using an invalid PKCS10 CSR or the domain has a banned TLD. Since the AutoSSL feature only generates orders with valid CSR's, this indicates the failure is caused by the domain's TLD.
To order a certificate through AutoSSL a valid TLD must be used. If the domain uses a banned TLD, that domain cannot be secured using AutoSSL.
To check which Country TLD's are currently banned with the signing authority Sectigo, see the following URL.
If your domain's TLD is not listed on the above URL, please open a ticket with cPanel support for further review.