AutoSSL orders are stuck in a "pending" status on cPanel versions 94 and 98 after recent changes to HTTP DCV.
Some AutoSSL orders are stuck in pending status due to recent validation changes.
Previously if a primary domain passed DCV (Domain Control Validation) checks, then subdomains of that domain were assumed to be verified as well. This is no longer the case and all subdomains on the domain must properly resolve to the server for Sectigo to issue a certificate. Older versions of cPanel and AutoSSL assumed the old behavior and would automatically add subdomains to the certificate request such as mail and www even if they did not resolve to the system. This causes the certificate request to never complete as the subdomains do not validate. Information about these changes can be found here:
We've opened an internal case for our development team to investigate this further. For reference, the case number is COBRA-13435. Follow this article to receive an email notification when a solution is published in the product.
COBRA-13435 has been resolved in cPanel v100, and updates are now available for those on cPanel 94 and 98 to resolve the issue. This article will help to proceed with updating cPanel:
If the installed version of cPanel is past "end of life" it will not receive the updates for this issue. It will be necessary to update cPanel to a supported version to receive the update.
If the server is on a non-supported version the only method to ensure certificates are issued is by excluding any domain that is unable to pass DCV checks. We have instructions on how to do this here: