Question
Our Server's AutoSSL feature attempts to renew certificates that cPanel, L.L.C. provides within 15 days of expiry, but they aren't being renewed yet?
Answer
If you are attempting to renew your AutoSSL certificate and are seeing the following:
Impediment: SECURED_DOMAIN_DCV_FAILURE: One or more currently-secured domains failed DCV.
It would mean that one or more of your current subdomains are being protected by the existing SSL certificate, but they failed the Domain Control Validation (DCV). There have been a few recent changes, one of them is from Sectigo which is announced here:
It means that the certificate installed on any account currently covers subdomains such as 'mail' and 'www,' but they can not be issued anymore.
The AutoSSL system avoids a reduction in security. As the new certificate would cover fewer domains than the current certificate, it will not automatically replace it until the certificate is less than 3 days from expiring.