AutoSSL orders will get stuck in queue because of HTTP DCV check failure at the provider even though the check succeeded when run locally.
When AutoSSL runs the HTTP DCV check, it checks to see if the IP address of the domain or subdomain resolves to an IP address on the server, then queries a text file to verify that the domain or subdomain is configured properly in the webserver. If the DNS record for the domain or subdomain points to the local IP address of the server, the DCV check will pass locally, but fail when the provider performs the DCV check since the domain or subdomain resolves to an inaccessible IP address.
We've opened an internal case for our development team to investigate this further. For reference, the case number is CPANEL-40397. Follow this article to receive an email notification when a solution is published in the product.
The A records pointing to the private IP address should be updated to the server's public IP address. Alternatively, the domain or subdomain may be excluded from AutoSSL.