Symptoms
You are trying to purchase or renew an SSL through cPanel's store than includes a wildcard subdomain. When performing the DCV (Domain Control Validation) check, you get an error similar to the following:
The following domain failed its DCV check: “*.domain.tld”
Description
Wildcard SSL certificates purchased from cPanel now require DNS-based DCV validation. This means that the server hosting the domain also needs to control the DNS for the domain through custom nameservers. If your DNS is controlled by your domain registrar or another third party, such as CloudFlare, the check will fail, and you will be unable to order the Wildcard SSL.
Workaround
You can create custom nameservers to have your server manage the DNS directly for your domain. The following article goes into more detail on how to accomplish this:
How to Set Up Nameservers in a cPanel & WHM Environment
If you cannot change your nameservers, you will need to purchase the wildcard SSL from a third-party provider that does not require DNS management to complete Domain Control Validation.