Skip to main content

mail domain prevents autoSSL renewal

Comments

6 comments

  • 24x7server
    0
  • accafella
    hi and thanks for your reply. firstly, mail/.well-known/pki-validation/DDCEA5680FEFC432C8D76B580DC7A68C.txt does not actually exist on the server. however, and please pardon my ignorance, but can you please explain what you mean ? i'm not too sure how this answers my question. i tried to exclude mail from auto ssl because i don't need it and it is breaking the auto-renewal. it seemed a pretty straightforward fix in cpanel but the checkbox option to edit the list of domains is not present in ssl/tls status. thanks again, hope you can help further.
    0
  • cPanelMichael
    i tried to exclude mail from auto ssl because i don't need it and it is breaking the auto-renewal. it seemed a pretty straightforward fix in cpanel but the checkbox option to edit the list of domains is not present in ssl/tls status.

    Hello, Could you open a support ticket using the link in my signature so we can take a closer look to see why it's not letting you exclude the subdomain? Thank you.
    0
  • pyrographics
    I too have started getting this error with some of my domains. It seems that if you attempt to use mail.yourdomain.com DNS with another mail system or non-server IP address that cPanel expects it to only be used with it in order for SSL on mail service to function. A simple fix would be for cPanel to verify an account is using the local mail exchanger before attempting to generate certificates for mail related DNS. In the meantime, I just pointed the dns for mail.yourdomain.com back to the server so my certificate won't expire.
    0
  • accafella
    my rather less elegant solution was simply to delete the certificates thinking that autossl would just install new ones - which it did and now we're friends again :)
    0
  • cPanelMichael
    I too have started getting this error with some of my domains. It seems that if you attempt to use mail.yourdomain.com DNS with another mail system or non-server IP address that cPanel expects it to only be used with it in order for SSL on mail service to function. A simple fix would be for cPanel to verify an account is using the local mail exchanger before attempting to generate certificates for mail related DNS. In the meantime, I just pointed the dns for mail.yourdomain.com back to the server so my certificate won't expire.

    Hello, The "mail" subdomain needs to resolve to the cPanel server if you want to get the free domain-validated AutoSSL certificate for it. If it resolves to an external server, then it's by design that domain validation fails and it's not issued a certificate. Thank you.
    0

Please sign in to leave a comment.