AutoSSL failing because of www being added to sub domains

meta7gear

• June 04, 2018 14:29

Hi all, I've taken over management of a group of sites running on a server with cPanel. On one of the accounts the clients previous developer added a number of sub-domains eg.. secure.website.com support.website.com affiliate.website.com However, for AutoSSL check, it's attempting to access versions of these subdomains with www appended to them eg. www.secure.website.com Obviously, this doesn't resolve and it's causing problems. Will this cause the renewal of the SSL certificates for the actual subdomains to fail? How can this be fixed? Here is the log file... 10:01:58 PM AutoSSL"s configured provider is "Let"s Encrypt"". Checking websites for "realbeauty" " 10:01:59 PM Checking "affiliate.example1.com" " 10:01:59 PM TLS Status: Ready for Renewal WARN Certificate expiry: 6/9/18, 4:23 AM UTC (4.39 days from now) WARN Local DCV error (www.affiliate.example1.com): "www.affiliate.example1.com" does not resolve to any IPv4 addresses on the internet. ERROR Impediment: SECURED_DOMAIN_DCV_FAILURE: One or more currently-secured domains failed DCV. 10:01:59 PM Checking "contact.example1.com" " 10:01:59 PM TLS Status: Ready for Renewal WARN Certificate expiry: 6/9/18, 4:23 AM UTC (4.39 days from now) WARN Local DCV error (www.contact.example1.com): "www.contact.example1.com" does not resolve to any IPv4 addresses on the internet. ERROR Impediment: SECURED_DOMAIN_DCV_FAILURE: One or more currently-secured domains failed DCV. 10:01:59 PM Checking "join.example1.com" " 10:01:59 PM TLS Status: Ready for Renewal WARN Certificate expiry: 7/2/18, 3:23 AM UTC (27.35 days from now) WARN Local DCV error (www.join.example1.com): "www.join.example1.com" does not resolve to any IPv4 addresses on the internet. ERROR Impediment: SECURED_DOMAIN_DCV_FAILURE: One or more currently-secured domains failed DCV. 10:01:59 PM Checking "example1.com" " 10:01:59 PM SUCCESS TLS Status: OK Certificate expiry: 9/1/18, 3:23 AM UTC (88.35 days from now) 10:01:59 PM Checking "secure.example1.com" " 10:01:59 PM TLS Status: Ready for Renewal WARN Certificate expiry: 6/24/18, 3:23 AM UTC (19.35 days from now) WARN Local DCV error (www.secure.example1.com): "www.secure.example1.com" does not resolve to any IPv4 addresses on the internet. ERROR Impediment: SECURED_DOMAIN_DCV_FAILURE: One or more currently-secured domains failed DCV. 10:01:59 PM Checking "support.example1.com" " 10:01:59 PM TLS Status: Incomplete Certificate expiry: 9/1/18, 3:23 AM UTC (88.35 days from now) Number of domains: 2 Number of secured domains: 1 WARN Local DCV error (www.support.example1.com): "www.support.example1.com" does not resolve to any IPv4 addresses on the internet. ERROR Impediment: NO_UNSECURED_DOMAIN_PASSED_DCV: Every unsecured domain failed DCV. 10:01:59 PM The system has completed the AutoSSL check for "realbeauty".

• 

  cPanelLauren

  • June 04, 2018 20:09

  Hi @meta7gear Based on this the autoSSL check is only failing for the www. subdomains it's not failing for the actual subdomain. Note that only the www. subdomains are only listed here. While I did remove the actual domain name I took a look at the status of the certificate for the domain name before I removed it at SSL Checker - SSL Certificate Verify and the certificate for the subdomains seems to be good for another 187 days. Thanks!

  0
• 

  meta7gear

  • June 04, 2018 21:16

  Is there a way to remove these www entries so we stop getting the errors and email notification of failure. Will they remove themselves after the listed expiry in a few days? Weirdly enough, I notice there are also dns zones listed for each subdomain with www (see attached file)

  0
• 

  cPanelLauren

  • June 05, 2018 13:04

  Hi @meta7gear You should actually be able to exclude them for AutoSSL checks by going to cPanel>>Security>>SSL/TLS Status and selecting the domains you don't want checked. Thanks!

  0
• 

  baole01s

  • March 29, 2020 02:47

  Please help me, i accept many email from cpanel about autossl with failed DCV. i don`t know resolve for this error.

  0
• 

  cPanelLauren

  • April 01, 2020 14:56

  Hello, The error indicates that those domains listed failed the DCV check. Do those domains exist on your server and do they resolve?

  0
• 

  AdrianP

  • January 10, 2022 19:04

  I do not understand WHY you check domains that do not exist? Adding www in front of a subdomain is making no sense to me. Also, all these cpcalendars, webdisk, cpcontacts should be excluded by default if not set up in DNS. WHY make things complicated? WHY not add a feature to select ONLY domains existing in DNS? I don't know if someone is using those subdomains but it should be optional for auto SSL checker and you will avoid any questions about failing DCV.

  0

Please sign in to leave a comment.