Skip to main content

LetsEncrypt Wildcard DNS verification when not using cPanel's name servers

Comments

7 comments

  • cPanelLauren
    The txt record that is added when we do this is automatically generated and as of right now you cannot successfully perform DNS DCV with AutoSSL if your server is not authoritative for the domain. This is also noted in the documentation under Limitations for Wildcard Domains: [QUOTE=https://docs.cpanel.net/knowledge-base/third-party/the-lets-encrypt-plugin/88/#wildcard-domains] Limitations If you use the Let"s Encrypt plugin to issue certificates for wildcard domains, be aware that:
    • This plugin cannot use HTTP DCV challenges to issue certificates for wildcard domains. This is because Let"s Encrypt does not support this type of challenge. For more information, read Let"s Encrypt"s
    0
  • Fozzie
    The txt record that is added when we do this is automatically generated and as of right now you cannot successfully perform DNS DCV with AutoSSL if your server is not authoritative for the domain. This is also noted in the documentation under Limitations for Wildcard Domains:

    Why though? Why is there not a text box that pops up saying the TXT record to add? Why did the development team just assume everyone is going to use cPanel's DNS?
    0
  • cPanelLauren
    As I don't have specifics I can assume that this was done this way to match with the existing method of DCV check generation - we auto-generate the HTTP CSR Hash as well. It looks like one of our teams is working on something for this (I see an improvement case marked as To Do) but there is no timeframe for competition. I'd also assume they'd have to change the way the entire module works doing this since for all other certificate types the fallback to HTTP DCV check will bypass the need for locally managed nameservers.
    0
  • WHJabe
    Hi, is there any update on this feature? I'm trying to get a wildcard certificate through AutoSSL using Let's Encrypt and I'm getting the following error for my subdomains: WARN Local HTTP DCV error (MY SUBDOMAIN): "MY SUBDOMAIN" does not resolve to any IP addresses on the internet. I'm assuming it's because I've purchased my domain through a third party? Any assistance is appreciated. Thanks.
    0
  • cPRex Jurassic Moderator
    @WHJabe - there hasn't been any change to the way Let's Encrypt validates the wildcard certificates. As far as I can tell this is on Let's Encrypt's end as they state the following here: ACME v2 Production Environment & Wildcards "To request a wildcard certificate simply send a wildcard DNS identifier in the newOrder request." Because of that, there is no http request option for wildcard verification.
    0
  • cPRex Jurassic Moderator
    There is no way to manually add that - as the "auto" in AutoSSL implies, this would be setup in the DNS zone automatically by the tool. The specific error you're receiving would indicate either a general DNS issue with the domain, or a DNS issue outside the server. I would recommend scanning the domain with a tool like IntoDNS.com as any issues reported there would keep the AutoSSL system from working properly.
    0

Please sign in to leave a comment.