AutoSSL issue for DDNS domains
My hosting provider is on cPanel v120.0.16 and I'm encountering two different AutoSSL errors when it is trying to generate SSL certificates for DDNS domains.
- DNS DCV: The DNS query to “_cpanel-dcv-test-record.TEST.DOMAIN” for the DCV challenge returned no “TXT” record that matches the value “_cpanel-dcv-test-record=Ptdne5BerxL5_Nlj6ro1ojk8fy2f6FZGdcxsFcSlfpqbBl7c7EbiwgoRGxZSWF9J”.
- DNS DCV: No local authority: “DDNS.TEST.DOMAIN”
where TEST.DOMAIN is my main domain and DDNS.TEST.DOMAIN is a example DDNS domain.
Am I correct to say that as per https://docs.cpanel.net/cpanel/domains/dynamic-dns/, Generation of free Let's Encrypt SSL certificates using AutoSSL is supported? If so, what could be the issue that led to the above 2 errors and what are possible ways to resolve it?
-
Hey there! We don't have any official documentation on this, but the only way to get AutoSSL working with DDNS would be to have the DNS for the domain by the local cPanel server. Any http checks would fail since the domain is pointed remotely, so AutoSSL can't create the verification files on the remote server, so the system will have to fall back to the DNS check, which is where you ran into the error.
If the DNS for the domain in question isn't hosted on the cPanel server, there isn't a way to get AutoSSL to issue the certificate.
0 -
Hi cPRex,
Thank you for responding. The DNS for the domain in question *is* indeed hosted on the cPanel server: I can see the TXT record that the error highlighted present in the zone editor.
In such a case, can you clarify if the troubleshooting should be focused on why AutoSSL isn't able to execute the DNS check properly? Are there any suggestion on how to approach or reference you can share to similar issues in the past?
In particular can you also confirm that none of the following will actually resolve the issue and achieve the objective: which is to have an SSL certificate issued to a DDNS domain?
0 -
Suggestions that do not work:
1. That DDNS should point to hosting server's IP
2. That I should buy my own SSL certificate and install it
3. That AutoSSL can only be generated on hosted-subdomain
4. That DDNS sub-domains should have their own nameservers
5. That domain control verification will only work with live servers listening at port 80/4430 -
Also given DNS for the domain in question *is* indeed hosted on the cPanel server, should we expect AutoSSL to be able to generate free SSL certificates for DDNS domains?
0 -
I did some additional testing with our team on this and confirmed that yes, DDNS domains do work with AutoSSL.
Does this command, when run from the server in question, show the correct nameservers for the domain?
/usr/local/cpanel/3rdparty/bin/perl -MCpanel::DnsRoots -MData::Dumper -e 'print Dumper(Cpanel::DnsRoots->new()->get_nameservers_for_domain("domain.com"));'
Just replace "domain.com" at the end of that command there with the actual domain you're working with.
0 -
My hosting provider support asserted that
"Let's Encrypt won't be able to issue a free SSL Certificate for your DDNS Domains. "
Can you help to confirm if DDNS domains do work with AutoSSL to request SSL certificates from Let's Encrypt?
Additional context: On my hosted cPanel, AutoSSL is able and already obtained SSL certificates for my hosted domains and sub-domains but not for DDNS.
I'll see if I can get my hosting provider support to run the above command...
0 -
Yes, I personally created a DDNS domain on a test machine and AutoSSL had no trouble issuing the certificate when the DNS was local to that server.
0
Please sign in to leave a comment.
Comments
7 comments