DCV AutoSSL issue due to wildcard subdomain

cPanel User

• April 03, 2025 10:43

Dear cPanel community

I have an issue on the AutoSSL DCV check for the cpanel., webdisk., cpcontacts. ,.. subdomains. I have a wildcard subdomain installed (*.domain.tld) which seems to be the problem. When i access the cPanel subdomains directly with my browser there seems to be no problem, but when i try to check the DCV URLs there's a redirect to the main domain due to the wildcard subdomain. I want all the non existing subdomains to redirect to the main domain. But it seems that the core cPanel subdomains are also getting redirected. This has worked before, but now i'm receiving daily mails of the AutoSSL renewal error.

I'm looking forward to a solution, thanks in advance

 

 

 

• 

  cPRex Jurassic Moderator

  • April 03, 2025 15:05

  Hey there!  Can you let me know how you created this wildcard domain so I can do some testing on my end?

  0
• 

  cPanel User

  • April 03, 2025 15:39

  Hey cPRex!

   

  I've used the cPanel documentation: https://support.cpanel.net/hc/en-us/articles/4416167771543-How-to-create-wildcard-subdomains .

   

  - created a *.domain.tld (create a new domain section)

  - _wildcard_.domain.tld folder was created in de root

  - in the _wildcard_.domain.tld folder i've put an index file that redirects to de main domain

   

  This is the error i'm getting:

  DNS DCV: No local authority: “cpcalendars.domain.tld”; HTTP DCV: The system failed to fetch the DCV (Domain Control Validation) file at “http://cpcalendars.domain.tld/.well-known/acme-challenge/” because of an error: The system failed to send an HTTP (Hypertext Transfer Protocol) “GET” request to “http://cpcalendars.domain.tld/.well-known/acme-challenge/” because of an error: The response exceeded the maximum length (16 KB). (<!DOCTYPE html><html><head><link rel="stylesheet" type="text/css" at ...cpanel/Cpanel/SSL/DCV line 662..

   

  same for webdisk, webmail, cpanel, cpcontacts

   

  Thanks in advance!

  0
• 

  cPRex Jurassic Moderator

  • April 03, 2025 18:00

  Hey there!  This is one of those "it should just work" since Let's Encrypt issues wildcard certificates, so I don't have a good explanation for what is happening here.  Could you open a ticket so this can be investigated?

  0
• 

  cPanel User

  • April 16, 2025 23:29
  • Edited

  Hey cPRex, apologies for the late reply!

  My hosting provider tracked the issue. The DNS is not set to cPanel directly, therefore causing Let's Encrypt to fail. But there are no further options... so i think the wilcard will never work..

  I maybe found a workaround for my problem. I think i need to override the default cgi script with an error 404 when a non-existing subdomain is visited. I tried to make a change in the apache htdocs with an index.php file like this post: https://stackoverflow.com/questions/23508114/produce-a-404-error-when-a-domain-isnt-set-up-whm-centos . But when i do, an error 500 is trown when i visit a random non existing subdomain. When i reset it to the original index.html, the cgi-sys/defaultwebpage.cgi is executed again.. Are there other options? I don't need a template, i need an error 404.

  Can you help me with that? Thanks in advance!

  0
• 

  cPRex Jurassic Moderator

  • April 17, 2025 15:47

  I'm not seeing a good way to do this.  Did the how say how that would fix the SSL system?  If you need that specific behavior it might be best to create a feature request at features.cpanel.net and then I can bring that up with the team or you could host the DNS directly on the cPanel system to resolve the AutoSSL issue.

  0

Please sign in to leave a comment.