AutoSSL renewal fails

Modified on Wed, 26 Jun at 5:22 PM

cPanel offers AutoSSL. While it generally works, you may get error messages. You can use the following as a reference model to resolve the issue.


If your certificate is not expired, just wait 24 hours. The problem should get resolved.
If your certificate is expired, contact us and we can manually renew the certificate. Do you have a managed or your own server? You can run AutoSSL again in WHM.



ErrorReasonSolution
 1:31:19 PM ERROR “Let’s Encrypt™” DNS DCV error (*.domain.com): 403 urn:ietf:params:acme:error:unauthorized (The client lacks sufficient authorization) (Incorrect TXT record "4ybE3io5_U7xcl-d2sAccEzSnOxR8ht01EDy6COtOzc" found at _acme-challenge.domain.com)
It could be that previous records exists. After a successful check, cPanel normally clears records such as _acme-challenge. This may not have happened, so manual interaction is required.To resolve this, go to the DNS manager of your account and remove the following records with the type TXT:
  1. _cpanel-dcv-test-record
  2. _acme-challenge
  3. _acme-challenge.ipv6
  4. Remove any CNAME records with comodoca.com in the value. 
  5. Remove any variations.
 3:44:25 PM ERROR “Let’s Encrypt™” DNS DCV error (ipv6.domain.com=): 400 urn:ietf:params:acme:error:dns (There was a problem with a DNS query) (During secondary validation: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.ipv6.domain.com - check that a DNS record exists for this domain)
 ERROR Impediment: SECURED_DOMAIN_DCV_FAILURE: One or more currently-secured domains failed DCV.

cPanel expects ipv6.domain.com to exists when IPv6 is activated.
  1. Find the value for www.domain.com with type AAAA
  2. Create a new record with ipv6.domain.com with the type AAAA and the value of www.domain.com 




Unfortunately, cPanel has not implemented correct support for redundant DNS systems. Therefore, AutoSSL may fail from time to time.


Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article