How Do I Correct: cPanel Notice: "Secured domains just failed DCV"?

I searched Community Tips and other help topics but could not find this issue:

cPanel says: “5 of the website’s secured domains just failed DCV.” Details follow:

SSL certificates are installed on host for domains and subdomains by “Let’s Encrypt” as follows:


cpanel.dmeinterns.org

webdisk.dmeinterns.org
webmail.dmeinterns.org

A universal SSL certificate is installed on Cloudflare for domain dmeinterns.org and *.dmeinterns.org

This is my first Auto SSL renewal since installing cloudflare. cPanel is sending notice as follows:

dmeinterns.org: AutoSSL would normally renew this certificate now, but 5 of the website’s secured domains just failed DCV. To provide you with more time to resolve these problems, AutoSSL will defer the renewal until Dec 3, 2019 at 6:33:09 AM UTC. After that time, AutoSSL will request a replacement certificate that excludes any domains that fail DCV. At the time of this notice, the certificate will expire in 6 days, 10 hours, 8 minutes, and 37 seconds.

AutoSSL did not renew the certificate for “dmeinterns.org”. You must take action to keep this site secure.

The “cPanel” AutoSSL provider could not renew the SSL certificate without a reduction of coverage because of the following problems:

⛔ webdisk.dmeinterns.org (checked on Nov 29, 2019 at 8:24:27 PM UTC)

DNS DCV: The DNS query to “_cpanel-dcv-test-record.dmeinterns.org” for the DCV challenge returned no “TXT” record that matches the value “_cpanel-dcv-test-record=aQHFAY1gWQdJVh2F2p3b1ojDoFDRH9W6snZfgEyVZDzECsrYN76BySGunajc5Fzt”.; HTTP DCV: “cPanel (powered by Sectigo)” forbids DCV HTTP redirections.

⛔ webmail.dmeinterns.org (checked on Nov 29, 2019 at 8:24:27 PM UTC)

DNS DCV: The DNS query to “_cpanel-dcv-test-record.dmeinterns.org” for the DCV challenge returned no “TXT” record that matches the value “_cpanel-dcv-test-record=aQHFAY1gWQdJVh2F2p3b1ojDoFDRH9W6snZfgEyVZDzECsrYN76BySGunajc5Fzt”.; HTTP DCV: “cPanel (powered by Sectigo)” forbids DCV HTTP redirections.

⛔ www.dmeinterns.org (checked on Nov 29, 2019 at 8:24:27 PM UTC)

DNS DCV: The DNS query to “_cpanel-dcv-test-record.dmeinterns.org” for the DCV challenge returned no “TXT” record that matches the value “_cpanel-dcv-test-record=aQHFAY1gWQdJVh2F2p3b1ojDoFDRH9W6snZfgEyVZDzECsrYN76BySGunajc5Fzt”.; HTTP DCV: “cPanel (powered by Sectigo)” forbids DCV HTTP redirections.

⛔ cpanel.dmeinterns.org (checked on Nov 29, 2019 at 8:24:27 PM UTC)

DNS DCV: The DNS query to “_cpanel-dcv-test-record.dmeinterns.org” for the DCV challenge returned no “TXT” record that matches the value “_cpanel-dcv-test-record=aQHFAY1gWQdJVh2F2p3b1ojDoFDRH9W6snZfgEyVZDzECsrYN76BySGunajc5Fzt”.; HTTP DCV: “cPanel (powered by Sectigo)” forbids DCV HTTP redirections.

⛔ dmeinterns.org (checked on Nov 29, 2019 at 8:24:27 PM UTC)

DNS DCV: The DNS query to “_cpanel-dcv-test-record.dmeinterns.org” for the DCV challenge returned no “TXT” record that matches the value “_cpanel-dcv-test-record=aQHFAY1gWQdJVh2F2p3b1ojDoFDRH9W6snZfgEyVZDzECsrYN76BySGunajc5Fzt”.; HTTP DCV: “cPanel (powered by Sectigo)” forbids DCV HTTP redirections.

How do I correct this problem?

I bet it wants CNAME records in DNS that aren’t set to :orange:. Those all look like the same CNAME data. So…
Add a CNAME record with a Name of: _cpanel-dcv-test-record
And a Value of: _cpanel-dcv-test-record=aQHFAY1gWQdJVh2F2p3b1ojDoFDRH9W6snZfgEyVZDzECsrYN76BySGunajc5Fzt
Make sure that CNAME is set to :grey: (No Proxy)

Thanks sdayman

Thanks for the reply. As I understand it, a CNAME can have a name, and a target, but not a value?

So, on a cPanel forum I found a solution at: https://forums.cpanel.net/threads/autossl-renew-dns-dcv-returned-no-txt-record.650345/

Basically I had to pause Cloudflare, force AutoSSL to renew cert, then re-enable Cloudlfare.

If there is a more elegant solution, I am all ears!

I apologize. I goofed up. It should have been TXT records.

Sdayman: That’s what I thought. Thanks again for the help.

1 Like