DNS DCV: No local authority for mail.DOMAINNAME.XXX

Here's the setup. I have a WordPress website with the domain name on GoDaddy. The WordPress uses the Cloudflare plugin so the DNS Nameservers points to the Cloudflare where all DNS records are setup there.

Screenshot DNS Records on Cloudflare: https://snipboard.io/aHdtMB.jpg

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: adkinsadventures.com

I ran this command: Check AutoSSL

It sent a warning email with this output:

AutoSSL did not renew the certificate for “adkinsadventures.com”. *You must take action to keep this site secure.

The “LetsEncrypt” AutoSSL provider could not renew the SSL certificate without a reduction of coverage because of the following problem:

![:no_entry:]
mail.adkinsadventures.com
(checked on Jun 20, 2022 at 6:23:39 PM UTC)

DNS DCV: No local authority: “mail.adkinsadventures.com”; HTTP DCV: “mail.adkinsadventures.com” does not resolve to any IP addresses on the internet.

My web server is (include version): WHM/cPanel 104.0.4

The operating system my web server runs on is (include version): WHM/cPanel 104.0.4

My hosting provider, if applicable, is: HostGator

I can login to a root shell on my machine (yes or no, or I don't know): YES

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): YES

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): N/A

Hi @LukeDouglas, and welcome to the LE community forum :slight_smile:

What happened to the "mail" name?
[without it, AutoSSL can't renew your cert]
If you no longer use it/need it, perhaps you can remove it from WHM/cPanel.

3 Likes

On recommendation, I changed the CNAME record to an 'A' record and put the server IP as the Record.

mail.adkinsadventures.com. 14400 A
162.241.189.248

Didn't work. Still get the email warning.

I don't see the A record with dig to your auth DNS (Cloudflare) and googles dig tool doesn't see it either
https://toolbox.googleapps.com/apps/dig/#A/

2 Likes

Where?

The authoritative servers are:

adkinsadventures.com    nameserver = ulla.ns.cloudflare.com
adkinsadventures.com    nameserver = harley.ns.cloudflare.com

And they know nothing about the CNAME, A record, nor IP of it.

3 Likes