Failed Domain Control Validation (DCV) for Wix

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: dragontheory.com

I ran this command: N/A

It produced this output: See cPanel/AutoSSL email pasted below.

My web server is (include version): See cPanel/AutoSSL email pasted below.

The operating system my web server runs on is (include version): See cPanel/AutoSSL email pasted below.

My hosting provider, if applicable, is: Purchased domain from 101domains but site is hosted on Wix.

I can login to a root shell on my machine (yes or no, or I don’t know): No.

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Wix control panel.

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): N/A

Hello,

I have gotten several of these emails (pasted below). At first I thought it was yet another phishing scam but after Googling several terms in the email I was led here. I am not even sure what it is asking me to do. Forgive me if this is the wrong place but does anyone know how to fix this before the domain certificate(s) expire(s).

101domains says it’s a Wix issue and Wix doesn’t have live support or even email support that I can find. Their help page doesn’t return anything related to renewing expiring certificates, AutoSSL, or letsencrypt.

Maybe someone can point me in the right direction? Thank you very much!

----------- pasted email --------------
dance.dragontheory.com: AutoSSL would normally renew this certificate now, but 1 of the website’s secured domains just failed DCV. To provide you with more time to resolve this problem, AutoSSL will defer the renewal until Oct 6, 2019 at 2:15:51 PM UTC. After that time, AutoSSL will request a replacement certificate that excludes any domains that fail DCV. At the time of this notice, the certificate will expire in 9 days, 5 hours, and 27 minutes.
AutoSSL did not renew the certificate for “dance.dragontheory.com”. You must take action to keep this site secure.

The “LetsEncrypt” AutoSSL provider could not renew the SSL certificate without a reduction of coverage because of the following problems:

autodiscover.international.dance (checked on Sep 30, 2019 at 8:48:46 AM UTC)

DNS DCV: The DNS query to “_cpanel-dcv-test-record.international.dance” for the DCV challenge returned no “TXT” record that matches the value “_cpanel-dcv-test-record=Nill22hmLnPLt_BRpkuLdJdF7qSd7_sPqUyoE5k_WdNxAq67nebYCV5S970a2AqS”.; HTTP DCV: “autodiscover.international.dance” does not resolve to any IP addresses on the internet.

international.dance (checked on Sep 30, 2019 at 8:48:46 AM UTC)

DNS DCV: The DNS query to “_cpanel-dcv-test-record.international.dance” for the DCV challenge returned no “TXT” record that matches the value “_cpanel-dcv-test-record=Nill22hmLnPLt_BRpkuLdJdF7qSd7_sPqUyoE5k_WdNxAq67nebYCV5S970a2AqS”.; HTTP DCV: The system queried for a temporary file at “http://international.dance/.well-known/acme-challenge/X682ORKHUSFWT1DKXT3-9S4TVNX-KFDL”, but the web server responded with the following error: 404 (Not Found). A DNS (Domain Name System) or web server misconfiguration may exist. The domain “international.dance” resolved to an IP address “23.236.62.147” that does not exist on this server.

webdisk.international.dance (checked on Sep 30, 2019 at 8:48:46 AM UTC)

DNS DCV: The DNS query to “_cpanel-dcv-test-record.international.dance” for the DCV challenge returned no “TXT” record that matches the value “_cpanel-dcv-test-record=Nill22hmLnPLt_BRpkuLdJdF7qSd7_sPqUyoE5k_WdNxAq67nebYCV5S970a2AqS”.; HTTP DCV: “webdisk.international.dance” does not resolve to any IP addresses on the internet.

www.international.dance (checked on Sep 30, 2019 at 8:48:46 AM UTC)

DNS DCV: The DNS query to “_cpanel-dcv-test-record.international.dance” for the DCV challenge returned no “TXT” record that matches the value “_cpanel-dcv-test-record=Nill22hmLnPLt_BRpkuLdJdF7qSd7_sPqUyoE5k_WdNxAq67nebYCV5S970a2AqS”.; HTTP DCV: The system queried for a temporary file at “http://www.international.dance/.well-known/acme-challenge/PKOINDNUPH-_TQQPYHX6QUYEIZMS2EJH”, but the web server responded with the following error: 404 (Not Found). A DNS (Domain Name System) or web server misconfiguration may exist. The domain “www.international.dance” resolved to an IP address “35.184.133.11” that does not exist on this server.

cpanel.international.dance (checked on Sep 30, 2019 at 8:48:46 AM UTC)

DNS DCV: The DNS query to “_cpanel-dcv-test-record.international.dance” for the DCV challenge returned no “TXT” record that matches the value “_cpanel-dcv-test-record=Nill22hmLnPLt_BRpkuLdJdF7qSd7_sPqUyoE5k_WdNxAq67nebYCV5S970a2AqS”.; HTTP DCV: “cpanel.international.dance” does not resolve to any IP addresses on the internet.

mail.international.dance (checked on Sep 30, 2019 at 8:48:46 AM UTC)

DNS DCV: The DNS query to “_cpanel-dcv-test-record.international.dance” for the DCV challenge returned no “TXT” record that matches the value “_cpanel-dcv-test-record=Nill22hmLnPLt_BRpkuLdJdF7qSd7_sPqUyoE5k_WdNxAq67nebYCV5S970a2AqS”.; HTTP DCV: The system queried for a temporary file at “http://mail.international.dance:2095/.well-known/acme-challenge/EY2B78_3KPJZAMAZBCF4HD-NTDFWZ6EI”, which was redirected from “http://mail.international.dance/.well-known/acme-challenge/EY2B78_3KPJZAMAZBCF4HD-NTDFWZ6EI”. The web server responded with the following error: 401 (Access Denied). A DNS (Domain Name System) or web server misconfiguration may exist. The domain “mail.international.dance” resolved to an IP address “69.89.31.140” that does not exist on this server.

webmail.international.dance (checked on Sep 30, 2019 at 8:48:46 AM UTC)

DNS DCV: The DNS query to “_cpanel-dcv-test-record.international.dance” for the DCV challenge returned no “TXT” record that matches the value “_cpanel-dcv-test-record=Nill22hmLnPLt_BRpkuLdJdF7qSd7_sPqUyoE5k_WdNxAq67nebYCV5S970a2AqS”.; HTTP DCV: “webmail.international.dance” does not resolve to any IP addresses on the internet.

For the most current status, navigate to the “SSL/TLS Status” interface. You can also exclude domains from future renewal attempts, which would cease future notifications.

The certificate that is installed on this website contains the following properties:

Expiration: Wednesday, October 9, 2019 at 2:15:51 PM UTC
Domain Names: considertheraven.com
considertheraven.dragontheory.com
dance.dragontheory.com
mail.considertheraven.com
mail.international.dance
parties2remember.dragontheory.com
www.considertheraven.com
www.considertheraven.dragontheory.com
www.dance.dragontheory.com
www.parties2remember.dragontheory.com
Subject: commonName considertheraven.com
Issuer: countryName US

organizationName Let’s Encrypt
commonName Let’s Encrypt Authority X3
The system generated this notice on Monday, September 30, 2019 at 8:48:50 AM UTC.

You can disable the “AutoSSL has deferred normal certificate renewal because a domain on the current certificate has failed DCV (Domain Control Validation).” type of notification through the cPanel interface: https://dragontheory.com:2083/?goto_app=ContactInfo_Change

Do not reply to this automated message.

Copyright© 2019 cPanel, Inc.

Hi @dragontheory,

It seems to me that your cPanel instance on https://dragontheory.com:2083/ is not correctly aware of which domain names are or are not pointed at it. It apparently believes it's responsible for all of these names, but many of them are pointed at other, different servers.

The notice's suggestion that

may be relevant here.

Is it possible that all of these domains were automatically added to your registrar or host's control panel when you registered them, but never removed from that control panel when you later pointed them at Wix or at other hosting services?

If you make changes to your DNS records, such as adding a different A or CNAME record to point a name at a different hosting service, that doesn't automatically tell the original hosting service that it should stop taking responsibility for hosting the corresponding name. The original service would, however, become unable to renew certificates because typically only the specific server that is currently hosting a site is allowed to obtain new certificates for that site.

schoen, thanks for the response!

Forgive my noobness but does that mean I should to go to Wix and delete these possibly extraneous addresses from the DNS record? Not sure how to troubleshoot without messing up the domains I need.

Thanks

Hi @dragontheory,

Who is it who provides the control panel interface that I linked to? Maybe you could ask that entity about how to remove names from the configuration that are no longer pointed at that server.

As I understand the problem, you intentionally pointed some of the names to Wix, but the server that they were pointed at before doesn’t know about that change, and wrongly thinks that there’s a problem, because it still expects to have the names pointed at it. However, I didn’t look closely at where all of the names are pointed, and so there could be several different entities involved.

You have the choice over where all of the subdomains of your domain names point, and therefore which service providers help to provide each service. But sometimes it can be complicated to coordinate that process among all of the different entities involved because their various systems may not realize when you’ve made DNS changes.

On the bright side, if all of the services are currently working properly, the warnings may be mostly spurious and unlikely to impact the availability or reliability of anything (as if a bank that you no longer use at all kept writing to you about how direct deposits were no longer arriving in your account there, or something).

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.