IP address correct in DNS queries, but LE still getting old one

All queries available to me show the new IP address of and I have confirmed propagation to several major public DNS providers. Even unboundtest is showing the correct IP address: https://unboundtest.com/m/A/spraychem.com/HZKXRIZ2

As you can see below - Let’s Encrypt is getting I have tested mixed case, and the authoritative name servers provide the correct IP even with mixed case. Every angle I look at it, it appears that the unbound instances used by L.E. have the IP cached, or in a hosts file, or something.

My domain is: spraychem.com

I ran this command: cPanel built in Auto-SSL

It produced this output:
DNS DCV: The DNS query to “_cpanel-dcv-test-record.spraychem.com” for the DCV challenge returned no “TXT” record that matches the value “_cpanel-dcv-test-record=KefBahO7FGFirRC3bWbpc9jS1asPSXn_8JO3VjUUI7MsW1HW1d1h2rB5l6sXzK7X”.; HTTP DCV: The system queried for a temporary file at “http://spraychem.com/.well-known/acme-challenge/313W3OC8RCW8J4AFEMB3BL3-JVIGBCQH”, but the web server responded with the following error: 404 (Not Found). A DNS (Domain Name System) or web server misconfiguration may exist. The domain “spraychem.com” resolved to an IP address “” that does not exist on this server.

My web server is (include version):
LiteSpeed web server 4.5.8 (build 3)

The operating system my web server runs on is (include version):
CloudLinux release 7.8 (Alexei Leonov)

My hosting provider, if applicable, is:
Self / prime42

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
WHM/cPanel 90.0.5

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
Whatever is built into cPanel

1 Like

Hi @T313C0mun1s7


not a Letsencrypt check, that’s the pre-check of your cPanel.

So your cPanel configuration is buggy and has the wrong ip address or a wrong DNS.

–>> change that.


It has been working for the other 150 accounts on this server and the 5 identical servers for the last 3 years. However it is good to know it is the cPanel precheck, because that at least means it is something local that I can fix and not something remote I don’t have control of.

We don’t use the cPanel server for DNS or E-mail. It is hard to convince cPanel server of that sometimes as it seems inherent in their paradigm that the servers should be an all in one solution.

I will see what I can find and report back. Thank you.

1 Like

I confirmed that the DNS server in use was set to disabled. Then I ran the DNS Cleanup option from WHM. It reported it cleaned up 177 zones.

After this we went to the zone manager and confirmed that all of the entries for the domain matched what was on the Authoritative Name Servers including the SOA and NS Records. They were, and all A Records now had the proper IP.

After that I ran Auto-SSL again and got the following response in the log:

Log for the AutoSSL run for “spray”: Saturday, August 29, 2020 10:04:35 AM GMT-0700 (Let’s Encrypt™)

10:04:35 AM AutoSSL’s configured provider is “Let’s Encrypt™”.
Analyzing “spray”’s domains …
10:04:35 AM Analyzing “spraychem.com” …
10:04:35 AM User-excluded domain: 1 (mail.spraychem.com)
Certificate expiry: 10/1/20, 6:38 AM UTC (32.57 days from now)
10:04:35 AM SUCCESS This user’s SSL coverage is already optimal.

So I will wait a few days until the expiry is under 30 days and try again to see what happens.

Note to anyone who finds this thread in the future. This domain was migrated to this server from another service provider via a cPanel transfer/move backup file. So it had an existing certificate. I manually run Auto-SSL to insure that the renewal of certificates is properly scheduled.

@JuergenAuer Thank you again. Your reply led me to the correct answer.