Let's Encrypt SSL issuance failing after installing CPGuard (even with firewall disabled)

Hello,

I am experiencing issues with Let's Encrypt SSL certificate issuance after installing CPGuard on my cPanel server.

Here is the situation in detail:

• The server was working perfectly fine before installing CPGuard.
• After installing CPGuard, Let's Encrypt (AutoSSL) stopped working.
• SSL certificates cannot be issued or renewed.
• I have already tried disabling the CPGuard firewall completely, but the issue still persists.
• Even with the firewall disabled, the problem continues, which makes me think something else in CPGuard is interfering.

Additional details:

• Server environment: cPanel/WHM
• CPGuard is installed and was recently configured
• Ports 80 and 443 are open and accessible
• The issue occurs for all domains on the server

I have also verified DNS resolution directly from the server using SSH.

Example checks:

dig madamepera.com

dig www.madamepera.com

dig A madamepera.com

dig A www.madamepera.com

dig +trace madamepera.com

The DNS records appear to resolve correctly from the server side.

I will provide relevant logs below for further analysis.

At this point, I suspect that CPGuard may be interfering with ACME challenge validation (such as HTTP-01 requests), even when the firewall is disabled.

Could you please help me identify what might be causing this and how to resolve it?

Thanks in advance for your support.

Best regards,

---------------------------- LOGS

Log for the AutoSSL run for “madamp”: Wednesday, March 25, 2026 10:05:49 AM GMT+0300 (Let’s Encrypt™)

10:05:49 AM AutoSSL’s configured provider is “Let’s Encrypt™”.

Analyzing “madamp”’s domains …

10:05:49 AM Analyzing “madamepera.com” (website) …

10:05:49 AM User-excluded domains: 4 (autodiscover.madamepera.com, webdisk.madamepera.com, cpcontacts.madamepera.com, cpcalendars.madamepera.com)

ERROR TLS Status: Defective

ERROR Defect: NO_SSL: No SSL certificate is installed.

10:05:49 AM Attempting to ensure the existence of necessary CAA records …

10:05:49 AM No CAA records were created.

10:05:49 AM Verifying 6 domains’ management status …

Verifying “Let’s Encrypt™”’s authorization on 6 domains via DNS CAA records …

WARN DNS query error (madamepera.com/NS): SERVFAIL (2)

WARN DNS query error (madamepera.com/NS): SERVFAIL (2)

WARN DNS query error (madamepera.com/NS): SERVFAIL (2)

WARN DNS query error (madamepera.com/NS): SERVFAIL (2)

10:05:49 AM ERROR “madamepera.com” is unmanaged. Verify this domain’s registration and authoritative nameserver configuration to correct this problem.

10:05:49 AM WARN DNS query error (cpanel.madamepera.com/NS): SERVFAIL (2)

10:05:49 AM ERROR “cpanel.madamepera.com” is unmanaged. Verify registration and authoritative nameserver configuration for this domain or “madamepera.com” to correct this problem.

10:05:49 AM WARN DNS query error (webmail.madamepera.com/NS): SERVFAIL (2)

WARN DNS query error (madamepera.com/NS): SERVFAIL (2)

10:05:49 AM ERROR “webmail.madamepera.com” is unmanaged. Verify registration and authoritative nameserver configuration for this domain or “madamepera.com” to correct this problem.

10:05:49 AM WARN DNS query error (madamepera.com/NS): SERVFAIL (2)

10:05:49 AM ERROR “*.madamepera.com” is unmanaged. Verify this domain’s registration and authoritative nameserver configuration to correct this problem.

10:05:49 AM WARN DNS query error (www.madamepera.com/NS): SERVFAIL (2)

10:05:49 AM ERROR “www.madamepera.com” is unmanaged. Verify registration and authoritative nameserver configuration for this domain or “madamepera.com” to correct this problem.

10:05:49 AM WARN DNS query error (mail.madamepera.com/NS): SERVFAIL (2)

10:05:49 AM ERROR “mail.madamepera.com” is unmanaged. Verify registration and authoritative nameserver configuration for this domain or “madamepera.com” to correct this problem.

AutoSSL cannot confirm management status for any of this user’s 6 domains. AutoSSL cannot secure any domain without confirming its management status.

10:05:49 AM WARN DNS query error (www.madamepera.com/CAA): SERVFAIL (2)

WARN DNS query error (madamepera.com/CAA): SERVFAIL (2)

10:05:49 AM CA authorized: “madamepera.com”

CA authorized: “*.madamepera.com”

CA authorized: “www.madamepera.com”

10:05:49 AM WARN DNS query error (mail.madamepera.com/CAA): SERVFAIL (2)

10:05:49 AM CA authorized: “mail.madamepera.com”

10:06:02 AM CA authorized: “cpanel.madamepera.com”

CA authorized: “webmail.madamepera.com”

“Let’s Encrypt™” is authorized to issue certificates for 6 of this user’s 6 domains.

10:06:02 AM AutoSSL cannot increase “madamp”’s SSL coverage.

I can't open those websites: geoblocking?

Those SERVFAIL errors are from AutoSSL doing pre-checks of your domain and DNS config. That is why the error says "AutoSSL cannot confirm ...". The error messages are not coming from Let's Encrypt. You should ask your hosting service about that.

In the past you got a wildcard cert for your main domain. And, cPanel would have needed to ensure it had authority to update your DNS to add a TXT record for Let's Encrypt to validate before issuing a cert. So, your problems might be related to that although I don't know why there would be DNS query failures for so many names if you were getting a wildcard again.

In any case, this problem is related to your cPanel config and your hosting provider is the best place to ask about that.