Secondary IP Address for Mail server kills the process on WHM

Hi there,

Running Manage AutoSSL on WHM
Multiple hosted websites.

The mail server uses a different IP address to the Web Server.

Issuing or Renewing the certs causes an error as ( ( is not local in the eyes of LetsEncrypt.

I have to edit the DNS ZONE back to while I renew or Issue.
Then edit it back to

An example response is here:

3:20:49 PM Performing DCV (Domain Control Validation) …

3:20:49 PM Local HTTP DCV OK:


WARN Local HTTP DCV error ( The system queried for a temporary file at “”, but the web server responded with the following error: 404 (Not Found). A DNS (Domain Name System) or web server misconfiguration may exist.

3:20:56 PM ERROR Local DNS DCV error ( The DNS query to “” for the DCV challenge returned no “TXT” record that matches the value “_cpanel-dcv-test-record=QyjHfqtgvQmOe7hqePmfEA31uoFYRwiHFzFseLO3Kv0iJZVZQRdKE34yqrDqdw26”.

3:20:56 PM Analyzing “”’s DCV results …

3:20:56 PM ERROR Impediment: NO_UNSECURED_DOMAIN_PASSED_DCV: Every unsecured domain failed DCV.

3:20:56 PM The system has completed the AutoSSL check for “domain”.

Then when I point the dns for 14400 IN A
and run it…

we get success

3:22:06 PM Analyzing “”’s DCV results …

3:22:06 PM local DCV has gained domains

No CAA record added because there is no CAA record from another provider in the DNS for

3:22:10 PM “Let’s Encrypt™” HTTP DCV OK:

“Let’s Encrypt™” HTTP DCV OK:

“Let’s Encrypt™” HTTP DCV OK:

AutoSSL will request a new certificate.

Any ideas of previous info I can use please…?

Hi @thenetie,

I'm not sure why you need to be listed on the same certificate if it's hosted on a separate server. But if you do, the easiest way would be to make the HTTP server on send an HTTP 301 redirect so that requests are redirected to the corresponding location in In this case, the Let's Encrypt CA validator will follow this redirect and allow the AutoSSL tool to pass the challenge as if the DNS name were pointed to that machine.

Hi Schoen,

thanks for the reply.
Perhaps I didnt make myself clear.

The server has 2 IP’s LOCALLY
One for Web and one for Mail.

LetsEncrypt cannot see that the second IP is a local IP so we get errors.

When I change to the first IP (The same IP that Apache runs on) it works fine.

The 404 error is because the second IP doesnt resolve web pages. - wont return web pages = 404

As far as AutoSSL goes, you are preventing HTTP DCV from succeeding, by pointing the mail. subdomain somewhere that is not an accessible local virtualhost. From my reading of your post, it may even be a publicly unroutable address.

So your other option is to facilitate the use of DNS DCV instead, by hosting's DNS using the cPanel DNS Cluster, so that AutoSSL can create public TXT records for the certificate issuance process.

If you can’t do that, you’re pretty much out of options. And that makes sense, because AutoSSL is unable to demonstrate control over the mail. subdomain.

AutoSSL’s Let’s Encrypt implementation is built by cPanel. You might get more helpful advice by sending them a ticket instead.

Edit: You could also try add an WHM Apache include for a VirtualHost that listens on and responds to (if that address is publicly routable), to be served from the same document root as the main virtualhost.

Ok, I think the last option is least painful.
I will ask the guys who handle that stuff to consider it.
Thanks _az
I appreciate the pointer

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.