Wildcard SSL - cPanel adds a . (dot) at the end of the TXT record's name


#1

Hey everyone.

My domain is: kodense.com

My hosting provider is: Namecheap.com

I can login to a root shell on my machine: yes

I’m using a control panel to manage my site: cPanel 70.0.61

Problem description: I’ve been trying to create a wildcard SSL certificate for my domain name, but for some weird reason CPanel is altering the TXT record’s name, by adding a dot (.) character at the end of it, i.e. _acme-challenge.kodense.com. and I’m suspecting this to be the main - if not the only - reason as to why the record validation fails.

Has anyone encountered such an issue, and if so, how did you manage to get around it, if at all?

Many thanks.
/GR


#2

Are you entering _acme-challenge.kodense.com into the hostname field for this record? Generally, you exclude the base domain for most DNS control panels, just entering _acme-challenge, for instance. I believe the dot may be indicating that there’s more to the FQDN. I suspect that you’re actually creating records for _acme-challenge.kodense.com.kodense.com.


#3

Hi @GeekRider

this isn’t a problem. It’s the “root dot”, the dot that marks the DNS root zone.

And your dns txt entries are ok.


#4

Thanks for the fast reply @jared.m!
The thing is, whatever I’m trying to type into the zone name field under Zone Editor, the software will always append .kodense.com. automatically. For instance, if I type 123, I get 123 followed by a dot character, followed by kodense.com, followed by a final dot character, i.e. 123.kodense.com. - and that happens as soon as I focus out of the zone name textfield.

It may or may not be worth to mention that kodense.com is an add-on domain on the hosting plan that’s assigned to a different domain name.

Thanks for the input nevertheless!
/GR


#5

Hi @JuergenAuer, thanks for your reply. I wish I could say now I’m on the right track, but unfortunately I’m even more puzzled at this point. If my TXT entries are correct, then why wouldn’t the validation work? Check it out: https://www.sslforfree.com/create?dns_txt_verify=_acme-challenge.kodense.com

Thanks!
/GR


#6

Does your cPanel writes the TXT entries to Namecheap?

Isn’t it possible that you change your dns entries with the Namecheap menu?

PS: My tool ( https://check-your-website.server-daten.de/?q=kodense.com ) checks the length and if there are only allowed characters. But it can’t see if the value is too old.


#7

I honestly have no idea how they handle this :thinking:

Apparently not. At least, not unless I change the nameservers from the “Namecheap Web Hosting DNS” to “Namecheap BasicDNS”, which I would prefer not to do, because as I was saying a bit earlier, kodense.com is set up as an addon domain :slight_smile:

Wow, that looks like a really insightful tool! Too bad that most of the info in there makes no sense to me :joy:
In any case, to answer your question, I created the records a few hours ago, and they are set with a TTL of 1 second, as per the instructions on the LE setup page.

/GR