cPanel : AutoSSL Fails Due to Unresolvable cprapid.com Subdomains – How to Fix

Issue: You may receive an error during AutoSSL renewal like the one below:

AutoSSL would normally renew this certificate now, but 2 of the website’s secured domains just failed DCV. AutoSSL will request a replacement certificate that excludes any domains that fail DCV. One such domain is:
domain.com.123-158-172-173.cprapid.com
DNS DCV: No local authority
HTTP DCV: Does not resolve to any IP addresses on the internet.

Cause

This issue occurs because of a change introduced in cPanel version 124, where temporary .cprapid.com subdomains (like domain.com.123-158-172-173.cprapid.com) are automatically added to the ServerAlias directive for Apache VirtualHosts. These are intended to help preview websites before DNS propagation.

Unfortunately, these temporary subdomains are also included in the AutoSSL request. Since they do not resolve publicly, the Domain Control Validation (DCV) fails and the AutoSSL renewal is deferred or fails entirely.

Who is Affected?

Even if your account only has one domain configured, this error may still occur due to the automatic inclusion of the .cprapid.com subdomain tied to your server IP address.

How to Fix

Until cPanel resolves the issue under internal case CPANEL-46086, you can manually remove the invalid .cprapid.com subdomain from your account using the following steps:

1. Log in to your cPanel account.
2. Navigate to Domains under the Domains section.
3. Look for a domain that includes .cprapid.com (e.g., domain.com.123-158-172-173.cprapid.com).
4. Click Remove or Manage and then remove the domain.
5. Re-run AutoSSL via cPanel » SSL/TLS Status by clicking “Run AutoSSL” at the top of the page.

Optional: Convert Parked Domain to Addon Domain (Advanced)

If you previously added a domain as a Parked/Alias domain, you can convert it into an Addon Domain to avoid such inclusion in bulk certificates:

1. Remove the parked domain via cPanel » Domains.
2. Re-add the domain and uncheck Share Document Root.
3. Set the Document Root to public_html to mirror the main site’s content.

Status of Fix

cPanel is aware of this issue and is tracking it internally under case CPANEL-46086. You can follow updates to the official support article here: https://support.cpanel.net/hc/en-us/articles/27772003203607

Need Help?

If you're unsure about removing the domain or re-running AutoSSL, feel free to contact our support team. We’ll assist in resolving this promptly and ensure your SSL certificates renew correctly.

Fix via SSH

On your VPS or Server login as root and execute the following script to remove the cprapid.com suffix domains

#!/bin/bash

LOGFILE="/root/whmapi1_remove_cprapid.log"

echo "Removing all .cprapid.com parked domains..." | tee -a "$LOGFILE"
echo -e "\n========== Run Started at $(date) ==========\n" >> "$LOGFILE"

TMPFILE=$(mktemp)
/bin/grep -r '\.cprapid\.com' /var/cpanel/userdata/*/main > "$TMPFILE"

while IFS=: read -r filepath domain_line; do
    domain=$(echo "$domain_line" | sed 's/- //;s/^[ \t]*//;s/\r//' | tr -d '\n')
    user=$(echo "$filepath" | cut -d/ -f5)

    echo " Removing $domain (user: $user)" | tee -a "$LOGFILE"
    whmapi1 delete_domain domain="$domain" >> "$LOGFILE" 2>&1
    echo "[REMOVED] $domain" >> "$LOGFILE"
done < "$TMPFILE"

rm -f "$TMPFILE"

echo -e "\n All .cprapid.com domains processed. Log saved at: $LOGFILE"