Hi
Thanks for getting in touch.
You can set up which subdomains are included in AutoSSL via cPanel > SSL/TLS Status.
If you click on Exclude from Auto-SSL this will stop the system from attempting to gain a certificate for a subdomain which is not necessary.
If you are seeing errors regarding DCV this means that when AutoSSL ran, LetsEncrypt were unable to authorize the domain for a certificate.
To authorize a domain, first LetsEncrypt searches for a file and tries to find the file on the server over http (not https). This can fail if your IP address provided by your A record does not resolve to the IP address shown in cPanel. Also this will fail if the IP does resolve to our server, but the connection is forced from http to https (eg through cloudflare strict https or htaccess rules.
If the file validation above fails cPanel will create a DNS record which LetsEncrypt will check. LetsEncrypt will only check for the DNS records at the name servers set at your registrar, so this will fail if your name servers are now ourselves.
Please let us know if you would like us to look more closely at individual subdomain failures and we can advise on what changes need to be made that DCV passes.
We look forward to hearing from you.
#signature
#cut
