cPanel Service Certificates (SSL) fail to renew

cPanel recently switched from using Sectigo to Lets Encrypt for it's service certificates (hostname, cpanel, whm, ftp, smtp, dovecot etc.).

Unfortunately their implementation can only use DNS verification to request the new certificate. If the DNS for the hostname of the cPanel server is NOT hosted on that cPanel server, then the SSL service certificates cannot be renewed. There is no workaround for this at this time.

The choices are:

1. Run self-signed certificates. This will result in an error in your browser when accessing WHM, cPanel and Webmail which you have to click past to access the services. This is done by going to WHM -> Manage Service SSL Certificates and hitting 'Reset Certificate' next to the expired certificates. Or if a valid certificate exists, hitting the 'Apply Certificate to Another Service' and selecting the services with the expired certificate.

2. Change the hostname of the server to something that has it's DNS hosted on that cPanel server (this is not possible if you do not run a DNS server on your cPanel server).

VPSBlocks can help with these, note that if you do not have a DNS server on your cPanel server which already has private name servers setup, we will have to coordinate with you to create private name servers using a domain you own, this is primarily done at your domain registrar.