How to fix a rogue DNS-IP mapping in WHM or cPanel?

Question

I woke up this morning and started getting emails from customers of my website truckercert.com that "the site is down". But what actually happened is the SSL certificate quit working. The website runs on a Bluehost VPS and I have full (root) access to WHM and cPanel. I called Bluehost. The VPS tech support person was clueless both as to what caused it or how to fix it. She did, however, point out that there are some IP mismatches going on that could be at the root of the problem:

Notice how my domain resolves to two different IP addresses. This just started happening today. The wrong IP (204.11.56.48) now maps to an old domain I used to own (usaarbiters.com), and that domain also used to be the Primary Domain on my Bluehost account. So I guess it's no shock that this problem caught up with me. The correct IP for truckercert.com is 198.154.243.158.

This domain's (truckercert.com) SSL cert has been created and renewed automatically by Let's Encrypt through Bluehost for the past 2 years or so. I abandoned the domain usaarbiters.com over a year ago, but maybe someone just bought it, it resolves to a new IP, and maybe Let's Encrypt tried to renew the cert and got confused.

1. Is there a way in WHM or cPanel to remove all old references to usaarbiters.com so that truckercert.com doesn't have any link to that wrong IP?
2. After solving #1 above, is there a way to force Let's Encrypt to re-issue a correct SSL cert through WHM or cPanel (or some other way)?

Any help will be greatly appreciated.

Answer 1

Namecheap is the registrar, and my nameservers are set to ns1.bluehost.com and ns2.bluehost.com.

But the DNS zone on the authoritative nameserver that the parent/registrar points to (at Bluehost and accessible via WHM > DNS Zone Manager) would appear to have two conflicting NS records pointing to ns1.zerogravpro.com and ns2.zerogravpro.com (basically do a DNS lookup on your domain and look for NS records). The SOA record (specifically, the MNAME subkey - primary nameserver) would also appear to be referencing this "incorrect" nameserver.

(At least you did, you seem to have now corrected this?)

These should all point to the same. This is likely to be what is causing the inconsistent behaviour.

As @PatrickMevzek mentioned in comments:

a mismatch between what the parent of your domain thinks on what your nameservers are and what your own zone says nameservers are

In WHM the relevant DNS zone can be accessed via "DNS Zone Manager" (under "DNS Functions"). For the required domain select "Manage". This gives you total control to edit, add and remove DNS records within this zone.

How is this doing my own DNS?

Both ns1. and ns2.zerogravpro.com point to the same (single) IP address and the same IP that your domain (A record) points to (ie. the webserver that serves your website) - so it can't be a dedicated DNS host (if it's a DNS host at all) and would look like you are perhaps "doing your own DNS".

Reference:

The following question on ServerFault goes into great detail about the differences and role of the Nameserver records defined at the registrar (the parent) and the NS records defined in the authoritative DNS (that the parent points to).

• What is the role of NS records at the apex of a DNS domain?

• Registrar nameservers vs. NS records for bare domain? (Also links to above)