There is free Comodo AutoSSL possibility on all our cPanel servers (which is also auto-activated upon adding new domain/account to server).
To check if under Your cpanel account for Your domain, AutoSSL has been activated, log on to Your cPanel account and check under SSL/TLS status. SSL/TLS status page shows auto-protected domains/subdomains with green circle and unprotected ones with red circle.
Possible issues and solutions:
1. SSL/TLS status page and error “… does not resolve to any IPv4 addresses on the internet.”
Error means that during AutoSSL request Your domain name or DNS entries have not yet been forwarded to Your webhosting account!
In this case on new or just migrated domain names I’d recommend to wait for one hour and to check again – If there is still same error present, check all valid domain and subdomain names and click on “Run AutoSSL” button. That will generate new AutoSSL request to servers SSL queue – that request will be processed during next 30 minutes, after that You should see green circle in front of domain names which DNS is pointing to Your webhosting account (if You have not made any additional .htaccess or domain redirection!).
2. SSL/TLS status page and error “… The system queried for a temporary file at …”
That error means that although Your domain or subdomain DNS is pointing to Your webhosting account, AutoSSL cannot proceed with request as there is some-kind of redirection error or WWW access block on needed directory for generating AutoSSL certificate (as AutoSSL needs access to folder .well-known/pki-validation/ under domain/subdomain!)!
If You are using .htaccess redirection:
1. On Mod_rewrite – all RewriteRule’s should be preceded by:
# Global DCV Exclude - Rewrites RewriteCond %{REQUEST_URI} ^/\.well-known/acme-challenge/.+$ RewriteCond %{REQUEST_URI} ^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$ RewriteCond %{REQUEST_URI} ^/\.well-known/pki-validation/(?:\ Ballot169)? RewriteCond %{REQUEST_URI} ^/\.well-known/cpanel-dcv/[0-9a-zA-Z_-]+$ RewriteCond %{REQUEST_URI} ^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Sectigo\ DCV)?$
2. On .htaccess plain redirection (one line 301 redirection):
RedirectMatch 301 ^(?!(/\.well-known/pki-validation/)|(/\.well-known/acme-challenge/)|(/\.well-known/acme-challenge/[0-9a-zA-Z_-])|(/\.well-known/cpanel-dcv/[0-9a-zA-Z_-])).* https://domainorfoldertowhereredirectionisneeded.tld
3. SSL/TLS status page and “odd FQDN domain names as main domain subdomains …” ?
That “additional feature” (not bug) comes with cPanel archidecture and how cPanel uses/adds domains to webhosting account.
Tho there is no access or need for “subdomains” as example-com.yourmaindomain.com cPanel generates them still. AutoSSL will generate errors (even via email report) on such cases as those “subdomains” are not accessible via Internet nor do those use separate folder on Your webhsting account. You can exclude thos “odd subdomains” via SSL/TLS Status page on selecting all those odd erroneous entries and clicking on “Exclude Domains from AutoSSL”. On next server side AutoSSL update request those domains are excluded and not checked nor reported!
4. Notification about “Let’s Encrypt certificate expiration notice for domain …” although my account is already on cPanel server?
cPanel servers use onlu Comodo as free AutoSSL provider (There are no letsencrypt certificates under our cPanel servers)! If Your webhosting account is under cPanel server but You still recieve that kind of email report, please ignore it. It may be that earlier Your webhosting account was on server or under provider that used Let’sEncrypt free SSL service thus those reports are sent for expiring certificates.
5. Website does not automatically redirect HTTP -> HTTPS, how to fix?
All cpanel packages come with automatically enabled free Comodo AutoSSL and HTTPS support – however if Your website/CMS does not itself redirect WWW traffic to HTTPS, webserver sadly does not so either. To redirect all traffic straight away to HTTPS You should add such redirection:
– via cPanel account under DOMAINS -> Domains -> “Force HTTPS Redirect”
(NB! After activating that feature, it will be active in 10 minutes time!)
– to index file (via PHP header refresh, if conditions apply)
– via CMS config (change url in config from http to https or activate force https on some CMS’es)
– or add following lines at the beginning of Your websites .htaccess file:
1 |
RewriteEngine On |
2 |
RewriteCond %{SERVER_PORT} 80 |
3 |
RewriteCond %{REQUEST_URI} !^/\.well\-known /pki \-validation/ |
4 |
RewriteRule ^(.*)$ https: //yourdomainname .tld/$1 [R=301,L] |
Where You replace yourdomainname.tld with Your domain name!