How to enable Auto SSL in cPanel

July 18, 2024

Auto SSL in cPanel is a straightforward process that provides your websites with free SSL certificates, enhancing security by encrypting data between the server and the client. AutoSSL automatically renews these certificates, ensuring your sites remain secure without manual intervention. Here’s how you can enable AutoSSL in cPanel:

Steps to Enable AutoSSL in cPanel

1. Log in to cPanel:
   • Access your cPanel account using your username and password. The URL is usually something like https://yourdomain.com:2083 or through your hosting provider’s dashboard.
2. Locate the SSL/TLS Section:
   • Once logged in, scroll down to the “Security” section or use the search bar at the top to find “SSL/TLS.”
3. Open AutoSSL Configuration:
   • Click on the “SSL/TLS Status” icon. This will open the AutoSSL configuration interface.
4. Enable AutoSSL:
   • On the SSL/TLS Status page, you should see an option to enable Auto SSL. If Auto SSL is already enabled for your cPanel account, it will be indicated here. If it’s not enabled, look for a button or link that says “Run Auto SSL” or “Enable Auto SSL” and click it.
   • In some cPanel setups, you may need to go to “Manage Auto SSL” (this may be under the “SSL/TLS” section as well) and then select the certificate provider (usually “cPanel (powered by Sectigo)” or “Let’s Encrypt”) and enable Auto SSL.
5. Check Domain Status:
   • After enabling Auto SSL, you can check the status of your domains on the “SSL/TLS Status” page. Domains that are covered by an SSL certificate will be listed with a status indicator.
   • Ensure that all domains and subdomains you want to secure are selected. If they aren’t, you might need to select them manually and click “Run Auto SSL” to initiate the process.
6. Monitor AutoSSL Logs:
   • To monitor the process and ensure that SSL certificates are being issued correctly, you can check the Auto SSL logs. This is usually found under the “Manage Auto SSL” section. Look for any errors or issues that may need resolving.
7. Wait for SSL Installation:
   • The AutoSSL process might take a few minutes to complete. Once done, your domains should have SSL certificates installed and activated.

Additional Tips

• Automatic Renewal: Auto SSL will automatically renew certificates before they expire, so you don’t need to worry about manually renewing them.
• DNS Configuration: Ensure your domain’s DNS settings are correctly configured and pointing to your cPanel server. AutoSSL needs to verify domain ownership.
• Wildcard Certificates: If you need SSL for subdomains, check if your provider supports wildcard certificates or add the subdomains individually.
• Third-Party SSL Certificates: If you have specific requirements or a third-party SSL certificate, you might need to disable AutoSSL for certain domains to avoid conflicts.

Troubleshooting Common Issues

• DNS Issues: Ensure that the domain and subdomains are correctly pointed to the server’s IP address.
• CAA Records: Check that there are no CAA records in your DNS that might prevent Auto SSL from issuing certificates.
• Domain Ownership Verification: Make sure the domains are properly configured and that you have control over them.

Troubleshooting Steps

Let’s Encrypt certificates can only be validated by file-based or DNS-based authentication. Follow these steps to help you make sure the SSL can validate properly:

1. Let’s Encrypt certificates will not install over the top of other certificates, even self-signed or expired ones. To ensure there are no SSL Certificates already present, navigate to the SSL/TLS section of cPanel, and then click on Manage SSL Sites.

2.Uninstall any old or invalid certificates, and then click run AutoSSL again in SSL/TLS Status.

3.If the chosen domain or subdomain has Include during AutoSSL under the Certificate Status, click the button to enable it. Once enabled the option will change to Exclude from AutoSSL.

1. Make sure the website is loading from our server. Use a DNS checker like whatsmydns.net to make sure the IP address of the A record is the same as your server IP. You can find your server IP in the Hosting Account Information email we sent when you set up the account. If the IPs don’t match, it means your site isn’t loading from our server and you’ll need to contact your website hosts to install an SSL instead.
2. If your A records are pointing to us but your Nameservers are external, use whatsmydns.net to check if there are any AAAA records present. Some DNS managers add AAAA records that don’t point anywhere, which interferes with AutoSSL’s ability to validate the domain. Remove any AAAA records that you see and test again.
3. Sometimes code in your site interferes with the validation steps. To resolve this, add this code to the top of your .htaccess file:
   • RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
   • RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/.+$
   • RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
   • RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
4. If you are getting notifications with the message An error occurred the last time AutoSSL ran, you can exclude the domains in question by following this guide.
5. If the Run AutoSSL button isn’t present on your cPanel account, this option is not enabled in your Feature List. We would recommend speaking to your reseller or System Administrator to resolve this.

Conclusion

Enabling Auto SSL in cPanel is a simple way to secure your websites with SSL certificates automatically. This not only improves your site’s security but also boosts user trust and SEO rankings. By following the steps outlined above, you can ensure that your domains are protected with minimal effort.