AutoSSL is activated by default in your hosting account as it automatically installs and renews cPanel/Sectigo certificates for each domain in cPanel.
AutoSSL performs automatic check of all domains and if necessary installs new or renews the already installed cPanel/Sectigo certificates.
Through cPanel » SSL/TLS Status you can manage AutoSSL, perform a check or exclude a specific domain from AutoSSL.
Search and Filter
When there is a number of domains in cPanel (parked domains, subdomains, etc.), you might experience difficulties finding a certain domain in the long list. Therefore, you can use the Search option and the filters (the gears icon).
To view a certain domain or subdomain’s status, start typing its name in the search box. Results will be displayed right after you type in the first letters of the domain name.
You can filter the results from the list by Domain Types, SSL Types, SSL Statuses or AutoSSL Statuses.
Use the filters to view the domains with installed certificates, the error messages upon installation or renewal, AutoSSL certificates or other criteria. All filters are marked by default, but you can also select only:
- Domains with a Self-Signed certificate: SSL Types » Self-signed
- Domains with an AutoSSL certificate: SSL Types » AutoSSL DV Certificate
- Expired Certificates: SSL Statuses » Expired
- AutoSSL Error Message: SSL Statuses » Has AutoSSL Problems
- Domains Excluded from AutoSSL: AutoSSL Statuses » Excluded
AutoSSL Status and Management
From here you can select the domains included in the AutoSSL check when it’s performed. AutoSSL check is periodically run, but it can be also manually performed with Run AutoSSL. When AutoSSL is performing a check (installation or renewal), instead of Run AutoSSL you will view a notification “AutoSSL is in progress...” After processing certificates is completed, the page will be automatically reloaded.
Exclude Domains from the AutoSSL Check
You can disable the installation of AutoSSL certificates for a certain domain by going to Exclude from AutoSSL.
To activate AutoSSL for the same domain, use the option Include during AutoSSL. You can also exclude multiple domains by selecting them and enabling the option Exclude Domains from AutoSSL.
Include Domains during AutoSSL Check
AutoSSL is activated for each domain in cPanel. If you have manually deactivated AutoSSL for a specific domain, you can activate it again by using the option Include during AutoSSL.
You can also include multiple domains by selecting them and enabling the option Include Domains during AutoSSL.
After a specific domain is included, AutoSSL will automatically check it and renew its cPanel/Sectigo certificate.
Starting the AutoSSL Check
In case you need to install or renew a certificate, use Run AutoSSL.
Since the AutoSSL check is performed at certain intervals, when accessing SSL/TLS Status, you might see the folllowing notification: “AutoSSL is in progress...”
Error Messages during AutoSSL Check
If AutoSSL cannot install or renew a certain certificate, an error message will be displayed in the Certificate Status column.
The domain is not redirected to this hosting server
When the domain is not redirected to the hosting server, AutoSSL will not be able to install a certificate since domain validation cannot be performed. Sample error messages:
"The system queried for a temporary file at “http://mailer.goodexample.eu/.well-known/pki-validation/CD40CBAF8FD6275A2A0BAAFBEA99EF91.txt”, but the web server responded with the following error: 404 (Not Found). A DNS (Domain Name System) or web server misconfiguration may exist. The domain “mailer.goodexample.eu” resolved to an IP address “188.8.131.52” that does not exist on this server."
"mysupersite.com” does not resolve to any IPv4 addresses on the internet."
To install an AutoSSL certificate into the domain you will need to redirect it to the hosting server by using name servers or an А record.
Restricted Web Access to the Domain
For AutoSSL to be able to install a certificate for a certain domain it will need to perform validation by accessing specific file in the domain directory. When web access to the domain is restricted http://mysupersite.com/.well-known AutoSSL will not be able to validate and install the certificate. Sample error message:
"The system queried for a temporary file at “http://mysupersite/.well-known/pki-validation/085BC4C093ACABE40746261B7F2202D5.txt”, but the web server responded with the following error: 403 (Forbidden). A DNS (Domain Name System) or web server misconfiguration may exist."
Since the AutoSSL certificate is valid only for one domain, in case you have a subdomain *.mysupersite.com, AutoSSL will return an error message:
"No certificate available. AutoSSL does not support explicit wildcard domains. You must purchase a certificate to secure this domain."
In case you wish to install a Wildcard certificate valid for all subdomains to the domain, you will need a Wildcard type of SSL certificate, such as Sectigo Essential Wildcard.