Free Comodo AutoSSL certificates on cPanel servers

Some customers have asked about any free SSL service provider possibility on cPanel servers/accounts
There is free Comodo AutoSSL possibility on all our cPanel servers (which is also auto-activated upon adding new domain/account to server).
What differs from DirectAdmin packages is that on cPanel servers there is no more need for separate private_html folder for SSL usage!
To check if under Your cpanel account for Your domain, AutoSSL has been activated, log on to Your cPanel account and check under SSL/TLS status. SSL/TLS status page shows auto-protected domains/subdomains with green circle and unprotected ones with red circle

Possible additional questions/answers/situations

1. SSL/TLS status page and error “… does not resolve to any IPv4 addresses on the internet.”
2. SSL/TLS status page and error “… The system queried for a temporary file at …”
3. SSL/TLS status page and “odd FQDN domain names as main domain subdomains …” ?
4. Notification about “Let’s Encrypt certificate expiration notice for domain …” although my account is already on cPanel server?

1. SSL/TLS status page and error “… does not resolve to any IPv4 addresses on the internet.”

Error means that during AutoSSL request Your domain name or DNS entries have not yet been forwarded to Your webhosting account!
In this case on new or just migrated domain names I’d recommend to wait for one hour and to check again – If there is still same error present, check all valid domain and subdomain names and click on “Run AutoSSL” button. That will generate new AutoSSL request to servers SSL queue – that request will be processed during next 30 minutes, after that You should see green circle in front of domain names which DNS is pointing to Your webhosting account (if You have not made any additional .htaccess or domain redirection!).

2. SSL/TLS status page and error “… The system queried for a temporary file at …”

That error means that although Your domain or subdomain DNS is pointing to Your webhosting account, AutoSSL cannot proceed with request as there is some-kind of redirection error or WWW access block on needed directory for generating AutoSSL certificate (as AutoSSL needs access to folder .well-known/pki-validation/ under domain/subdomain!)!

If You are using .htaccess redirection:
1. On Mod_rewrite – all RewriteRule’s should be preceded by:

RewriteCond %{REQUEST_URI} !^/\.well\-known/pki\-validation/

2. On .htaccess plain redirection (one line 301 redirection):

RedirectMatch 301 ^(?!/\.well-known/pki-validation/).* https://domainorfoldertowhereredirectionisneeded.tld/

3. SSL/TLS status page and “odd FQDN domain names as main domain subdomains …” ?

That “additional feature” (not bug) comes with cPanel archidecture and how cPanel uses/adds domains to webhosting account.
Tho there is no access or need for “subdomains” as example-com.yourmaindomain.com cPanel generates them still. AutoSSL will generate errors (even via email report) on such cases as those “subdomains” are not accessible via Internet nor do those use separate folder on Your webhsting account. You can exclude thos “odd subdomains” via SSL/TLS Status page on selecting all those odd erroneous entries and clicking on “Exclude Domains from AutoSSL”. On next server side AutoSSL update request those domains are excluded and not checked nor reported!

4. Notification about “Let’s Encrypt certificate expiration notice for domain …” although my account is already on cPanel server?

cPanel servers use onlu Comodo as free AutoSSL provider (There are no letsencrypt certificates under our cPanel servers)! If Your webhosting account is under cPanel server but You still recieve that kind of email report, please ignore it. It may be that earlier Your webhosting account was on server or under provider that used Let’sEncrypt free SSL service thus those reports are sent for expiring certificates.

Comments are currently closed.