How To Enable AutoSSL in cPanel

Enable AutoSSL in cPanel

The Let's Encrypt software that generates free SSL Certificates should be enabled automatically by default. However if it isn't, there is a way to enable it manually from cPanel.

To enable the AutoSSL in cPanel, follow these steps:

1. Log in to your cPanel.
2. In the SECURITY section, select SSL/TLS Status.



3. Make sure the boxes are ticked for the domains or subdomains you want an SSL for, and then click Run AutoSSL. You may have to wait 1 hour for the software to complete validation and for the free SSL to apply.



4. To check whether the certificate has been successfully installed on your domain, you can use this external tool. If your site is still showing Not Secure or loads without a padlock, you may be serving Mixed Content.

Troubleshooting Steps

Let's Encrypt certificates can only be validated by file-based or DNS-based authentication. Follow these steps to help you make sure the SSL can validate properly:

1. Let's Encrypt certificates will not install over the top of other certificates, even self-signed or expired ones. To ensure there are no SSL Certificates already present, navigate to the SSL/TLS section of cPanel, and then click on Manage SSL Sites.





2. Uninstall any old or invalid certificates, and then click run AutoSSL again in SSL/TLS Status.



3. If the chosen domain or subdomain has Include during AutoSSL under the Certificate Status, click the button to enable it. Once enabled the option will change to Exclude from AutoSSL.



4. Make sure the website is loading from our server. Use a DNS checker like whatsmydns.net to make sure the IP address of the A record is the same as your server IP. You can find your server IP in the Hosting Account Information email we sent when you set up the account. If the IPs don't match, it means your site isn't loading from our server and you'll need to contact your website hosts to install an SSL instead.
5. If your A records are pointing to us but your Nameservers are external, use whatsmydns.net to check if there are any AAAA records present. Some DNS managers add AAAA records that don't point anywhere, which interferes with AutoSSL's ability to validate the domain. Remove any AAAA records that you see and test again.
6. Sometimes code in your site interferes with the validation steps. To resolve this, add this code to the top of your .htaccess file:
   
   • RewriteCond % !^/[0-9]+\..+\.cpaneldcv$
   • RewriteCond % !^/\.well-known/acme-challenge/.+$
   • RewriteCond % !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
   • RewriteCond % !^/\.well-known/pki-validation/[A-F0-9]\.txt(?:\ Comodo\ DCV)?$
7. If you are getting notifications with the message An error occurred the last time AutoSSL ran, you can exclude the domains in question by following this guide.
8. If the Run AutoSSL button isn't present on your cPanel account, this option is not enabled in your Feature List. We would recommend speaking to your reseller or System Administrator to resolve this.

Note: Let's Encrypt SSL certificates may not be suitable for you. Click here for our guide on comparing free vs paid SSL certificates.