With AutoSSL enabled, your websites are automatically secured with a free Domain Validated (DV) SSL certificate, which automatically renews at expiration time, eliminating one of the biggest pain points when it comes to website management.
However, when your domain is using Cloudflare, AutoSSL is not able to automatically renew the certificate and may show a DCV error like the following:
DNS DCV: No local authority: “domain.com”; HTTP DCV: “cPanel (powered by Sectigo)” forbids DCV HTTP redirections.
This is due to the domain validation process, which cannot be completed due to the DNS records being proxied by Cloudflare, and Cloudflare forcing a redirect. At this time, cPanel AutoSSL does not support redirects. While Cloudflare provides its own free SSLs, which eliminates the need for AutoSSL in most of these cases, there are several possible workarounds to this issue.
Here we cover the various options for allowing AutoSSL to work with Cloudflare.
Related Articles
Change DNS at Cloudflare
Redirect Error When Using Cloudflare
Getting Started with cPanel
Enable/Renew AutoSSL on Shared Server
Enable AutoSSL on VPS and Dedicated Servers
Disabling Redirects in Cloudflare
- Log into your Cloudflare account and select your domain
- Navigate to Edge Certificates, located under SSL/TLS
- Disable Always Use HTTPS
CAUTION: This change causes Cloudflare to stop forcing HTTPS on all pages. If you still want to use HTTPS on your site and it's no longer loading as secure since this change, force HTTPS in the .htaccess file. - Run AutoSSL
- From cPanel, navigate to SSL/TLS Status, located in the Security Section
- Click the Run AutoSSL button
- From cPanel, navigate to SSL/TLS Status, located in the Security Section
Enabling Let's Encrypt
IMPORTANT: As changing the AutoSSL provider does require root, this solution is only available on our VPS or dedicated hosting.
- Enable and run Let's Encrypt
NOTE: cPanel AutoSSL forbids redirects, so when Cloudflare redirects pages to HTTPS the default AutoSSL will fail. Let's Encrypt allows the domain validation to work even with the redirect in place.
Pausing Cloudflare to Apply AutoSSL
- Log into your Cloudflare account and select your domain
- On the Overview page, click Pause Cloudflare on Site under Advanced Actions
- Click the Confirm button
TIP: See Cloudflare's documentation for more information on pausing Cloudflare. - Use a tool like dnschecker.org to confirm your domain is now pointing to your hosting IP address instead of Cloudflare
NOTE: It may take a few minutes for the change to propagate. - Once propagated, log into cPanel and rerun the AutoSSL check
TIP: See the guide on renewing AutoSSL for further instructions. - Once the certificate has successfully installed, return to your Cloudflare dashboard and click Enable Cloudflare on Site under the Advanced Actions section of the Overview page
Comments
0 comments
Article is closed for comments.