Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

AutoSSL with Cloudflare questions

Discussion in 'Security' started by ThreePoint-Kalpesh, Mar 6, 2018.

  1. ThreePoint-Kalpesh

    ThreePoint-Kalpesh Registered

    Mar 6, 2018
    Likes Received:
    Trophy Points:
    Wellington, New Zealand
    cPanel Access Level:
    Root Administrator
    While I have a brief understanding of how AutoSSL works, I would like to find out how the validation works with an already secured domain name.

    AutoSSL runs a process which places a text file in the users account, and cPanel will validate the domain by accessing the link, for example:

    Once it validates the SSL cert is provisioned.

    Question 1:

    If the SSL cert is already active and AutoSSL renews the certificate, it goes through validation again.

    Does cPanel revalidate on the secured link or on a non-secured link?
    For example:

    If the answer above is it always validates to a non-ssl link then:

    Question 2:

    If a website has a redirect where non-ssl URLs are redirected to ssl URLs, does cPanel have some sort of way of bypassing this to access the non-ssl URL?

    Now I'm trying to understand how AutoSSL works behind a domain name that is using Cloudflare.

    Question 3:

    Does AutoSSL work behind Cloudflare?

    If it doesn't, what is the process for validating SSL certs behind Cloudflare?

    Hopefully it all makes sense and someone is able to help me understand this.
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Apr 11, 2011
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator

    It should use the same method as the original validation attempt (non-secured link).

    Yes, the following option under the "Domains" tab in "WHM >> Tweak Settings" is enabled by default:

    Use a Global DCV Passthrough instead of .htaccess modification (requires EA4)

    Per it's description:

    When you enable this option, Apache adds global rewrite rules to the webserver configuration so that the system does not process additional rewrite rules for DCV filenames. These global rules make it unnecessary for cPanel & WHM to modify each virtual host’s .htaccess file. Note: When you enable this option, the system receives a trivial performance penalty because all of the HTTP requests must be matched against the DCV filename regular expressions.

    Currently, the AutoSSL providers need to resolve the domain name to an IP address associated with the cPanel server for the domain validation process to succeed. Thus, if that doesn't happen (e.g. the domain name resolves to a CloudFlare IP), then validation will fail. I encourage you to vote for the following feature request if you'd like to see DNS validation added as an AutoSSL option (this would allow support for CDN providers such as CloudFlare):

    AutoSSL: DNS challenge validation

    Thank you.

Share This Page