Install AutoSSL cert without disrupting live site?

nivekau

Well-Known Member
Jul 22, 2011
51
4
58
Australia
cPanel Access Level
Root Administrator
My undertstanding is that AutoSSL requires mod_rewrite rules to work. Like this:

RewriteEngine on

RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=302]

But if I put this in the .htaccess file before I run AutoSSL, I get security warnings in the browser, but the same thing happens if I enable AutoSSL before editing the .htaccess file.

What is the best way to enable AutoSSL and install the cPanel certificate without disrupting a live web site (so that visitors do not get a security warning)?
 

linux4me2

Well-Known Member
Aug 21, 2015
259
78
78
USA
cPanel Access Level
Root Administrator
I use WHM > Tweak Settings > Domains > Use a Global DCV Passthrough instead of .htaccess modification (requires EA4) set to "On" instead of .htaccess modification for each site for AutoSSL. With that set, I haven't had any issues with adding AutoSSL certificates to live sites at all, and despite the caution in Tweak Settings, haven't noticed any performance penalty or increase in site load times with it enabled. You might give it a try and see how it works.
 

nivekau

Well-Known Member
Jul 22, 2011
51
4
58
Australia
cPanel Access Level
Root Administrator
I have enabled Global DCV Passthrough and my .htaccess file for the domain in question now reads:

RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=302]

However when I run AutoSSL check domain I get the following error in the log:

6:51:38 PM WARN The domain “---------.com” failed domain control validation: “---------.com” does not resolve to any IPv4 addresses on the internet.

The domain in question definitely does resolve to an IPv4 address on the internet.

In Manage SSL Hosts it says the domain has a self signed certificate.

Any suggestions please?
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,271
313
Houston
  • Like
Reactions: nivekau