Install AutoSSL cert without disrupting live site?

[nivekau]

My undertstanding is that AutoSSL requires mod_rewrite rules to work. Like this:

RewriteEngine on

RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=302]​

But if I put this in the .htaccess file before I run AutoSSL, I get security warnings in the browser, but the same thing happens if I enable AutoSSL before editing the .htaccess file.

What is the best way to enable AutoSSL and install the cPanel certificate without disrupting a live web site (so that visitors do not get a security warning)?

 

[linux4me2]

I use WHM > Tweak Settings > Domains > Use a Global DCV Passthrough instead of .htaccess modification (requires EA4) set to "On" instead of .htaccess modification for each site for AutoSSL. With that set, I haven't had any issues with adding AutoSSL certificates to live sites at all, and despite the caution in Tweak Settings, haven't noticed any performance penalty or increase in site load times with it enabled. You might give it a try and see how it works.

 

[nivekau]

I use WHM > Tweak Settings > Domains > Use a Global DCV Passthrough instead of .htaccess modification (requires EA4) set to "On" instead of .htaccess modification for each site for AutoSSL.

Thanks linux4me2. Would I still need the http to https re-write in .htaccess ?

 

[nivekau]

I have enabled Global DCV Passthrough and my .htaccess file for the domain in question now reads:

RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=302]

However when I run AutoSSL check domain I get the following error in the log:

6:51:38 PM WARN The domain “---------.com” failed domain control validation: “---------.com” does not resolve to any IPv4 addresses on the internet.

The domain in question definitely does resolve to an IPv4 address on the internet.

In Manage SSL Hosts it says the domain has a self signed certificate.

Any suggestions please?

 

[cPanelLauren]

Hi @nivekau

If a domain is getting that error in most cases it's because the domain has a DNS related issue. The forum post here: Tutorial - AutoSSL Troubleshooting Steps may be useful to you.

 

[linux4me2]

Thanks linux4me2. Would I still need the http to https re-write in .htaccess ?

Yes, you should still include the HTTP to HTTPS redirect in case someone tries to access the site using an old HTTP link.

 

[nivekau]

Thanks linux4me2

Thanks also CpanelLauren, there was a DNS problem! I resolved that and Cpanel installed the SSL certitificate. All good now

 

[cPanelLauren]

HI @nivekau

I'm glad to hear you were able to find the cause! Thanks!