24 hr Australian Support


How to Enable AutoSSL (Let's Encrypt) in cPanel and Plesk


You can follow this guide to install a free, auto-renewing SSL Certificate on your hosting. Most of our hosting is cPanel, so if you're not sure what platform you use we'd recommend starting there.

Enabling AutoSSL in cPanel
The Let's Encrypt software that generates free SSL Certificates should be enabled automatically by default. However if it isn't, there is a way to enable it manually from cPanel.
Note: Let's Encrypt SSL certificates may not be suitable for you. Click here for our guide on comparing free vs paid SSL certificates.


Step 1 - Log into cPanel and select SSL/TLS Status.

2a09ce71943f24e923c8ad3356c0e3816f19ba65?t=586cd1721ea3c8fdedd220828537b22f


Step 2 - Make sure the boxes are ticked for the domains/subdomains you want an SSL for and click Run AutoSSL. You may have to wait 1 hour for the software to complete validation and for the free SSL to apply.

ba4c7f1be96ed58a8a734bf32cc74fafd5d8ff20?t=16b62f10fb4462a96fc2198144804c26


Step 3 - To check whether the certificate has been successfully installed on your domain, you can use this external tool. If your site is still showing "Not Secure" or loads without a padlock, you may be serving Mixed Content. You can follow this guide to force the website to load using the SSL Certificate.


Troubleshooting steps
Let's Encrypt certificates can only be validated by file-based or DNS-based authentication. These steps help you make sure the SSL can validate properly:

Step 1 - Let's Encrypt certificates will not install over the top of other certificates, even self-signed or expired ones. To ensure there are no SSL Certificates already present, navigate to the SSL/TLS section of cPanel:

b4628280c4a117eefbd94dded8f1e2163fbc185e?t=9d82c0ef458908686c7567d84311cbc5


Then click on Manage SSL Sites.

a570cb47aed6f64d9b9d6c5d7c526a8953c79cf7?t=91d23b03c635f2356b90fbffdfa24df6


Then Uninstall any old or invalid certificates, and click run AutoSSL again in SSL/TLS Status.

66867d164c1c7d3d27548b8ff81d5d8dbcbbd12c?t=3e876d059aacd1e76e41f0e19eed466d



Step 2 -
If the chosen domain/subdomain has "Include during AutoSSL" under the Certificate Status, click the button to enable it. Once enabled the option will change to "Exclude from AutoSSL".

064fd123bca3d0fc486fe90026b579e253a69461?t=e72502df6c3217e35ad1a48eab00390e


Step 3 - Make sure the website is loading from our server. Use a DNS checker like whatsmydns.net to make sure the IP address of the A record is the same as your server IP. You can find your server IP in the "Hosting Account Information" email we sent when you set up the account. If the IPs don't match, it means your site isn't loading from our server and you'll need to contact your website hosts to install an SSL instead.


Step 4 -
If your A records are pointing to us but your Nameservers are external, use whatsmydns.net to check if there are any AAAA records present. Some DNS managers add AAAA records that don't point anywhere, which interferes with AutoSSL's ability to validate the domain. Remove any AAAA records that you see and test again.


Step 5 -
Sometimes code in your site interferes with the validation steps. To resolve this, add this code to the top of your .htaccess file:

RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/.+$
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$

Step 6 - If you are getting notifications with the message "An error occurred the last time AutoSSL ran", you can exclude the domains in question by following this guide.


Step 7 - If the "Run AutoSSL" button isn't present on your CPanel account, this option is not enabled in your Feature List. We would recommend speaking to your reseller or System Administrator to resolve this.



Enabling AutoSSL in Plesk
The Let's Encrypt software that generates free SSL Certificates should be enabled automatically by default. However if it isn't, there is a way to enable it manually from Plesk.
Note: Let's Encrypt SSL certificates may not be suitable for you. Click here for our guide on comparing free vs paid SSL certificates.


Step 1 - Log into Plesk and click on Let's Encrypt.

8cf1f846217d3a487e2a355b5142eea917410d3f?t=5710a2084175b7152a76527f4fbed5af


Step 2 - Press Install (this button could be Renew if you have Let's Encrypt already installed but wish to renew the certificate).

53905c9b058ef3d211b3d02502c1faf764bd3c6a?t=1f1d9a0e7bfeb5c0bd833b0749421afd


Step 3 - To check whether the certificate has been successfully installed on your domain, you can use this external tool. If your site is still showing "Not Secure" or loads without a padlock, you may be serving Mixed Content. You can follow this guide to force the website to load using the SSL Certificate.


Troubleshooting steps
Let's Encrypt certificates can only be validated by file-based or DNS-based authentication. These steps help you make sure the SSL can validate properly:

Step 1 - Let's Encrypt certificates will not install over the top of other certificates, even self-signed or expired ones. To ensure there are no SSL Certificates already present, Uninstall any old or invalid certificates by following this guide, and click Install again.


Step 2
- Make sure the website is loading from our server. Use a DNS checker like whatsmydns.net to make sure the IP address of the A record is the same as your server IP. You can find your server IP in the "Hosting Account Information" email we sent when you set up the account. If the IPs don't match, it means your site isn't loading from our server and you'll need to contact your website hosts to install an SSL instead.


Step 3 -
If your A records are pointing to us but your Nameservers are external, use whatsmydns.net to check if there are any AAAA records present. Some DNS managers add AAAA records that don't point anywhere, which interferes with AutoSSL's ability to validate the domain. Remove any AAAA records that you see and test again.


Step 4 -
Sometimes code in your site interferes with the validation steps. To resolve this, add this code to the top of your .htaccess file:

RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/.+$
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$




For more information and tutorials on SSL Certificates, see our SSL Guide Repository.


Did you find this article useful?