AutoSSL in cPanel: How It Works
AutoSSL is one of the most convenient features in cPanel, providing free, automatically managed SSL certificates for your domains. This guide explains how AutoSSL works, what it covers, and how to troubleshoot common issues.
What Is AutoSSL?
AutoSSL is a cPanel feature that automatically provisions and installs Domain Validated (DV) SSL certificates for domains hosted on your account. It eliminates the need to manually purchase, install, and renew basic SSL certificates.
Key Benefits
- Free SSL certificates included with your hosting plan
- Automatic installation — no manual steps required for new domains
- Automatic renewal — certificates are renewed before they expire
- Covers all domains — primary domain, addon domains, subdomains, and mail services
- No dedicated IP required — works with SNI (Server Name Indication)
Tip: AutoSSL certificates are Domain Validated (DV) certificates. If you need Organization Validated (OV) or Extended Validation (EV) certificates for enhanced trust indicators, you will need to purchase those separately.
How AutoSSL Works Behind the Scenes
The AutoSSL process runs automatically on the server:
- Domain Detection: cPanel identifies all domains, subdomains, and aliases on your account
- Validation: The system verifies domain ownership through HTTP-based validation (placing a temporary file on your site)
- Certificate Issuance: Once validated, a certificate is issued covering all your domains
- Installation: The certificate is automatically installed and configured
- Renewal: The process repeats before the certificate expires (typically every 60-90 days)
The AutoSSL check runs periodically on the server. When you add a new domain, it may take up to 24 hours for AutoSSL to provision a certificate, though it often happens within a few hours.
Checking Your AutoSSL Status
To view the status of AutoSSL on your account:
- Log in to cPanel
- Navigate to Security > SSL/TLS Status
- You will see a list of all domains with their SSL status:
- Green padlock — SSL is active and valid
- Red indicator — SSL is not installed or has an issue
- Yellow/Orange — SSL is expiring soon or has warnings
- Click Run AutoSSL to manually trigger the AutoSSL process
Domains Covered by AutoSSL
AutoSSL attempts to secure the following automatically:
- Primary domain (e.g., example.com and www.example.com)
- Addon domains and their www variants
- Subdomains configured in cPanel
- Mail services (mail.example.com, webmail.example.com)
- cPanel access (cpanel.example.com)
Wildcard Coverage
Standard AutoSSL certificates do not provide wildcard coverage. Each subdomain is listed individually on the certificate. If you need a wildcard certificate (*.example.com), you will need to purchase one separately.
Troubleshooting AutoSSL Issues
AutoSSL Is Not Working for a Domain
If AutoSSL fails for a specific domain, check these common causes:
- DNS not pointing to server: The domain's A record must point to your hosting server's IP address. AutoSSL validates ownership via HTTP, so the domain must resolve to the server.
- Domain is behind a proxy: If you are using Cloudflare or another CDN/proxy, temporarily switch to "DNS Only" mode (grey cloud in Cloudflare) to allow AutoSSL validation, then re-enable the proxy afterward.
- .htaccess blocking validation: Some .htaccess rules may block the validation file. Temporarily rename .htaccess if AutoSSL keeps failing.
- Document root issues: Ensure the domain has a valid document root directory that is accessible.
AutoSSL Certificate Not Renewing
If your AutoSSL certificate is expiring without renewal:
- Go to SSL/TLS Status in cPanel
- Click Run AutoSSL to trigger a manual renewal
- Check the AutoSSL log for error messages
- Verify your domain's DNS still points to the correct server IP
- Contact support if the issue persists
Mixed Content After AutoSSL Installation
Even with AutoSSL active, your site may show mixed content warnings:
- Update your site's URL settings to use https://
- Check for hardcoded http:// URLs in your content or theme
- Enable Force HTTPS Redirect in cPanel under Domains
AutoSSL and External SSL Certificates
If you install a purchased SSL certificate on a domain, AutoSSL will not override it. AutoSSL only manages domains that do not already have a valid, non-AutoSSL certificate installed. When your purchased certificate expires, AutoSSL will automatically take over.
Best Practices
- Keep DNS updated: Always ensure your domain's DNS points to your hosting server for seamless AutoSSL operation
- Enable Force HTTPS: After AutoSSL installs, enable HTTPS redirect to ensure all traffic is encrypted
- Monitor SSL/TLS Status: Periodically check the SSL/TLS Status page for any issues
- Do not delete AutoSSL certificates: Let the system manage them automatically
- Use purchased certificates for special needs: If you need OV/EV validation, wildcard coverage, or warranty, purchase a premium certificate
AutoSSL vs. Purchased SSL Certificates
| Feature | AutoSSL | Purchased SSL |
|---|---|---|
| Cost | Free | Varies |
| Validation Level | DV only | DV, OV, EV |
| Wildcard | No | Available |
| Warranty | No | Yes (varies) |
| Auto-Renewal | Yes | Manual renewal |
| Trust Indicators | Padlock | Padlock + org info (EV) |
Related Articles
- How to Install an SSL Certificate in cPanel
- Troubleshooting SSL Certificate Errors
- Understanding SSL Certificate Types
If you have questions about AutoSSL or need help with SSL certificates, contact our support team at {{SUPPORT_EMAIL}} or visit {{SUPPORT_URL}}.