Maxer Host are making it easier than ever to secure your website with HTTPS. We have introduced the new AutoSSL feature on all our shared hosting, enterprise hosting and reseller hosting plans. This knowledge base article contains all the FAQ's regarding AutoSSL.
What is AutoSSL?
Every active domain name on our hosting network is now secured by a 256-bit DV (domain validated) SSL certificate, which will encrypt all data sent between your HTTPS website and a visitor's web browser. AutoSSL is an automatically-provisioned signed SSL certificate securing your website through the HTTPS protocol (whether it is a domain, sub-domain, add-on domain or alias).
How do I enable/disable AutoSSL?
After months of extensive beta testing we have introduced AutoSSL as a standard feature across all our hosting plans, therefore, it is now enabled by default. To verify the SSL certificate installed on your website, please type your website address into SSL Server Test (Powered by Qualys SSL Labs)
If you are encountering any issues related to AutoSSL, please open a support ticket so our technicians can help you. Our senior technicians have the option of disabling AutoSSL on particular hosting accounts, however, there are many benefits to AutoSSL and we would want to discuss any issues you're encountering before we disable AutoSSL for any account.
How is it automatically provisioned?
The AutoSSL system will automatically check every domain name in cPanel on our hosting servers, and it will attempt to issue and install a new SSL certificate for any domain names that don't already have a valid SSL certificate. In order for the SSL certificate to be issued, it must pass the Domain Control Validation (DCV) process.
What is Domain Control Validation (DCV)?
Domain Control Validation (DCV) are various checks performed for the issuance of an SSL certificate. This is required to assure that the request comes from a person or server authorized to use the domain associated with the SSL certificate order.
Currently, AutoSSL uses two DCV methods; DNS and HTTP as a fallback.
The DNS DCV method: This is the primary validation method performed by creating a temporary CNAME or TXT record. The Certificate Authority (CA) verifies if it can find the respective record under the domain's DNS records and issues the SSL certificate if it does.
The HTTP DCV method: If the DNS DCV method fails, the system creates a temporary text file in the domain's /.well-known/pki-validation/ directory containing a unique validation code. The Certificate Authority (CA) tries to open the respective text file to validate its existence and issues the SSL certificate if the text file was found.
It's necessary for your domain to point to our nameservers for the DCV process to pass successfully. If your domain uses a foreign DNS and/or its website is hosted on a different server, the DCV will fail and AutoSSL will be unable to issue/install an SSL certificate for your domain.
The process runs every night and it can sometimes take several attempts to complete.
One of my domain names does not have an SSL certificate issued by AutoSSL, why?
There are a number of reasons why AutoSSL hasn't issued an SSL certificate for your domain name (yet). If the domain name has just been registered or added to cPanel, or if your hosting account has just been setup, please allow at least 24 hours for AutoSSL to run. Make sure that the domain is valid (hasn't expired) and points to our nameservers. Otherwise, please open a support ticket so our technicians can help you.
How do I setup AutoSSL on my website?
Like any SSL certificate, installing it on your hosting account is only the first step. Your website must also be configured to make use of it and run through the HTTPS protocol. Most webmasters will create redirect rules to force all HTTP traffic onto HTTPS. Please follow our guide Enabling HTTPS on your website using Distributed Configuration File (.htaccess) and for WordPress websites please follow our guide Enabling HTTPS on a WordPress website.
I have configured my website, but the website is still 'unsafe'?
There may still be other elements on your website that need to be updated. We recommend viewing the source code of your web pages and looking for any static elements (images, JavaScript files, CSS files, etc.) that are still linked to the http:// protocol and updating them to use https:// instead. A single reference to http:// in your website code will render your website 'unsafe'. You can also use the web tool Why No Padlock? to scan your web pages for such issues.
What about CloudFlare, Sucuri and other CDNs and WAFs?
While AutoSSL should still be able to issue and renew SSL certificates in cPanel for your domains through the HTTP DCV method (see above), please note that external services, such as CloudFlare and Sucuri, are an additional layer on top of our web server. This means that your domain/website would also require a valid SSL certificate to be installed at CloudFlare/Sucuri to assure full encryption and prevent SSL-related errors. Please check the documentation of the respective services for more information.
What about SSL certificates from other certificate providers? Will AutoSSL replace those?
AutoSSL will detect your existing SSL certificate and not replace it, unless it has expired. We continue to sell commercial SSL certificates from brands like Sectigo, GeoTrust and GlobalSign, which are an excellent option for securing commercial/business websites for 1-2 years. For example, the Sectigo PositiveSSL certificates are available for a small price per year and include insurance and a Site Seal. If the website is for a Limited Company, we would recommend an Organisation Validation (OV) or Extended Validation (EV) SSL certificate - they cost a bit more, but include the company name in the certificate details and site seal, and assures your clients and visitors that your organisation has been verified by a trusted entity. Please see our SSL Certificates page on our website for full details.
I want to replace an existing (commercial) SSL certificate with AutoSSL.
There are a few steps involved. Firstly, you will need to cancel the SSL service in your Maxer Host client area, please see our guide I Want To Cancel My Service. Next, you will need to delete the SSL certificate from your cPanel control panel, but please be aware that your website will no longer open through the HTTPS protocol until AutoSSL installs an SSL certificate for your domain. Finally, after 24 hours you will need to check your website to see if AutoSSL has installed an SSL certificate. If you encounter any problems, please open a support ticket so our technicians can help you.
I can't wait 24 hours for AutoSSL, I need an SSL certificate now!
The AutoSSL system will run and check your domains every night, or if you prefer not to wait, you can manually request it at any time. Simply login to your cPanel control panel, go to the "SSL/TLS Status" page, then click the "Run AutoSSL" button. The process will usually complete in about 10-15 minutes, but sometimes it can take longer. Please read this article for more details: Check SSL certificate status for your domains
Updated by SP on 23/12/2022
