Update: In the meantime, cPanel has added the DNS DCV (Domain Control Validation) validation method to AutoSSL, as an alternative to the HTTP DCV method that is mentioned in this article. The DNS DCV attempts to verify your domain by adding a DNS record to your domain's DNS zone (either a TXT or CNAME record) and would be used as an alternative in case your website blocks the HTTP DCV method.

The AutoSSL system will automatically check every active domain name on your hosting account and it will attempt to install a new SSL certificate for any websites that do not already have one. The system will create a temporary .txt file in the /.well-known/pki-validation/ directory of each website, the temporary file contains a special SSL validation code, the SSL validation server will attempt to connect to your website and validate the existence of the code, and if everything can be validated AutoSSL will install the new SSL certificate. The process runs every night and it can sometimes take several nights to complete.

To check the SSL certificate installed on your website, please type your website address into SSL Server Test (Powered by Qualys SSL Labs)

If your website has directory privacy (password protected directories) this will block AutoSSL and you'll need to modify the .htaccess file.

A typical .htaccess file will contain code for directory privacy that is similar to this:

# Htaccess protection
AuthType Basic
AuthName "Directory privacy"
AuthUserFile "/home/username/.htpasswds/public_html/passwd"
Require valid-user
Order deny,allow
deny from all

To allow AutoSSL access to the directory you'll need to add 3 lines of code to the .htaccess, the first line and the last two lines in the example below. We've put the 3 lines in bold below.

SetEnvIfNoCase Request_URI "^/\.well-known/pki-validation/[A-F0-9]{32}.txt$|Comodo\ DCV" ALLOWED=TRUE
# Htaccess protection
AuthType Basic
AuthName "Directory privacy"
AuthUserFile "/home/username/.htpasswds/public_html/passwd"
Require valid-user
Order deny,allow
deny from all
allow from env=ALLOWED
Satisfy any

The code above is only an example. Please keep a copy of your original .htaccess file incase you need to revert it.

Once you have amended the code, please test your website to make sure it's working as you'd expect. If everything is working correctly, AutoSSL will check your website tonight and install a new SSL certificate if necessary. After 24 hours you can check for an SSL certificate by typing your website address into SSL Server Test (Powered by Qualys SSL Labs)

The AutoSSL system will check your website(s) every night, or if you prefer not to wait, you can manually request it at any time of the day. Simply login to your cPanel control panel, go to the SSL/TLS Status page, then click the "Run AutoSSL" button. This will usually complete in 10-15 minutes.

If you encounter any issues, please open a support ticket and our team will be happy to investigate.

Updated by SP on 16/12/2022

Was this answer helpful? 161 Users Found This Useful (361 Votes)

Most Popular Articles

Introduction to AutoSSL

Maxer Host are making it easier than ever to secure your website with HTTPS. We have introduced...
Check SSL certificate status for your domains

Is there a valid and signed SSL certificate on your website? Maxer Host recommends all websites...
How to enable HSTS (HTTP Strict Transport Security) on your website

HSTS (HTTP Strict Transport Security) is a web security policy that aims to protect websites...
Enabling HTTPS on a WordPress website

Nowadays every website should have an SSL certificate. Ideally, every website should be 100%...
Enabling HTTPS on your website using Distributed Configuration File (.htaccess)

Nowadays every website should have an SSL certificate. Ideally, every website should be 100%...