CPanel AutoSSL Not Renewing: How To Reset AutoSSL?

When receiving an email stating that CPanel AutoSSL will not renew because of errors, start by checking what is included in the subdomains in error.

Do you recognize them? If that is not the case, you probably do not have a DNS entry that can resolve to an IP address for them, and that is the reason why CPanel cannot renew the SSL certificate at all, due to some domains in error.

All you have to do is to remove these subdomains from the AutoSSL generation, and you will be fine! Do it as soon as you get these emails to avoid any security issue being displayed when trying to access your website.

First method: Update SSL certificates manually

If you want to do it by yourself, it only takes a few steps to generate a new SSL certificate on CPanel:

• Step 1: Logon to your CPanel administration interface
  
• Step 2: Delete old SSL certificates
  
• Step 3: Uninstall SSL host
  
• Step 4: Exclude subdomains from AutoSSL
  
• Step 5: Run AutoSSL to generate a new SSL certificate
  
• Step 6: Browse your SSL secured website!
  

If your SSL certificate has expired, has errors, and it all seems to difficult for you, another easier solution is to integrate your websites with a CDN that will manage and optimize your site on your behalf, including SSL certificate generation, such as Ezoic. Otherwise, follow the guide!

Step 1: Logon to your CPanel administration interface

First of all, you should find your administration interface after having logged onto your web host interface.

If your web host do not allow you access the CPanel administration interface, then if you are serious about your website, it might be better to switch to a more reliable web host such as hours - see how to create an account in our dedicated guide:

After having logged on your CPanel administration interface, scroll down to the security section of CPanel.

There, you will find two different menus that will be relevant in our case:

• SSL/TLS menu will let you check your sites SSL existing certificates, and delete the ones in error,
• SSL/TLS Status menu will let you include or exclude subdomains from AutoSSL, and trigger an AutoSSL generation

But first, let's delete old SSL certificates in SSL/TLS menu. Open the Generate, view, upload, or delete SSL certificates link.

Step 2: Delete old SSL certificates

In that screen, scroll down to your website and check the existing SSL certificates.

The ones that already expired can simply be deleted, and the one currently used but that is triggering error emails must be deleted.

Do not worry, the SSL certificates will be generated right after, and the disruption on your website will be relatively short, a few minutes at best.

Delete all certificates for your website to make a good cleaning, the ones expired and the current one that is generating a security issue.

Step 3: Uninstall SSL host

After having removed your expired certificates from CPanel, go back to the SSL/TLS menu and open the Manage SSL sites link.

There, scroll down to your website host, where you might see an exclamation mark next to certificate's expiry date, telling you that the SSL certificate has expired and should be renewed.

Uninstall the certificate for your website in order to give it a good cleanup, before we will go right away to generate a new one.

Click on the uninstall option next to your server subdomains listing, and proceed to delete the SSL host from cPanel by validating the confirmation box that shows up.

Your website SSL settings are now clear, and we can proceed by triggering the generation of a new and valid certificate.

Step 4: Exclude subdomains from AutoSSL

Go back to cPanel administration screen, and open now the other SSL menu, called SSL/TLS Status.

From there, if you have many websites, search for the domain name for which you will want to generate a new SSL certificate.

Learn SEO Basics: Enroll Today!

Boost your website's visibility and traffic by mastering the fundamentals of SEO with our easy-to-follow Basics course.

Start Learning SEO

You might see issues being displayed there, check them carefully.

If you do not recognize any of the subdomains with errors, and you are sure that your website do not need them, click on the corresponding button to exclude them from AutoSSL.

Remove them one after the other, and make sure to keep included in AutoSSL the subdomains you need, which are the following in my case:

• eurtosd.com root domain
• eurtosd.wciwear.com subdomain from web host main domain
• mail.eurtosd.com for MX DNS records related to be able to receive emails on this domain
• www.eurtosd.com for www subdomain direct access
• www.eurtosd.wciwear.com for www subdomain access from web host main domain

You probably do not need any additional subdomains, at least for a standard content website such as a WordPress blog.

However, if you access a webmail or another application installed on your server, make sure that it is not using one additional subdomain.

Step 5: Run AutoSSL to generate a new SSL certificate

You can now click on the Run AutoSSL button that is located above the list of subdomains.

The auto check should only take a minute or two, and if all went well, a success message should be displayed on the top right corner at the end.

The page will refresh itself, and the excluded subdomains should not be showing up with errors anymore, while the included subdomains should be checked as green and valid, as they are now included in the new SSL certificate that has been generated for your website.

Step 6: Browse your SSL secured website!

Finally, the last step is to check on your website if the SSL security issue has disapeared!

Just open a new browser window, and see if you still get the issue.

If you have told your web browser to accept the security risk and continue, it might not directly automatically check for a new SSL certificate - try to first click on the locker icon next to the URL navigation bar, and follow the menus to forget the existing certificate.

Reload the page, and all the SSL security issues should be gone now.

Another solution for beginners to solve SSL issues is to get your website protected by a Content Delivery Network, shortned as CDN, that will take care of creating and delivering a valid SSL certificate to your visitors on your behalf - Ezoic is great at optimizing your website and taking care of your SSL settings for you!

Second method: Exclude entries from DNS

Another way to solve your website’s potential reduced SSL coverage is to delete the incriminated DNS entries, the ones that would not be covered by your SSL certificate anymore, from the DNS records.

To do so, login to your cPanel administration interface, and open the DNS Zone editor.

From there, find the domain which is experiencing troubles with potential loss of SSL coverage, and delete the entries one after the other.

After a while, your SSL certificate will automatically be correctly updated, excluding these DNS entries that do not exist anymore!

However, if some of these DNS entries are necessary, make sure that they are properly setup in your whole DNS chain, either on your registrar, your cloud caching, or your web host.

Frequently Asked Questions

What should you do if cPanel SSL renewal fails to update due to domains error?

You need to remove subdomains from AutoSSL generation as soon as you receive warning emails to avoid security issues when you try to access the website.