Linux KVM VPS is quite a popular server setup these days for people using the cPanel and WHM panel to manage their servers and reseller accounts. Also, now SSL certificates are a must for all websites after Google started giving preference in search to secure websites.
How to RenewSSL Certificate when using WHM/cPanel Manage AutoSSL and Cloudflare
With the WHM panel, it is super easy to configure an SSL certificate and automatically update it every 3 months(most SSL certificates must be renewed after 90 days). Also, you can do it for all the cPanel accounts hosted on a server using the Manage AutoSSL feature of the WHM panel.
But this feature doesn't work well if you have Cloudflare services enabled on any cPanel account, because when we have Cloudflare setup on any account then any request for that account is passed through Cloudflare VPN before reaching the server and also the DNS provided for that cPanel account would be of Cloudflare and not the local DNS server.
Hence every 3 months the SSL certificate uploaded using Let's Encrypt expires and auto-renewal for it doesn't work although it is a part of the cPanel feature.
I have searched for solutions and have tried multiple workarounds but none seems to work, also here is what the official cPanel Technical Support said when asked about this issue:
I understand that you are inquiring about any additional or necessary steps required to allow websites that utilize CloudFlare services to use the AutoSSL feature provided by cPanel. I apologize, however, cPanel's AutoSSL functionality does not work for any domains utilizing CloudFlare and/or any CDN/proxy type services. For SSL Domain Control Validation to succeed, the domain must resolve to an IP address located on your cPanel server. At this time there are no known workarounds, other than disabling CloudFlare.
Hence there is only one way to update the SSL certificate, do the following:
How to Update the SSL Certificate
-
Open your Cloudflare account.
-
On the Home page, look for the option Pause Cloudflare on Site, and click on it to temporarily pause Cloudflare on your website.
-
Now login to WHM Panel and search for Manage AutoSSL.
-
On the Manage AutoSSL page click on the button Run AutoSSL for all Users. This will renew the SSL certificate on the server.
-
Once you are done, go to Cloudflare and enable the Cloudflare service on the site again.
Conclusion
Now you can automate the SSL certificate renewal process, ensuring uninterrupted security for your website and maintaining trust with your users. Remember to regularly monitor the status of your SSL certificates, set up notifications for expiring certificates, and stay informed about updates and changes in WHM/cPanel and Cloudflare. With the combined force of WHM/cPanel AutoSSL and Cloudflare, you can confidently provide a secure browsing experience and safeguard your online presence.
Frequently Asked Questions(FAQs)
What is WHM/cPanel AutoSSL, and how does it work?
WHM/cPanel AutoSSL is a feature that automatically secures websites with SSL certificates. It leverages the Let's Encrypt certificate authority to issue and install SSL certificates for domains hosted on the server. AutoSSL automatically renews certificates before they expire, ensuring continuous security.
Can I use Cloudflare with WHM/cPanel AutoSSL?
Yes, you can use Cloudflare in conjunction with WHM/cPanel AutoSSL. Cloudflare acts as a content delivery network (CDN) and provides additional security features, such as DDoS protection and web application firewall (WAF). It sits in front of your server, allowing you to benefit from Cloudflare's services while utilizing WHM/cPanel AutoSSL for SSL certificate management.
How do I renew an SSL certificate with WHM/cPanel AutoSSL?
WHM/cPanel AutoSSL handles SSL certificate renewal automatically. It checks for expiring certificates and generates new ones, replacing the expiring ones seamlessly. WHM/cPanel sends notifications when certificates are renewed, allowing you to track the renewal process.
Does AutoSSL work with both the root domain and subdomains?
Yes, WHM/cPanel AutoSSL can secure both the root domain (e.g., example.com) and its subdomains (e.g., subdomain.example.com). It automatically issues certificates for the main domain and any additional subdomains that are configured on the server.
Are there any additional considerations when using Cloudflare with WHM/cPanel AutoSSL?
When using Cloudflare, it's important to configure the SSL/TLS settings in your Cloudflare account to use "Full" or "Full (Strict)" mode. This ensures that Cloudflare communicates with your server using SSL. Additionally, it's recommended to keep an eye on the SSL status in your Cloudflare dashboard to ensure proper certificate renewal and syncing with WHM/cPanel AutoSSL.
You may also like: