Last updated on February 7th, 2023 at 10:15 am
Challenge
A short while after I set up Cloudflare for my website, I got a warning email from cPanel saying,
AutoSSL did not renew the certificate. 9 of the website’s secured domains just failed DCV (Domain Control Validation).
My hosting plan includes a free SSL certificate that automatically renews annually. I never had a problem before, but this time.
By the way, DCV means Domain Control Validation. Does it have to be abbreviated? I had to google it. ?
Fix (temporal?)
While I had a not-so-wild guess that the recent installation of Cloudflare had something to do with it, I contacted the support desk at my hosting provider. Here are the steps I was instructed.
I had to move to Step 2 quickly once Step 1 was done because pausing Cloudflare could give site visitors a security warning or error message.
- Pause Cloudflare on the site temporarily
→ Go to Cloudflare dashboard and select the website.
→ On the Overview page, go to Advanced Actions at the bottom right.
→ click Pause Cloudflare on Site, then Confirm. - Install a new SSL Certificate at the hosting server
(I could have asked the support at the hosting provider to do Step 2 on their end, but I didn’t bother.)
→ Log in to cPanel and go to SSL/TLS under the Security section.
→ Click Manage SSL sites in the lower right of the page.
→ Find the domain with the issue and click Uninstall (Once it is done, auto SSL from the server side starts, but you may have to run auto SSL manually).
→ Go back to the cPanel top page, then SSL/TLS status under the Security section.
→ Select (check the boxes) the domains with the error and click the Run AutoSSL button at the top.
Once it’s done, you should see a green icon like this. - Restart Cloudflare
→ Go back to the Cloudflare dashboard and select the website.
→ On the Overview page, go to Advanced Actions at the bottom right.
→ click Enable Cloudflare on Site, then Confirm.
Thoughts
It was a quick fix, but I have to do it every time the certificate expires. “Clearing cache is not a 1-click job anymore” is another issue. Do slightly better speed and a bit more sealed “Who Is” make up for all? I don’t know. I’ll see how my lazy nature feels till the next certificate renewal.