Last updated on March 20th, 2024 at 11:31 am

Challenge

A short while after I set up Cloudflare for my website, I got a warning email from cPanel saying,

AutoSSL did not renew the certificate. 9 of the website’s secured domains just failed DCV (Domain Control Validation).

My hosting plan includes a free SSL certificate that automatically renews annually. I never had a problem before, but this time.

By the way, DCV means Domain Control Validation. Does it have to be abbreviated? I had to google it. ?

Fix (temporal?)

While I had a not-so-wild guess that the recent installation of Cloudflare had something to do with it, I contacted the support desk at my hosting provider. Here are the steps I was instructed.
I had to move to Step 2 quickly once Step 1 was done because pausing Cloudflare could give site visitors a security warning or error message.

  1. Pause Cloudflare on the site temporarily

    → Go to Cloudflare dashboard and select the website.
    → On the Overview page, go to Advanced Actions at the bottom right.
    → click Pause Cloudflare on Site, then Confirm.

  2. Install a new SSL Certificate at the hosting server

    (I could have asked the support at the hosting provider to do Step 2 on their end, but I didn’t bother.)
    → Log in to cPanel and go to SSL/TLS under the Security section.
    → Click Manage SSL sites in the lower right of the page.
    → Find the domain with the issue and click Uninstall (Once it is done, auto SSL from the server side starts, but you may have to run auto SSL manually).
    → Go back to the cPanel top page, then SSL/TLS status under the Security section.
    Select (check the boxes) the domains with the error and click the Run AutoSSL button at the top.

    Once it’s done, you should see a green icon like this.
    Auto SSL Certificate OK

  3. Restart Cloudflare

    → Go back to the Cloudflare dashboard and select the website.
    → On the Overview page, go to Advanced Actions at the bottom right.
    → click Enable Cloudflare on Site, then Confirm.

Thoughts

It was a quick fix, but I have to do it every time the certificate expires. “Clearing cache is not a 1-click job anymore” is another issue. Do slightly better speed and a bit more sealed “Who Is” make up for all? I don’t know. I’ll see how my lazy nature feels till the next certificate renewal.