WHM · Admin / Reseller

Manage AutoSSL

Home › SSL/TLS › Manage AutoSSL

The AutoSSL feature provides free SSL certificates for your users' domains. The system will periodically inspect users' installed certificates and replace those that are about to expire or that are insufficient to provide a baseline level of security. Users who do not have the "autossl" feature will not receive the free certificates.

Current Provider: Let's Encrypt™

Provider Account ID: https://acme-v02.api.letsencrypt.org/acme/acct/3158690191

Manage Users

AutoSSL Providers

Choose an AutoSSL provider: Show/Hide Details

Disabled

Let's Encrypt™ ★★★★☆

This interface uses the following parameters to calculate the usability score: DCV Methods, Domains per Certificate, Average Delivery Time, Maximum Number of Redirects, and Wildcard Support. Click here to view details.

Terms of Service

To use Let's Encrypt™ as the AutoSSL provider, accept their terms of service:

https://letsencrypt.org/documents/LE-SA-v1.7-June-04-2026.pdf

I agree to these terms of service.

Recreate my current registration with "Let's Encrypt™".

Custom ACME

NEW

Allow your customers to use their own ACME-compatible Certificate Authority for SSL automation in cPanel. Useful for customers who hold their own commercial CA accounts (Sectigo SCM, GlobalSign Atlas, DigiCert, regional CAs, internal PKI), or for partners reselling certificates from a CA they have a direct relationship with.

Customers configure their CA credentials (Directory URL, EAB Key ID, EAB HMAC) directly in cPanel. cPanel automates issuance and renewal; the customer's CA bills them directly. cPanel does not handle billing, certificate sales, or commercial terms for this option.

→ Read the admin guide · → Customer onboarding guide

WHM · Admin / Reseller

Manage AutoSSL → Logs

Home › SSL/TLS › Manage AutoSSL › Logs

Home Options Logs Manage Users

AutoSSL Logs

Provider:

Username:

Username filter applies to Custom ACME logs only.

Select a log to view:

Let's EncryptJun 15, 2026 2:25:01 PM — All users

Custom ACMEJun 15, 2026 2:14:32 PM — customer1 — Issuance — Success

Custom ACMEJun 15, 2026 11:42:18 AM — customer3 — Renewal — Failed (EAB rejected)

Let's EncryptJun 15, 2026 11:25:01 AM — All users

Custom ACMEJun 15, 2026 9:08:42 AM — customer2 — Renewal — Success

Custom ACMEJun 15, 2026 8:55:14 AM — customer1 — Credential validation — Success

Custom ACMEJun 15, 2026 8:31:07 AM — customer4 — Reissue — Success

Custom ACMEJun 14, 2026 6:10:22 PM — customer2 — Unassign — Completed

WHM · Admin / Reseller

Manage AutoSSL → Manage Users

Home › SSL/TLS › Manage AutoSSL › Manage Users

Home Options Logs Manage Users

Configure AutoSSL for Users on the Server

Showing 1–5 of 5 items

User	Toggle AutoSSL (Let's Encrypt)	Custom ACME NEW
adminostesv23	Enable AutoSSL Override the feature list setting and force AutoSSL to be enabled. Disable AutoSSL Override the feature list setting and force AutoSSL to be disabled. Reset to Feature List Setting Use setting established by the feature list "default" which is currently set to "enabled".	Enabled DomainStatus acme-corp.orgActive shop.acme-corp.orgExpiring
gamenexa	Enable AutoSSL Override the feature list setting and force AutoSSL to be enabled. Disable AutoSSL Override the feature list setting and force AutoSSL to be disabled. Reset to Feature List Setting Use setting established by the feature list "default" which is currently set to "enabled".	Disabled
customer3	Enable AutoSSL Override the feature list setting and force AutoSSL to be enabled. Disable AutoSSL Override the feature list setting and force AutoSSL to be disabled. Reset to Feature List Setting Use setting established by the feature list "default" which is currently set to "enabled".	Enabled DomainStatus blueterra.ioActive

WHM · Admin / Reseller

Manage SSL Hosts

Server › SSL/TLS › Manage SSL Hosts

Installed SSL Hosts

Owner:

Issuer:

Provider type:

Showing 7 of 7 hosts

Domains	IP Address	IP Address Type	Is Primary Website on IP Address?	Is SNI Required?	Document Root	Owner	Issuer	Expires	Key Type	Actions
acme-corp.org www.acme-corp.org mail.acme-corp.org	10.0.0.121	Shared	Yes	No	/home/adminostesv23/public_html	adminostesv23	Let's Encrypt	5/30/2027	RSA	Delete Make Primary
shop.acme-corp.org api.acme-corp.org	10.0.0.121	Shared	No	Yes	/home/adminostesv23/public_html/shop	adminostesv23	Sectigo CA Limited Custom ACME	7/30/2026	RSA	Delete Make Primary
blog.acme-corp.org	10.0.0.121	Shared	No	Yes	/home/adminostesv23/public_html/blog	adminostesv23	Self Signed	6/20/2026	RSA	Delete Make Primary
gamenexa.com www.gamenexa.com	10.0.0.122	Shared	Yes	No	/home/gamenexa/public_html	gamenexa	Let's Encrypt	8/4/2026	ECC	Delete Make Primary
store.gamenexa.com	10.0.0.122	Shared	No	Yes	/home/gamenexa/public_html/store	gamenexa	Sectigo CA Limited Custom ACME	9/15/2026	RSA	Delete Make Primary
blueterra.io www.blueterra.io	10.0.0.123	Shared	Yes	No	/home/customer3/public_html	customer3	Let's Encrypt	7/12/2026	RSA	Delete Make Primary
app.blueterra.io	10.0.0.123	Shared	No	Yes	/home/customer3/public_html/app	customer3	Sectigo CA Limited Custom ACME	8/22/2026	ECC	Delete Make Primary

cPanel · Customer

SSL/TLS Manager

Manage SSL certificates for your domains. Learn more ↗

Manage SSL Status Certificates Keys Requests Installation Settings

Showing 4 domain groups

🌐 acme-corp.org Custom ACME · 5 subdomains

Sectigo CA Limited · Expires Jul 30, 2026 ▲

Domain	Certificate	Issuer	Expiry	Actions
acme-corp.org Primary	✓ Custom ACME	Sectigo CA Limited	Jul 30, 2026	View Certificate Secure this domain →
www.acme-corp.org	✓ Custom ACME	Sectigo CA Limited	Jul 30, 2026	View Certificate Secure this domain →
mail.acme-corp.org	✓ Custom ACME	Sectigo CA Limited	Jul 30, 2026	View Certificate Secure this domain →
shop.acme-corp.org	✓ Custom ACME	Sectigo CA Limited	Jul 30, 2026	View Certificate Secure this domain →
api.acme-corp.org	⊘ Self-Signed	—	—	Secure this domain →

🌐 hopkinslaw.net ✓ Let's Encrypt · 2 subdomains · Aug 12, 2026

▼

	Domain	Certificate	Issuer	Expiry	Actions
	hopkinslaw.net Primary	✓ Let's Encrypt	Let's Encrypt	Aug 12, 2026	View Certificate Secure this domain →
	www.hopkinslaw.net	✓ Let's Encrypt	Let's Encrypt	Aug 12, 2026	View Certificate Secure this domain →

🌐 bluefin-coffee.com 0/3 secured · 3 subdomains

▼

	Domain	Certificate	Issuer	Expiry	Actions
	bluefin-coffee.com Primary	⊘ Self-Signed	—	—	Secure this domain →
	www.bluefin-coffee.com	⊘ Self-Signed	—	—	Secure this domain →
	store.bluefin-coffee.com	✗ Renewal failed	Sectigo CA Limited	Aug 22, 2026	View Certificate
Renewal failed — Account suspended Your account with your certificate provider has been suspended. Your certificate is still active but will not renew until the suspension is lifted. What you can do: Contact your hosting provider immediately to resolve the suspension before your certificate expires.

Page size: 20 · 1 2 →

cPanel · Customer

SSL/TLS Manager

Manage SSL certificates for your domains. Learn more ↗

Manage SSL Status Certificates Keys Requests Installation Settings

Showing 3 domains · Tick subdomains to select, then click Secure this domain. Or click Secure this domain on any row to secure just that one.

🌐 acme-corp.org 0 / 3 secured · 3 subdomains ACME Credentials Configured

Self-Signed · Not Secured ▼

This domain isn't protected by a trusted SSL certificate.

Your Custom ACME credentials are configured. Select subdomains below or click Secure this domain to begin.

A Wildcard Certificate covers this domain and all its subdomains with a single certificate — no need to secure each one separately. Select wildcard →

Hostname	Cert Type	Issuer	Expiry	Status	Action
*.acme-corp.org	—	—	—	Not Secured	Secure this domain →
acme-corp.org	Self-Signed	—	—	Not Secured	Secure this domain →
www.acme-corp.org	Self-Signed	—	—	Not Secured	Secure this domain →
mail.acme-corp.org	Self-Signed	—	—	Not Secured	Secure this domain →
shop.acme-corp.org	Self-Signed	—	—	Not Secured	Secure this domain →
api.acme-corp.org	Self-Signed	—	—	Not Secured	Secure this domain →

🌐 hopkinslaw.net 0 / 2 secured · 2 subdomains ACME Credentials Not Configured

Self-Signed · Not Secured ▼

This domain isn't protected by a trusted SSL certificate.

Issue a free Let's Encrypt certificate, purchase a paid certificate, or set up Custom ACME credentials to use your own CA.

A Wildcard Certificate covers this domain and all its subdomains with a single certificate — no need to secure each one separately. Select wildcard →

Hostname	Cert Type	Issuer	Expiry	Status	Action
*.hopkinslaw.net	—	—	—	Not Secured	Secure this domain →
hopkinslaw.net	Self-Signed	—	—	Not Secured	Secure this domain →
www.hopkinslaw.net	Self-Signed	—	—	Not Secured	Secure this domain →

🌐 bluefin-coffee.com 0 / 3 secured · 3 subdomains Store Disabled · ACME Not Configured

Self-Signed · Not Secured ▼

This domain isn't protected by a trusted SSL certificate.

Issue a free Let's Encrypt certificate, or set up Custom ACME credentials to use your own CA. The cPanel Store is not available for this account.

A Wildcard Certificate covers this domain and all its subdomains with a single certificate — no need to secure each one separately. Select wildcard →

Hostname	Cert Type	Issuer	Expiry	Status	Action
*.bluefin-coffee.com	—	—	—	Not Secured	Secure this domain →
bluefin-coffee.com	Self-Signed	—	—	Not Secured	Secure this domain →
www.bluefin-coffee.com	Self-Signed	—	—	Not Secured	Secure this domain →
store.bluefin-coffee.com	Self-Signed	—	—	Not Secured	Secure this domain →

cPanel · Customer

SSL/TLS Manager

Manage SSL certificates for your domains. Learn more ↗

Manage SSL Status Certificates Keys Requests Installation cPanel Store

← Back to SSL Selection · Upgrading: acme-corp.org

⭐ Why buy from cPanel Store?

Auto-Reissue
Certificate reissued automatically before expiry — no manual action needed.

Seamless Installation
Certificate installed on your domain automatically after purchase.

Trusted by All Browsers
Sectigo certificates recognised by 99.9% of browsers.

Business Identity (OV/EV)
Verify your company name for stronger customer trust.

Select the certificate that suits your needs:

S Sectigo Domain Validated · DV

Comodo DV SSL Certificate

Fast issuance with domain-level verification. Ideal for blogs, personal sites, and small businesses.

Domain ownership verified
HTTPS padlock in browser
Auto-reissue via cPanel Store
Includes parent domain

Wildcard available — covers all subdomains

Custom ACME — Post-issuance error states

How each post-issuance error appears inline in the SSL/TLS Status tab. Each tab shows a domain row with the error expanded beneath it. Note: "Expiring soon" is not a UI status for Custom ACME — it is handled as an email notification only (see Screen 11 → Expiry warning).

Invalid credentials Account suspended CA unreachable Expired

All Custom ACME domains on the account are affected when credentials are invalid.

Domain	Certificate	Issuer	Expiry
acme-corp.org	✗ Renewal failed	Sectigo CA Limited	Jul 30, 2026
www.acme-corp.org	✗ Renewal failed	Sectigo CA Limited	Jul 30, 2026
mail.acme-corp.org	✗ Renewal failed	Sectigo CA Limited	Jul 30, 2026
Renewal failed — Credentials not accepted Your certificate provider did not accept the credentials associated with your account. This affects all Custom ACME certificates on your account — none will renew until this is resolved. Current state: All Custom ACME certificates are still active but will not renew. Your certificate provider has rejected the EAB credentials stored for your account. What you can do: Contact your hosting provider to obtain updated credentials, then update them in Advanced Settings on any certificate's Manage modal and retry.

Domain: shop.acme-corp.org · Issuer: Sectigo CA Limited

Domain	Certificate	Issuer	Expiry	Actions
shop.acme-corp.org	✗ Renewal failed	Sectigo CA Limited	Expires Jul 30, 2026	Manage
Renewal failed — Account suspended Your account with your certificate provider has been suspended. All Custom ACME certificates on your account will stop renewing until the suspension is lifted. Current state: Certificate is still active but will not renew. All other ACME-managed domains on your account are also affected. What you can do: Contact your hosting provider immediately to resolve the suspension before your certificate expires.

Domain	Certificate	Issuer	Expiry	Actions
api.acme-corp.org	⏳ Renewal pending	Sectigo CA Limited	Expires Aug 5, 2026	Manage
Renewal pending — Certificate provider not responding cPanel was unable to reach your certificate provider's server during the last renewal attempt. This is usually a temporary issue on your provider's side. Current state: Certificate is still active. cPanel will retry automatically on the next scheduled cycle. No action needed from you right now. What you can do: If this has persisted for more than 24 hours, contact your hosting provider.

Domain	Certificate	Issuer	Expiry	Actions
acme-corp.org	✗ Expired	Sectigo CA Limited	Expired Jun 1, 2026	Secure this domain → Manage
Certificate expired — Domain is no longer secured The certificate for this domain has expired. Visitors will see a security warning when visiting your site. Current state: Domain is insecure. HTTPS is no longer functioning correctly for this domain. What you can do: Use Manage to Reissue the certificate immediately, or choose a different certificate type.

cPanel · Customer

Per-cert Manage modal (restructured)

Reissue / Modify Certificate / Unassign as action cards with descriptions and an Execute button each. Advanced Settings includes ACME credentials, Account URL, and per-cert toggles (HTTPS Redirect, HSTS).

Behaviour: No "Lifecycle" section heading. Three action cards each have a description and an Execute button. Clicking Reissue or Unassign opens an in-portal confirmation modal (not a browser alert). HTTPS Redirect and HSTS now live inside Manage — removed from the Status row.

Engineer Reference · Error States

Custom ACME — Error state catalogue

Customer-facing error states for Custom ACME certificate failures. Each tab shows the full error structure. Language avoids CA/technical jargon — always directed to the hosting provider.

Invalid credentials Provider unreachable Rate limit hit Account suspended Certificate issued ✓

❌ Certificate request failed — Credentials not accepted

Domain: shop.acme-corp.org

Your certificate provider did not accept the credentials associated with your account. This usually happens when your credentials have expired, been rotated, or were entered incorrectly.

Contact your hosting provider to get a fresh set of credentials and update them in your account settings.

Current state

This domain remains in its previous state (insecure). No certificate has been issued. Any existing certificate on this domain is unaffected.

What you can do

Contact your hosting provider to obtain updated credentials, then update them in Advanced Settings and retry.
Choose a different certificate type for this domain (e.g. Let's Encrypt).
Try again later if you believe this was a temporary issue.

❌ Certificate request failed — Certificate provider not responding

Domain: mail.acme-corp.org

cPanel was unable to reach your certificate provider's server to submit the request. This is usually a temporary issue on your certificate provider's side and not related to your account or domain settings.

No action is required from you right now. cPanel will retry the request automatically.

Current state

Your certificate request has not been submitted. This domain remains in its previous state. cPanel will attempt again on the next scheduled cycle.

What you can do

Wait — cPanel retries automatically. Check the SSL/TLS Status tab in a few minutes.
If this has persisted for more than 24 hours, contact your hosting provider.
Choose a different certificate type for this domain (e.g. Let's Encrypt) if you need a certificate urgently.

❌ Certificate request failed — Too many requests

Domain: api.acme-corp.org

Your certificate provider has temporarily paused new certificate requests for your account because too many requests were made in a short period of time. This is a limit set by your certificate provider.

No immediate action is needed. cPanel will retry automatically once the waiting period has passed.

Current state

This domain remains in its previous state (insecure). Your certificate provider has not issued a certificate. cPanel will automatically retry on the next scheduled cycle.

What you can do

Wait for cPanel to retry automatically — this usually resolves within a few hours.
If the issue continues, contact your hosting provider.
Choose a different certificate type for this domain (e.g. Let's Encrypt) if you need a certificate urgently.

❌ Certificate request failed — Account suspended

Domain: www.acme-corp.org

Your account with your certificate provider has been suspended. New certificates cannot be issued and existing certificates will no longer renew until the suspension is lifted.

Contact your hosting provider immediately. This issue requires action on your certificate provider account before any certificates can be issued or renewed.

Current state

This domain remains in its previous state (insecure). All other domains on your account managed by Custom ACME are also affected — they will fail to renew until the suspension is resolved.

What you can do

Contact your hosting provider as soon as possible — they will need to resolve the suspension with your certificate provider before certificates can be issued or renewed.
As a temporary measure, switch affected domains to Let's Encrypt to keep them secured while the suspension is resolved.

✓ Certificate issued successfully

Domain: acme-corp.org

Your certificate has been issued by Sectigo CA Limited and installed on your domain. HTTPS is now active on all secured domains.

Certificates issued

Domain	Status	Issuer	Valid until
acme-corp.org	✓ Secured	Sectigo CA Limited	Aug 13, 2026
www.acme-corp.org	✓ Secured	Sectigo CA Limited	Aug 13, 2026
shop.acme-corp.org	✓ Secured	Sectigo CA Limited	Aug 13, 2026
api.acme-corp.org	✓ Secured	Sectigo CA Limited	Aug 13, 2026

mail.acme-corp.org was excluded — domain validation did not complete.

Engineer Reference · Mandatory Notifications

Mandatory notification emails — all 6

Always sent regardless of admin/user notification radio settings. Recipients vary per notification type.

Credentials rejected Domain not authorised Account suspended Provider unreachable Expiry warning Key file corruption

Recipients: Customer + Reseller

From: cPanel <no-reply@yourhost.example.com>

To: customer@acme-corp.org

Cc: reseller-admin@hostingprovider.example.com

Subject: Action required — your certificate provider rejected your credentials

Action required: Your credentials were rejected

Hi,

Your certificate provider rejected the credentials configured for acme-corp.org. Until this is resolved, all certificates managed via Custom ACME on your account will not renew.

What to do:

Contact your hosting provider to obtain updated credentials.
Once you have new credentials, update them in your cPanel account at: SSL/TLS Status → Manage → Advanced Settings → Edit ACME Credentials.

Affected account: customer1 on yourhost.example.com

Certificate provider: Sectigo CA Limited

Error timestamp: 14 Jun 2026 13:42 UTC

— Your cPanel hosting team

Manage AutoSSL

AutoSSL Providers

Terms of Service

Custom ACME

Manage AutoSSL → Logs

AutoSSL Logs

Manage AutoSSL → Manage Users

Configure AutoSSL for Users on the Server

Manage SSL Hosts

Installed SSL Hosts

SSL/TLS Manager

SSL/TLS Manager

SSL/TLS Manager

Custom ACME — Post-issuance error states

Per-cert Manage modal (restructured)

Custom ACME — Error state catalogue

Mandatory notification emails — all 6

Action required: Your credentials were rejected

Action required: Domain not authorised

Urgent: Your certificate provider account is suspended

Alert: Certificate provider unreachable for 24 hours

Urgent: Your certificate is expiring in 12 days

Alert: ACME account key file issue detected

Manage AutoSSL

AutoSSL Providers

Terms of Service

Custom ACME

Manage AutoSSL → Logs

AutoSSL Logs

Manage AutoSSL → Manage Users

Configure AutoSSL for Users on the Server

Enable AutoSSL

Manage SSL Hosts

Installed SSL Hosts

SSL/TLS Manager

SSL/TLS Manager

SSL/TLS Manager

Verify domain ownership

Set up Custom ACME

Custom ACME — Post-issuance error states

Per-cert Manage modal (restructured)

Custom ACME — Error state catalogue

Mandatory notification emails — all 6

Action required: Your credentials were rejected

Action required: Domain not authorised

Urgent: Your certificate provider account is suspended

Alert: Certificate provider unreachable for 24 hours

Urgent: Your certificate is expiring in 12 days

Alert: ACME account key file issue detected

Manage Certificate — acme-corp.org

Reissue

Modify Certificate

Unassign

Confirm action

Done