Solution - AutoSSL reduced SSL coverage

Known problem in cPanel AutoSSL.

 

This now requires each subdomain be verified individually. If this fails, they will automatically stop including them in the attempt and send an alert to your configured mail addresses. This can get very spammy, so you might want to solve the root cause. More context at the official cPanel docs.

 

To resolve this, we recommend you check the configured domains. As you can see in the screenshot below, this often includes auto-generated cPanel subdomains:

 A screenshot of cPanel interface showing all configured domains eligible for being included in AutoSSL coverage

 

As you can see, there's a lot of unprotected subdomains, however, none of these are actually in use. As such, you can safely exclude these from your certificate.

 

To do this, you need to be logged in as the user of the domain for which the certificate is being generated.

 

Once logged in, you need to find the following option in your main menu: SSL/TLS Status

 

That page will look like this:

A screenshot of cPanel page SSL/TLS Status, listing all eligible AutoSSL domains and their status, potential error codes, and an option to include/exclude from AutoSSL


Here you can see what your subdomains might look like. "AutoSSL Domain Validated" means it works, so you can ignore those. Then, all subdomains in red need to be checked. If you don't use the subdomain, you should click "Exclude from AutoSSL" as seen in the second item in the screenshot. Once you've dealt with all subdomains in error, you can click the "Run AutoSSL" button at the top of the page to re-run the validation. This will mean no more errors when running AutoSSL, and no more alert spam!

Was this article helpful?

mood_bad Dislike 0
mood Like 0
visibility Views: 534