cPanel AutoSSL

cPanel AutoSSL

You may have noticed lots of annoying notifications from CPanel recently regarding your SSL Certificate being updated. This may come as a shock to you, especially if you have never even opted to get an SSL certificate for your website!

This is from a new feature called Auto SSL, which was automatically enabled in a recent update to CPanel.

What is AutoSSL?

Auto SSL will scan  each website on the server and it will install a free SSL certificate for each domain name that doesn’t already have one.

Auto SSL certificates last 90 days and then they are renewed again.

Why are you receiving so many emails about it?

Often Auto SSL renewals can fail and because it auto renews quite often you can end up getting lots of alarming emails.

If you have multiple domain names it is going to really make things worse too.

If you are a web hosting provider then you do now get a lot of options about what notifications are sent out to your customers, something that CPanel quickly added after it was first released as it did cause a lot of panic.

How can you stop receiving emails about it?

Administrators, web hosts, resellers and clients themselves have the option to disable AutoSSL which will, in turn, stop the email notifications.

We would recommend that web hosts turn AutoSSL off completely and only enable it for a specific website only on the website owner’s request.

Web hosts can turn it off for all clients by doing the following:

  1. Login to WHM as root
  2. Search “SSL/TLS”
  3. Select “Manage AutoSSL”
  4. Choose “disable” and save

Clients can disable it themselves in 4 easy steps:

  1. Login to cPanel
  2. Search “SSL/TLS”
  3. Click on “Manage SSL Sites”
  4. Delete the AutoSSL

Should you use Auto SSL?

The concept of Auto SSL is great, everyone should have some form of SSL certificate installed on their website as standard now.

However, instead of educating people and offering a choice, Auto SSL was released in quite an invasive way!

It came auto enabled and it just scanned every website, attempting to install certificates as it went, mass emailing people about the status of the Auto SSL installation which ends up causing a lot of panic.

Before just jumping into using the Auto SSL free certificate you should consider whether it is best for you, or whether a paid option is more suitable.

Free SSL vs Paid Alternatives

Auto SSL is great if you just want some level of protection and you are not wanting to spend any money to  get it. It is very easy to get it setup and it can even be used on sub domains like “mail.yourdomain.com” to provide further protection.

However, you can get a paid SSL at a very low cost per annum. Paid SSL is said to be much better in the eyes of search engines and it offers a guaranteed, and higher level of protection. The downside is that it is a little harder to configure.

We offer a paid SSL certificate with installation for just £34.99 per annum which includes configuring a full redirection within WordPress from http to https.

If you would like to learn more about whether Free SSL is right for you please read our comparison of free vs paid SSL certificates