How to fix Let’s Encrypt automatic extension error

    Let's Encrypt is one of the most popular SSL types available today. This is because it is of good quality (compatible with all popular web browsers) and is especially free. However, the lifecycle of a Let's Encrypt certificate is quite short, lasting only 3 months. This means that every 3 months, you must conduct Let's Encrypt extension for your domain name. On hosting using cPanel / DirectAdmin, most of the service providers have equipped the auto-install feature for Let's Encrypt. But for some reason, the system cannot proceed automatically.

    Let's Encrypt automatic extension error

    Below is a picture of an email announcing cPanel's AutoSSL feature that can't automatically renew Let's Encrypt:
    Let’s Encrypt automatic extension error
    This error may stem from one of the following causes:

    1. Your domain name is pointing to another IP

    One of the required requirements before installing Let's Encrypt with AutoSSL (SSL / TLS Status) in cPanel is that your domain name must be pointed to the correct IP of the host. After the installation is successful, if you accidentally or intentionally point the domain name to another IP address, the system will get an error when renewing automatically.

    2. Your domain name is redirecting to another domain

    If you install Let's Encrypt on subdomains and set up 301 redirect (by .htaccess file for example) to the main domain, this will also lead to an auto-renewable error Let's Encrypt on subdomains.

    3. You are using CloudFlare CDN

    Using CloudFlare as a CDN means that the IP address of the host will be automatically replaced by the IP address of CloudFlare. This leads to the system determining if the domain name is not pointing to the host's IP and cannot proceed with SSL renewal.

    Let's Encrypt automatic extension error

    From the above reasons, we can fix Let's Encrypt extension error by following simple methods:

    1. Point the domain name to the correct IP of the host

    If you are pointing the domain name to another IP address, check it and point it to the correct IP of the host. You can use tools like intoDNS or IP Checker to check the IP address that the domain name is pointing to.
    If you are using CloudFlare, temporarily turn off its CDN feature, by accessing the CloudFlare account => select the corresponding domain name => select DNS tab => Click on the orange clouds in the Statuscolumn to convert it to gray.
    Let’s Encrypt automatic extension error
    Wait for the system to successfully renew SSL, repeat the steps above to convert the gray clouds to orange (re-enable CloudFlare CDN).

    2. Disable domain redirect

    If you are redirecting the domain you want to renew Let's Encrypt to another domain, disable the redirect feature until the renewal is successful. For example, I am redirected domain name to domain name by file .htaccess,will disable this feature by renaming files .htaccessto .htaccess_old.
    Let’s Encrypt automatic extension error

    Check out Let's Encrypt extension

    To know if domain names have been renewed Let's Encrypt is successful or not, for cPanel hosting with AutoSSL, you can access SSL / TLS Status to see the results. In the example below, my wpcanban.netdomain has been extended for 3 months:
    Let’s Encrypt automatic extension error
    It's simple, right? Good luck!
    Any questions regarding the installation error or Let's Encrypt automatic extension, please send to the comment box below for assistance and answers.

    No comments