If you have received an email where "AutoSSL reduced SSL coverage" appears in the subject field, it is because cPanel has had problems setting up SSL for one or more domains/subdomains.
The message will contain a list of all domains that failed DCV (Domain Control Validation). The DCV is created to verify that you have access to the domain name for which an SSL certificate is being issued. Next to each domain name that failed DCV, it will also state why the validation failed. AutoSSL tries to do DCV either via DNS (if the domain uses our name servers) or via HTTP, where a temporary file is created in the {$dokumentrod}/.well-known/pki-validation/ folder.
Validation can fail for several reasons, but the most typical are:
- the domain name does not point to the ip address of your web hosting solution
- no A record exists for the domain name
- it is not possible to validate via HTTP because something is blocking access to the generated file
How to solve it?
How to exclude a domain name from AutoSSL?
In some cases, you may not need the system to issue an SSL certificate for the domain name. This happens e.g. applicable if you use another provider for the website or a proxy such as CloudFlare for some of your domains or subdomains.
In these cases, you should instead exclude the specific domains from AutoSSL.
- Log in to your cPanel account via https://your-domain.dk/cpanel (replace your-domain.dk with your own domain name)
- Go to Security > SSL/TLS Status
- Tryk på "Exclude from AutoSSL" ved det domæne, som AutoSSL ikke skal udstede SSL-certifikat til
AutoSSL will no longer include the domain name in the certificate being issued.
Note: Some domains/subdomains must be included in AutoSSL if you want to use the functionality that the domain/subdomain offers. If you use our e-mail server, you must e.g. do not exclude "mail.domain.dk" from AutoSSL, as this will result in a certificate error in your email program.
