If you manage domains behind Cloudflare’s proxy and run cPanel with AutoSSL, there’s a good chance you’ve woken up to an email like this: AutoSSL did not renew the certificate for “example.com”. You must take action to keep this site secure. DNS DCV: No local authority: “example.com”; HTTP DCV: “cPanel (powered by Sectigo)” forbids DCV […]
Why AutoSSL Fails Under Cloudflare Proxy Read Post »
If you’re running cPanel servers that process, store, or transmit credit card data, or even connect to systems that do, PCI DSS compliance isn’t optional. It’s a requirement that carries real financial and legal teeth. With PCI DSS v4.0.1 now fully enforced (the March 31, 2025 deadline for all “best practice” requirements has passed), every
PCI DSS Compliance Cookbook for cPanel Servers Read Post »
For over a decade, ConfigServer Security & Firewall (CSF) was the undisputed firewall solution for cPanel/WHM servers. If you ran a shared hosting environment, a reseller setup, or even a standalone VPS with cPanel, CSF was almost certainly part of your security stack. Its WHM integration, Login Failure Daemon (LFD), and straightforward configuration made
CSF Post-Shutdown Survival Guide: Migration & Configuration Read Post »
AutoSSL is one of cPanel’s most convenient features—automatically provisioning and renewing SSL certificates for every domain on your server. But if you’ve ever tried to get a wildcard certificate through AutoSSL, you’ve hit a wall. AutoSSL simply doesn’t support them. This isn’t an oversight. Wildcard certificates require DNS-based validation (DNS-01 challenge), and AutoSSL relies on
Wildcard SSL Workarounds for AutoSSL Using acme.sh Read Post »
When managing high-traffic websites on cPanel servers, proper PHP-FPM (FastCGI Process Manager) configuration can mean the difference between smooth performance and server crashes. This comprehensive guide will walk you through advanced PHP-FPM optimization techniques specifically tailored for cPanel environments. Understanding PHP-FPM in cPanel Context PHP-FPM operates differently in cPanel compared to standalone servers. cPanel’s MultiPHP
When using cPanel/Sectigo as the SSL provider for AutoSSL, you may occasionally see this error in the autossl log: The “cPanel (powered by Sectigo)” provider cannot currently accept incoming requests. The system will try again later. This error seems to be caused be incorrect permissions in /var/cpanel/ssl/domain_tls/. You can fix this with the following command:
Fixing AutoSSL “provider cannot currently accept incoming requests” Read Post »
Having SSL problems? One of the most common issues our team handles is related to websites not properly displaying over HTTPS, whether it be the website either not loading entirely, or just not showing the green padlock: If you’re sure that the SSL certificate is installed properly, but your site isn’t showing as secure, there
Troubleshooting Website SSL Issues – No Padlock Read Post »
Update! cPanel supports LetsEncrypt, but you just need to install the plugin for it to work. To do this, run: /scripts/install_lets_encrypt_autossl_provider Once installed, Let’s Encrypt will appear in WHM’s Manage AutoSSL interface (Home >> SSL/TLS >> Manage AutoSSL) where you can enable the provider. At the time of this writing, LetsEncrypt is in public beta
Installing LetsEncrypt SSL Certificates on CentOS + cPanel Servers Read Post »
Note: This is an update from our 2011 post. If you’ve taken a peek at your PCI scan results lately, you may have noticed that your scan provider is now requiring OpenSSH 6.6 or higher due to CVE-2014-2532 – a version that is not currently available in the CentOS 5 or 6 repositories. A Yum update isn’t going
Upgrading OpenSSH on CentOS and AlmaLinux Read Post »
