- Understanding cPanel AutoSSL
- Now For The Common Errors
- The web server responded with the following error: 404 (Not Found)
- A DNS (Domain Name System) or web server misconfiguration may exist
- The system failed to fetch the DCV (Domain Control Validation) file
- cPanel (powered by Sectigo)” forbids DCV HTTP redirections
- Does not resolve to any IP addresses on the internet
- DCV challenge returned no “TXT” record
- The content “” of the DCV (Domain Control Validation) file
- The cPanel Store returned an error (X::TemporarilyUnavailable)
- The cPanel Store returned an error (X::AuthenticationFailure)
- CERTIFICATE_IS_EXTERNALLY_SIGNED
cPanel’s AutoSSL is a tool that simplifies the process of securing your website with an SSL certificate. As we all know with any technology, it can sometimes encounter errors. In this article, we’ll explore the most common cPanel AutoSSL errors and provide solutions to fix them, ensuring your website remains secure and trustworthy.
Understanding cPanel AutoSSL
AutoSSL is a feature in cPanel that automatically installs and renews SSL certificates for your domains. It renews your certificates every 3 months making sure your data is encrypted between your server and visitors. AutoSSL eliminates the need for manual installation and renewal, making SSL management hassle-free.
Now For The Common Errors
The web server responded with the following error: 404 (Not Found)
Local HTTP DCV error (domainname.com): The system queried for a temporary file at “”, but the web server responded with the following error: 404 (Not Found). A DNS (Domain Name System) or web server misconfiguration may exist. The domain “domainname.com” resolved to an IP address “” that does not exist on this server.
This error means that the domain name is not pointing to the server’s IP address. To fix this, point your A records or Name Servers to the server you’re trying to run AutoSSL on. You may need to wait up to 24 hours for your DNS records to populate. If you are using Cloudflare you will need to pause it to run the SSL. You can verify that it is populated via DNSChecker, Once verified try re-running AutoSSL.
A DNS (Domain Name System) or web server misconfiguration may exist
Local HTTP DCV error (domain.com): The system queried for a temporary file at “”, but the web server responded with the following error: 404 (Not Found). A DNS (Domain Name System) or web server misconfiguration may exist.
You typically get this error on a subdomain or addon domain that has just been added to your cPanel account. Make sure you have added it correctly by assigning it to a root folder (outside Public_HTML). You may need to wait for the DNS to populate if you have just pointed an A record too it or if you’ve just changed the nameservers. Once verified that its populated via DNSChecker try re-running SSL.
The system failed to fetch the DCV (Domain Control Validation) file
Local HTTP DCV error (domainname.com): The system failed to fetch the DCV (Domain Control Validation) file at “” because of an error: The system failed to send an HTTP (Hypertext Transfer Protocol) “GET” request to “” because of an error: Timed out while waiting for socket to become ready for reading. The domain “domainname.com” resolved to an IP address “” that does not exist on this server."
This error means that the domain name is not pointing to the server’s IP address. To fix this, point your A records or Name Servers to the server you’re trying to run AutoSSL on. You may need to wait up to 24 hours for your DNS records to populate. If you are using Cloudflare you will need to pause it to run the SSL. You can verify that it is populated via DNSChecker, Once verified try re-running AutoSSL.
cPanel (powered by Sectigo)” forbids DCV HTTP redirections
Local HTTP DCV error (domainname.com): “cPanel (powered by Sectigo)” forbids DCV HTTP redirections.
This error means that the domain name you’re trying to run AutoSSL on is redirecting to another domain. This redirection must be removed before running SSL again. This often happens with domains using Cloudflare which requires you to temporarily pause it while you run AutoSSL.
Does not resolve to any IP addresses on the internet
Local HTTP DCV error (domainname.com): “domainname.com” does not resolve to any IP addresses on the internet.
This error means that the domain name is not pointing to anyone’s IP address. To fix this, point your A records or Name Servers to the server you’re trying to run AutoSSL on. You may need to wait up to 24 hours for your DNS records to populate. If you are using Cloudflare you will need to pause it to run the SSL. You can verify that it is populated via DNSChecker, Once verified try re-running AutoSSL.
DCV challenge returned no “TXT” record
Local DNS DCV error (domainname.com): The DNS query to “” for the DCV challenge returned no “TXT” record that matches the value “”.
This error means that the domain name is not pointing to the server’s IP address. To fix this, point your A records or Name Servers to the server you’re trying to run AutoSSL on. You may need to wait up to 24 hours for your DNS records to populate. If you are using Cloudflare you will need to pause it to run the SSL. You can verify that it is populated via DNSChecker, Once verified try re-running AutoSSL.
The content “” of the DCV (Domain Control Validation) file
Local HTTP DCV error (domain.com): The content “...” of the DCV (Domain Control Validation) file, as accessed at “...”, did not match the expected value. The domain “...” resolved to an IP address “...” that does not exist on this server."
This error means that the domain name is not pointing to the server’s IP address. To fix this, point your A records or Name Servers to the server you’re trying to run AutoSSL on. You may need to wait up to 24 hours for your DNS records to populate. If you are using Cloudflare you will need to pause it to run the SSL. You can verify that it is populated via DNSChecker, Once verified try re-running AutoSSL.
The cPanel Store returned an error (X::TemporarilyUnavailable)
[WARN] The system failed to acquire a signed certificate from the cPanel Store because of the following error: (XID kuh2k3) The cPanel Store returned an error (X::TemporarilyUnavailable) in response to the request “POST ssl/certificate/whm-license/90-day”: We were unable to process your request. Please try again later.
This error means that the AutoSSL backend servers were not able to process the request. This happens when LetsEncyrpt is due maintenance or more commonly when the servers are currently overloaded. To fix this, wait about 15 minutes and rerun the AutoSSL again if it fails again you will need to try at a later time when the servers aren’t overloaded.
The cPanel Store returned an error (X::AuthenticationFailure)
"AutoSSL failed to request an SSL certificate for “DOMAIN” because of an error: (XID 622yab) The cPanel Store returned an error (X::AuthenticationFailure) in response to the request “POST ssl/certificate/free”: Unauthorized"
This error can be caused by the license file being outdated or not being able to be updated due to ports being filtered .etc. To fix this try running the following license check script to update the license file:/usr/local/cpanel/cpkeyclt
.Then try running AutoSSL again.
CERTIFICATE_IS_EXTERNALLY_SIGNED
Impediment: CERTIFICATE_IS_EXTERNALLY_SIGNED: The certificate is neither self-signed nor from AutoSSL.
AutoSSL does not replace externally issued certificates. This prevents Extended Validation and Organization Validated certificates from being replaced. If you wish AutoSSL to replace these certificates if they are invalid or expire within three days. Follow the below steps:
- Log into WHM as Root.
- In the left-hand menu navigate to SSL/TLS > Manage AutoSSL.
- Select the “Options” tab.
- Enable the “Allow AutoSSL to replace invalid or expiring non-AutoSSL certificates” option.
- Select the “Save” button.