This article provides instructions on how to troubleshoot problems that may occur when you try to renew an SSL certificate on a Cloudflare-enabled domain.
When you try to renew an SSL certificate on a Cloudflare-enabled domain, the renewal fails. Specifically, when you go to the SSL/TLS page in the SECURITY section of the cPanel home screen, you see the following message:
DNS DCV: No local authority: “example.com”; HTTP DCV: “cPanel (powered by Sectigo)” forbids DCV HTTP redirections.
Similarly, if you have a reseller hosting account, when you go to the Manage AutoSSL page of the SSL/TLS section of WebHost Manager (WHM), you see the following message:
WARN Local HTTP DCV error (example.com): “cPanel (powered by Sectigo)” forbids DCV HTTP redirections.
To resolve this problem, you must disable forced HTTPS connections in the Cloudflare settings for the domain. If SSL renewals still fail, there are a few other Cloudflare settings you can check.
To fix SSL certificate renewals for a Cloudflare-enabled domain, follow these steps:
Click the SSL/TLS icon, and then click the Edge Certificates tab:
Click the slider to disable the Always Use HTTPS option:
SSL certificate renewals should now complete successfully. However, if they still fail, check the following settings in Cloudflare:
Subscribe to receive weekly cutting edge tips, strategies, and news you need to grow your web business.
No charge. Unsubscribe anytime.