Let's Encrypt certificates are free SSL / TLS certificates, to provide a fully encrypted connection with user domain.
When the Let's Encrypt certificate is generated?
Let's Encrypt certificate is generated twice a day (every 12 hours), in case of hosting accounts, and once a day in case of dedicated and VPS servers, which we administer.
The exception to above is adding a new domain/subdomain to the hosting, where in this case, practically immediately attempts to generate a certificate.
What is required to generate Let's Encrypt certificate?
- The domain should be directed to our DNS servers,
- If not, the A record in the DNS zone should point to our servers. (Mainly when CloudFlare is configured)
Why don't I have Let's Encrypt certificate on my domain?
- The basic requirements for its generation was not met, which are described above,
- The certificate cannot authenticate itself, for example cause of: baseauth on the page, incorrect mod-rewrite rules interfering with paths used by Let's Encrypt,
- problems resulting from the use of CloudFront (the situation usually occurs just after the migration of domain to us),
- achieved one of many limits Let's Encrypt,
- you have a commercial certificate for domain/subdomain that has expired.
If despite everything, the certificate has still not been generated, please contact us via the Client Area.
For what period the Let's Encrypt certificate is being generated?
By default, certificate is issued for 90 days and automatically extended for another period.
When the Let's Encrypt certificate is renewed?
The attempt to renew an existing certificate starts 10 days before the expiry date of the current certificate.
The most common problems with SSL certificates on hostings.
When the domain is not on our DNS. After the A record is directed to our server you will see problems with SSL certificate, and in cPanel you will see errors such as:
DNS DCV: (XID 55jkbt) "<user>" does not control a domain named "*.<domain>".;
HTTP DCV: "cpanel.<domain>" does not resolve to any IP addresses on the internet.
This means that cPanel tries to generate certificates for subdomains
The solution to the problem will be to add the missing records to the DNS zone where the domain is located.