SSL in cPanel: Enable HTTPS with AutoSSL and Fix Common Certificate Issues¶
SSL is what turns http:// into https://. It protects logins, payments, and customer trust.
In 2025, HTTPS is not optional. It is the baseline.
This guide focuses on cPanel AutoSSL and the most common failure points.
Before you start¶
AutoSSL can only issue a certificate if: - Your domain resolves to the correct server IP - The website is reachable for domain validation - DNS allows validation (no broken CAA policies)
Related: - Point your domain to GOZEN HOST (nameservers & DNS)
Step 1: Confirm DNS points to the correct server¶
- Make sure your domain is pointed to GOZEN HOST (nameservers or A record).
- Wait for DNS propagation if you just changed it.
- Confirm your website loads on the expected server.
Fast sanity check
If you changed DNS today, do not try to brute-force SSL immediately. DNS must settle first.
Step 2: Check SSL status in cPanel¶
- Log in to cPanel.
- Open SSL/TLS Status (sometimes under "Security").
- Find your domain(s).
You should see: - A certificate installed, or - A status indicating SSL can be installed / needs attention
Step 3: Run AutoSSL (if available)¶
Depending on how your hosting is configured, you may see an option to run AutoSSL manually.
- In SSL/TLS Status, select the domains.
- Click Run AutoSSL (if shown).
- Wait for completion and refresh the page.
If you do not see the button, AutoSSL may run automatically on a schedule or be controlled at the server level. If you need it issued urgently, open a ticket.
Step 4: Force HTTPS for your website¶
Option A: Use cPanel “Force HTTPS Redirect” (recommended)¶
- Open Domains in cPanel.
- Find the domain.
- Enable Force HTTPS Redirect.
Option B: Use an .htaccess redirect (Apache)¶
Add this to your website root .htaccess (typically public_html/.htaccess):
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
Be careful with redirects
If your site is behind a proxy or uses a CDN, forcing HTTPS incorrectly can cause redirect loops. If that happens, revert the change and contact support.
Step 5: Fix “Not Secure” after SSL is installed (mixed content)¶
Your certificate can be valid and the browser can still show warnings if the site loads assets via http://.
Common fixes:
- Update WordPress Site URL and Home URL to https://
- Replace hardcoded http:// links in themes and page builders
- Regenerate caches (plugin cache, server cache, CDN cache)
Quick verification¶
Browser check¶
- Open the site in an incognito window
- Confirm the padlock icon shows a valid certificate
CLI check (advanced)¶
From a Linux terminal:
echo | openssl s_client -servername example.com -connect example.com:443 2>/dev/null | openssl x509 -noout -issuer -subject -dates
Replace example.com with your domain.
Troubleshooting¶
AutoSSL fails with DCV or DNS related errors¶
Usually: - Domain points to the wrong IP - Validation cannot reach the site - CAA records restrict issuance
Fix: - Confirm DNS is correct: Nameservers & DNS - Remove or update restrictive CAA records if you set them intentionally
Certificate installed but HTTPS shows the wrong site¶
Usually: - Domain points to a different server - Misconfigured vhost or addon domain mapping
Fix: - Re-check domain mapping in cPanel "Domains" - Contact GOZEN HOST support with your domain and expected document root
Redirect loop after forcing HTTPS¶
Fix:
- Disable Force HTTPS Redirect
- Remove the .htaccess rules you added
- Tell support if you are behind a proxy/CDN
Summary¶
- SSL works when DNS is correct
- AutoSSL issues certificates automatically when validation succeeds
- Force HTTPS for consistency
- Fix mixed content to remove browser warnings