This article will explain SSL certificate renewals and issues that may occur when requesting a renewal. The SSL certificates installed from the WPX control panel are free and provided by Let’s Encrypt. Those certificates are automatically renewed.
SSL Certificate Renewal Period
The SSL certificates provided by Let’s Encrypt are valid for 90 days. They are automatically renewed by our system every 2 months and a half to avoid any manual work.
Configuration issues that are preventing automatic SSL renewal
Some issues may occur when trying to renew your SSL certificate due to your site’s configuration. You will receive an email for the failed renewal attempt at your WPX account email address. Let’s take a look at the possible reasons for renewal failure.
We will address the main configurations that may prevent your SSL certificate from automatic renewal.
Website redirects
If you have a redirect set to redirect your site to another URL e.g. (301/302 redirects), the SSL may not be renewed automatically.
To successfully renew your certificate, you will need to remove the redirect code or rule from your configuration file (.htaccess) or your redirect plugin (if you are using one).
Using third-party CDN providers
If you are using third-party CDN providers such as Cloudflare.
This is a guide that will help you configure your website with Cloudflare and successfully renew your SSL certificate.
Domain forwarding.
If your domain is set to forward to a different URL in your domain registrar, the SSL certificate cannot be renewed automatically.
The Domain Forwarding option will do the same as .htaccess/plugin redirects, but on a Registrar level. You will need to remove Domain Forwarding from your domain options to renew the SSL certificate for your website successfully.
DNS configuration
Missing DNS records to point the website to the correct IP Address (A records/ NS records).
To be able to use the SSL certificates provided by us and renew those automatically, the domain name should be pointed to WPX hosting. By default, the SSL certificates are installed for the @ (same as domain) and the www version of your website. If some of the A records are pointed to a different provider (such as Shopify), your SSL certificate cannot be automatically renewed. In such cases, you can use a custom SSL to install it on the website that is pointed to us.
DNSSEC
Having DNSSEC enabled in your domain registrar is an option for hiding Who.IS information and additional security on your domain at the registrar level.
DNSSEC does not work properly with Let’s Encrypt SSL certificates. You will need to disable that option from your domain registrar to complete the renewal of the SSL Certificate.
Stuck at any point? Don’t worry, just click the live chat widget in the bottom-right, and one of our support agents will assist you in under 30 seconds.