If your website uses Cloudflare together with cPanel AutoSSL, you may occasionally experience SSL renewal failures. This is usually caused by Cloudflare settings interfering with the domain validation process required for AutoSSL to issue or renew certificates.
This guide explains how to temporarily adjust your Cloudflare settings so AutoSSL can complete successfully.
Common AutoSSL Error
When AutoSSL fails, you may see an error similar to:
Local HTTP DCV error: The content of the DCV file did not match the expected value.
This normally occurs when Cloudflare is forcing HTTPS redirects or validating certificates too strictly before AutoSSL can finish verification.
The most common Cloudflare settings responsible are:
- Always Use HTTPS
- SSL/TLS Full (Strict) mode
Temporary SSL Mode Adjustment
Step 1 — Log into Cloudflare
- Sign into your Cloudflare account.
- Select the affected domain name.
Step 2 — Change SSL Mode
- Navigate to SSL/TLS.
- Under the Overview tab, locate your SSL mode.
- Change the SSL mode from:
Full (Strict)
to:
Full
This still keeps traffic encrypted while allowing AutoSSL to renew successfully.
Disable "Always Use HTTPS"
Step 1 — Open Edge Certificates
- Inside Cloudflare, go to SSL/TLS.
- Click the Edge Certificates tab.
Step 2 — Disable HTTPS Redirects
- Locate the setting called:
Always Use HTTPS
- Toggle this setting Off.
This prevents Cloudflare from redirecting validation requests during the AutoSSL renewal process.
Run AutoSSL in cPanel
- Log into your cPanel account.
- Open SSL/TLS Status.
- Click Run AutoSSL.
The renewal process may take several minutes to complete.
Optional: Re-enable Strict SSL Mode
Once AutoSSL successfully renews the certificate, you may switch Cloudflare back to:
Full (Strict)
if you prefer stricter origin certificate validation.
Many users choose to leave Cloudflare in standard Full mode to avoid future renewal interruptions.
Force HTTPS Using .htaccess
If you disabled Cloudflare's "Always Use HTTPS" feature, you can still force secure HTTPS connections directly from your hosting account.
Step 1 — Open File Manager
- Log into cPanel.
- Open File Manager.
- Navigate to your website directory, usually:
public_html
Step 2 — Edit the .htaccess File
Add the following rules to your .htaccess file:
RewriteEngine On RewriteCond %{HTTPS} off RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Save the changes once completed.
This will automatically redirect visitors to the secure HTTPS version of your website.
Additional Notes
- AutoSSL renewals can take several minutes to complete.
- Cloudflare cache may temporarily delay SSL updates.
- If SSL errors continue after renewal, clear your browser and Cloudflare cache.
Summary
If AutoSSL fails while using Cloudflare:
- Disable Always Use HTTPS
- Switch SSL mode from Full (Strict) to Full
- Run AutoSSL manually in cPanel
- Re-enable stricter settings afterward if desired
Following these steps typically resolves most Cloudflare and AutoSSL renewal issues.
