This article will explain SSL certificate renewals and issues that may occur when requesting a renewal. The SSL certificates installed from the WPX control panel are free and provided by Let’s Encrypt. Those certificates are automatically renewed.
SSL Certificate Renewal Period.
The SSL certificates provided by Let’s Encrypt are valid for 90 days. They are automatically renewed by our system every 2 months and a half to avoid any manual work.
Configuration issues preventing automatic SSL renewal.
Some issues may occur when trying to renew your SSL certificate due to your site’s configuration. You will receive an email for the failed renewal attempt to your WPX account email address. Let’s take a look at the possible reasons for renewal failure.
We will address the main configurations that may prevent your SSL certificate from automatic renewal.
If you have a redirect set to redirect your site to another URL e.g. (301/302 redirects), the SSL may not be renewed automatically.
Using third-party CDN providers.
If you are using third-party CDN providers such as Cloudflare.
This is a guide that will help you configure your website with Cloudflare and successfully renew your SSL certificate.
If your domain is set to forward to a different URL in your domain registrar, the SSL certificate cannot be renewed automatically.
Domain Forwarding option will do the same as .htaccess / plugin redirects but on a Registrar level. You will need to remove Domain Forwarding from your domain options to renew the SSL certificate for your website successfully.
Missing DNS records to point the website to the correct IP Address (A records/ NS records).
To be able to use the SSL certificates provided by us, and renew those automatically, the domain name should be pointed to WPX hosting. By default, the SSL certificates are installed for the @ (same as domain) and the www version of your website. If some of the A records are pointed to a different provider (such as Shopify), your SSL certificate cannot be automatically renewed. In such cases, you can use a custom SSL, to install it on the website that is pointed to us.
Having DNSSEC enabled in your domain registrar is an option for hiding Who.IS information and additional security on your domain on a registrar level.
If you get stuck with anything discussed on this page, please get in touch with the WPX Support Team via live chat (use the bottom right-hand widget) and they will respond and help within 30 seconds or less.