AutoSSL not generating certificate for domains with previous external certificates (cPanel or ZeroSSL), even after expiration or deletion

Operating System & Version
CentOS v7.9.2009
cPanel & WHM Version


Apr 27, 2023
cPanel Access Level
Website Owner
Hello everyone,

I'm facing an issue with AutoSSL in cPanel for a domain that had a previously generated SSL certificate from an external source (cPanel or ZeroSSL). I've tried using both Sectigo and Let's Encrypt as the AutoSSL provider, but the certificate is not being generated for the domain in question (, even after the previous certificate has expired or has been manually deleted.

Here's the log snippet from the AutoSSL generation attempt:

00:00:00 AM AutoSSL’s configured provider is “Provider_Name”.
Analyzing “username”’s domains …
00:00:00 AM Analyzing “” (website) …
00:00:00 AM TLS Status: Incomplete
Certificate expiry: X/X/XX, 12:00 AM UTC (XX.XX days from now)
Impediment: CERTIFICATE_IS_EXTERNALLY_SIGNED: The certificate is neither self-signed nor from AutoSSL.
00:00:00 AM SUCCESS This user’s SSL coverage is already optimal.

It seems that the certificate for is causing an issue with AutoSSL and preventing it from generating a new certificate. I'm looking for a solution to resolve this issue and successfully generate an SSL certificate using AutoSSL.

Has anyone encountered a similar issue, and if so, how did you manage to resolve it? Any advice or suggestions would be greatly appreciated, especially since the problem persists even after the old certificate has expired or been removed.

Thank you in advance!


Jurassic Moderator
Staff member
Oct 19, 2014
cPanel Access Level
Root Administrator
Hey there! In WHM >> Manage AutoSSL under the "Options" tab, do you have the "Allow AutoSSL to replace invalid or expiring non-AutoSSL certificates" option selected? If not, the other SSLs will not be replaced on the system.

Can you check that and then we can go from there?