After installing an external certificate, AutoSSL will no longer replace the certificate even if it is set to expire.
This is a feature of AutoSSL to prevent EV and OV certificates from being replaced.
The entire error:
Impediment: CERTIFICATE_IS_EXTERNALLY_SIGNED: The certificate is neither self-signed nor from AutoSSL.
There is a setting that can be modified to stop this behavior and enable AutoSSL to replace these certificates. When you enable this option, AutoSSL will install certificates that replace users’ non-AutoSSL certificates if they are invalid or expire within three days.
- Log into WHM
- Navigate to "Manage AutoSSL"
- Open the "Options" tab
- Enable "Allow AutoSSL to replace invalid or expiring non-AutoSSL certificates."
- Save your changes
- Re-run the AutoSSL check for the user that failed.