Skip to main content

We're currently improving our systems to provide you with a new, more unified login experience.

AutoSSL fails to generate certificates with "CERTIFICATE_IS_EXTERNALLY_SIGNED" error

Alex Jankowiak
  • Updated

After installing an external certificate, AutoSSL will no longer replace the certificate even if it is set to expire.

 

Description 

This is a feature of AutoSSL to prevent EV and OV certificates from being replaced.

 

The entire error:

 

 Impediment: CERTIFICATE_IS_EXTERNALLY_SIGNED: The certificate is neither self-signed nor from AutoSSL.

 

Workaround

There is a setting that can be modified to stop this behavior and enable AutoSSL to replace these certificates. When you enable this option, AutoSSL will install certificates that replace users’ non-AutoSSL certificates if they are invalid or expire within three days.

  1. Log into WHM
  2. Navigate to "Manage AutoSSL"
  3. Open the "Options" tab
  4. Enable "Allow AutoSSL to replace invalid or expiring non-AutoSSL certificates."
  5. Save your changes
  6. Re-run the AutoSSL check for the user that failed.

Related articles