Occasionally we will get complaints that the Encryption Everywhere SSL will not install for a certain domain in a customer's hosting plan. This article will cover reasons that may cause this and how to troubleshoot this issue.
Reasons Encryption Everywhere does not install for a domain:
- Domain is not connected to the hosting plan with its DNS records - If the domain is not correctly pointing to the hosting plan with its DNS records the EE SSL will not install.
- There is already another SSL in place - If the customer already has a previous SSL in place, the EE SSL cannot install
- The authentication file path does not exist, or is not accessible - When the EE tries to install, it will create a temporary validation file in the file structure for the domain. If it is unable to do this the EE SSL cannot install. We will cover this in greater detail later in this guide.
- The domain is not passing the automatic validation - There are some keywords in domains that will prevent the installation from installing on them. We don't have a list of those keywords, but if a domain triggers that, the EE SSL will not install for the domain, and they would need to purchase an SSL separately.
1. Ensure that the domain is correctly connected to the Name.com hosting plan. To do this, go to MyAccount>>WebHosting to see the IP address for the customer's Name.com hosting plan. You will then need to do a DIG command on the domain to ensure that it is connected to that IP address. For example, if the hosting server IP is 220.127.116.11, you would do DIG domain.com in your terminal, and it should show that it is being connected to that IP address. Don't go off of just the DNS management section in the customers account, because they could have other name servers in place or some other issue that is preventing the DNS from propagating.
2. Next, make sure that there is not another SSL already in place for this domain. To do that, login to the customer's cPanel and choose the SSL/TLS option, and then click Manage SSL Sites. This will list all of the SSLs that the customer has installed in their cPanel. If you see an SSL already installed for the domain you are trying to install the EE SSL for, it will prevent the installation. If the customer gives approval, you can uninstall this SSL and push the EE SSL installation again. There will be an uninstall button to install the SSL here.
If you do that and need to push the EE SSL installation again, choose the SSL/TLS Status option in your cPanel. You will then click the "Run AutoSSL" button. This will prompt the system to run the EE SSL installation again.
Note: The EE installations can take up to 48 hours. We always tell people that time frame for DNS propagation, but it rarely takes more than 15 minutes. However, these EE installations actually take at least 24 hours, and sometimes up to 48 to install.
3. If the domain is correctly connected to their hosting plan, and does not have another SSL in place, they most likely have something in their content that is preventing the EE SSL installation. When the EE SSL installation runs, it creates a temporary validation file in the customer's hosting content. That files is created in this directory:
If you are unsure of the directory for the domain, go to the Addon Domains option in the customer's cPanel. It will show the directory for the domain. If it is their primary domain, the directory will be the public_html folder.
If any part of this directory does not exist in the customers File Manager, the EE SSL cannot install the validation files that it needs to, and the EE SSL installation will fail. When that happens, you will see an error message like this:
The customer could also have the correct directories in place in their File Manager, but not have read/write capabilities enabled for it. This will also cause a failure. If the customer has a customer 404 error configuration in their hosting content it will prevent the EE installation from finding this file as well. WordPress installations could also be configured in a way to prevent the EE installation from accessing this file. In the end, we can't troubleshoot the reason that the customer's content is preventing the installation, but if you see an error message like this you can provide some of these above reasons to the customer so that they can resolve the issue with their content. Once they resolve the issues, push the EE installation again using the steps provided in steps 2.
4. If you are seeing a different error in SSL/TLS Status section or the customer is confident that they do not have a redirect in place, their domain name may be flagging something in the EE system. The EE system has certain words or phrases that, if they are in the domain name, will prevent the EE installation. We don't have a list of those phrases, but they are terms regarding security so maybe "bank" or "validation" could be words on that list. If you believe that is the issue preventing the EE SSL installation, we would need to double check with Dev to confirm that. If you suspect this is the issue, ask a guru for approval to PIV the issue and then Dev can clarify that for us.
If the EE installation is failing due to this reason, the customer will need to purchase a separate SSL. We do not have a workaround for this situation, and will not provide a free SSL in the event that the EE SSL does not function with their domain.