CPanel AutoSSL Did Not Renew on a Domain with Cloudflare configured

You may receive some warning in an email from your cPanel with error that look something like this after you have enabled and and moved your DNS servers over to Cloudflare. This occurs after enabling the option in Cloudflare to always use HTTPS.

Errors in this case in cPanel reported: 

DNS DCV: No local authority: “domain.com.au”; HTTP DCV: “cPanel (powered by Sectigo)” forbids DCV HTTP redirections.

The Fix

It is likely that you have enabled the feature in Cloudflare to “Always Use HTTPS” (which you would think is safe) but in this case it will cause this error. It needs to be disabled for a simple fix.

In Cloudflare after logging in and selecting the domain in question, open up the SSL/TSL Menu and select Edge Certificates.

 

Then select “Always Use HTTPS” to Off.

 

Then return to your cPanel SSL/TLS Status and rerun the Auto SSL process. This time it should fix the issue.

 

That is about it. There are technically ways to enable them to play together if you need to enable this option but consider that you can still enable the “Force HTTPS Redirects” in cPanel Domain settings to ensure that you site is always being accessed via the HTTPS connection. This is seperate to the similar named Cloudflare setting and still should give your site the security that users need. It is really only and advanced option to handle this in the Cloudflare setting.