Skip to content

Potential Reduced AutoSSL Coverage

Receive an ugly email about AutoSSL coverage full of jargon? The good news is they're easy to fix, and we'll help translate what all the various errors mean below.

Potential Reduced AutoSSL Coverage errors

Potential reduced AutoSSL coverage emails tell you that one of your domains or subdomains was unable to have it's SSL certificate renewed using the free SSL certificate system Fused provides.

There are a few possible culprits, but the most frequent one is a domain name or subdomain is pointed to a 3rd party, for ex., a domain hosted at squarespace. For these domains, our system can't generate SSL certificates. You can exclude certificates from renewing, thus mitigating the error.

Let Fused Figure it out

We love to help clients, so you can always forward these emails directly to us at support@fused.com and we'll happily handle it at no charge. If you prefer to sort it yourself, the instructions & information are below.

Possible AutoSSL Reduced coverage errors & fixes

You can exclude domain names from the AutoSSL system preventing these errors from reoccurring. We'll explain possible errors below & appropriate steps.

Error What to do
The domain “example.com” resolved to an IP address “xxx.xxx.xxx.xxx” that does not exist on this server` This domain is hosted elsewhere, Exclude this certificate using the instructions below
“dev.example.com” does not resolve to any IP addresses on the internet. Exclude this certificate using the instructions below
Could not connect to xxx.xxx.xxx.xxx: Network is unreachable. This could mean the domain is hosted elsewhere, or that there was a glitch, contact fused so we can verify.
The new certificate lacks the following domain that the previous certificate secured Generally this occurs on development domains that have since changed, you can ignore it as long as no SSL errors are present. If there are, renew the certificate
There is no recorded error on the system for "example.com" All is well, nothing to do.

Excluding a domain from AutoSSL

  1. Login to cPanel for the related account.
  2. Navigate to SSL/TLS Status
  3. Find the various lines that state An error occurred the last time AutoSSL ran & select Exclude from AutoSSL beneath it.
  4. All set!

Renewing a certificate that failed AutoSSL

  1. Login to cPanel.
  2. Navigate to SSL/TLS Status
  3. Select the checkbox next to the relevant domain on the list, & then Run AutoSSL towards the top of the page.

If, for some reason that fails, you can remove & reinstall the certificate:

Removing & reinstalling a failed AutoSSL certificate

In circumstances where a certificate continues to fail renewal, you can remove & reinstall it, thus forcing it to use an entirely new certificate:

  1. Login to cPanel.
  2. Navigate to SSL/TLS, and then Manage SSL Sites
  3. Select Uninstall next to the relevant site. Accept the popup once you've verified it's the correct domain.
  4. Return to the main cPanel page (by clicking cPanel in the upper left) & navigate to SSL/TLS Status
  5. Select the checkbox next to the relevant domain on the list, & then Run AutoSSL towards the top of the page.
  6. The certificate will generate after about 1 minute and it should then show as valid through a particular date.

If it fails to for some reason, contact fused & we'll assist.


Last update: 2020-10-07