It is only available when using DNS-based validation (which is a decision left to the end-user)
You may need to tune the DNS Challenge Delay if your hosting environment has large DNS clusters or a high zone count.
FEATURE: DNS-based validation is now available and is no longer a feature preview.
This is an alternative to the default, HTTP-based validation method
Both HTTP and DNS methods are available on all new and upgraded installations, but can be controlled by the WHM administrator.
The HTTP method remains the default option for new certificate issuances and the recommended option for most users
The HTTP method remains the only option for certificates issued via the AutoSSL feature
End-users may choose which validation method to use on a per-certificate basis
IMPROVEMENT: The AutoSSL feature has been significantly extended:
It will now try to include cPanel proxy subdomains e.g. webmail., cpanel., webdisk. This can be disabled by the autossl_skip_proxy_subdomains configuration flag
AutoSSL will stop retrying domains that fail continuously for an extended period.
AutoSSL will try to issue certificates for virtual hosts without a valid or imminently expiring certificate (48h). Previously, it would refuse to run on any account
that had any third-party certificates.
AutoSSL remains disabled by default.
IMPROVEMENT: Renewals that fail repeatedly are now subject to a number of inhibitions.
Only 1 email every 2 days, at most, will be sent per certificate
Failing renewals now follow a linear back-off after a threshold.
After 10 consecutive renewal failures (~5 days), a delay of max(1 week, (12 hours * max(0, Fail_Count - 10))) is applied at each attempt. This is reset after a successful renewal.
This is designed to deprioritize abandoned accounts/domains and save server and CA/rate limit resources.
It is always possible to immediately re-issue the certificate from the user interface.
MISC: The ACME client implementation has been completely rewritten for ACME v2
This should be fully compatible with all existing accounts and certificates and there should be no perceptible difference to end-users.