{"id":1037,"date":"2021-07-23T12:44:01","date_gmt":"2021-07-23T12:44:01","guid":{"rendered":"https:\/\/ssdsunucum.com\/blog\/manage-autossl\/"},"modified":"2021-07-23T12:44:01","modified_gmt":"2021-07-23T12:44:01","slug":"manage-autossl","status":"publish","type":"post","link":"https:\/\/ssdsunucum.com\/blog\/manage-autossl\/","title":{"rendered":"Manage AutoSSL"},"content":{"rendered":"<\/p>\n
\n
\n
\n

Valid for versions 88 through the latest version<\/em><\/p>\n<\/div>\n

\n

Version:<\/h4>\n

82<\/h4>\n

84<\/h4>\n

88<\/h4>\n<\/div><\/div>\n
\n

Overview<\/h2>\n

This interface allows you to manage the AutoSSL feature, which automatically installs domain-validated SSL certificates for the Apache\u00ae, Dovecot, Exim, Web Disk, and cPanel Server services for users\u2019 domains. It also allows you to review the feature\u2019s log files and select which users receive AutoSSL certificates.<\/p>\n

\n
Note:<\/div>\n
\n

When AutoSSL runs, the system performs a preflight check. This check adds a Certificate Authority Authentication (CAA) record in the domain\u2019s zone file before<\/strong> AutoSSL orders a new certificate for that domain.<\/p>\n<\/p><\/div>\n<\/div>\n

Provider information<\/h2>\n

The following information displays at the top of this interface:<\/p>\n

    \n
  • \n

    Current Provider<\/em> \u2014 Your current AutoSSL provider.<\/p>\n<\/li>\n

  • \n

    Provider Account ID<\/em> \u2014 Your account identification for your AutoSSL provider. If the selected provider does not have an account ID, the interface does not<\/strong> display this information.<\/p>\n<\/li>\n

  • \n

    Run AutoSSL for All Users<\/em> \u2014 Click to run the AutoSSL feature for all users for whom you enabled the feature.<\/p>\n

    \n
    Note:<\/div>\n
    \n
      \n
    • The system runs the AutoSSL feature for all users at the following times:\n
        \n
      • When it performs nightly system updates via the \/usr\/local\/cpanel\/scripts\/upcp<\/code> script.<\/li>\n
      • From the task queue after you create an account. AutoSSL examines the system\u2019s SSL coverage and requests certificates from the configured provider to improve the system\u2019s SSL coverage.<\/li>\n<\/ul>\n<\/li>\n
      • To run the AutoSSL feature for all users via the command line, run the \/usr\/local\/cpanel\/bin\/autossl_check --all<\/code> command.<\/li>\n<\/ul><\/div>\n<\/div>\n<\/li>\n<\/ul>\n

        AutoSSL providers<\/h3>\n

        The cPanel (powered by Sectigo) provider<\/h4>\n

        By default, the system uses the cPanel (powered by Sectigo)<\/em> provider. Your cPanel license includes this free provider.<\/p>\n

        \n
        Note:<\/div>\n
        \n
          \n
        • \n

          This provider requires outbound access to the store.cpanel.net<\/code> server over port 443<\/code>. For more information, read our How to Configure Your Firewall for cPanel & WHM Services documentation.<\/p>\n<\/li>\n

        • \n

          Certain factors may cause longer wait times. Under some conditions, these certificates may require up to 48 hours to process.<\/p>\n<\/li>\n

        • \n

          This provider does not<\/strong> support wildcard domains.<\/p>\n<\/li>\n<\/ul><\/div>\n<\/div>\n

          The system automatically polls this provider to determine each pending certificate\u2019s status:<\/p>\n\n\n\n\n\n\n\n\n\n
          Age of certificate request<\/th>\nPolling frequency<\/th>\n<\/tr>\n<\/thead>\n
          Less than 30 minutes.<\/td>\nOnce every two minutes.<\/td>\n<\/tr>\n
          After 30 minutes.<\/td>\nOnce every ten minutes.<\/td>\n<\/tr>\n
          After one hour.<\/td>\nOnce every 30 minutes.<\/td>\n<\/tr>\n
          After four hours.<\/td>\nOnce every hour.<\/td>\n<\/tr>\n
          After one day.<\/td>\nOnce every 12 hours.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n
          \n
          Important:<\/div>\n
          \n

          This provider does not<\/strong> request additional signed certificates for a virtual host when:<\/p>\n

            \n
          • \n

            The virtual host has a pending signed certificate request.<\/p>\n<\/li>\n

          • \n

            There is an existing signed certificate for the virtual host.<\/p>\n<\/li>\n

          • \n

            The virtual host\u2019s certificate has not<\/strong> expired.<\/p>\n<\/li>\n<\/ul><\/div>\n<\/div>\n

            The Let\u2019s Encrypt plugin<\/h4>\n

            If you do not want to use the default AutoSSL provider, you can use the Let\u2019s Encrypt\u2122 plugin. This plugin allows AutoSSL to use Let\u2019s Encrypt as the AutoSSL certificate provider. For more information, read our Let\u2019s Encrypt Plugin documentation.<\/p>\n

            Providers<\/h2>\n

            The AutoSSL Providers<\/em> tab allows you to select which provider you want to manage your AutoSSL certificates. Click Show\/Hide Details<\/em> to view a table with information about each provider. The system rates providers with a star icon. The system also determines a rating based on a provider\u2019s AutoSSL management capabilities.<\/p>\n

            For example, an AutoSSL provider with a six-star score may look like the following:<\/p>\n<\/p>\n


            \n
            \n<\/center><\/p>\n

            The system assigns the cPanel (powered by Sectigo)<\/em> provider\u2019s Usability Score by its ability to:<\/p>\n

              \n
            • Support the \u201chttp<\/em>\u201d and \u201cdns<\/em>\u201d Domain Control Validation (DCV) method (two stars for each Ancestor DCV-supported DCV method, for a total of four stars).<\/li>\n
            • Provide 1,000 domains per certificate (one star).<\/li>\n
            • Offer an average delivery time of two minutes (one star).<\/li>\n
            • Provide an unlimited<\/em> number of certificates per registered domain per week (one star).<\/li>\n<\/ul>\n

              The Show\/Hide Details<\/em> table contains the following:<\/p>\n

                \n
              • \n

                Provider<\/em> \u2014 The AutoSSL provider. Select Disabled to disable the AutoSSL feature.<\/p>\n<\/li>\n

              • \n

                Usability Score<\/em> \u2014 The total score of a provider, which its AutoSSL capabilities determine. This score is the sum of each provider\u2019s DCV Methods: Ancestor DCV Support<\/em>, Domains per Certificate<\/em>, Average Delivery Time<\/em>, Maximum Number of Redirects<\/em>, Rate Limit<\/em>, and Wildcard Support<\/em> capabilities. A provider can attain a rating up to nine stars.<\/p>\n<\/li>\n

              • \n

                DCV Methods<\/em> \u2014 The DCV methods that the provider offers. A provider can receive a total of two stars per DCV method if they support Ancestor DCV. If they do not support Ancestor DCV, the provider receives one star per DCV method.<\/p>\n<\/li>\n

              • \n

                Ancestor DCV Support<\/em> \u2014 Whether the successful DCV of a parent domain implies success of a subdomain. For example, if the example.com<\/code> domain succeeds, then the DCV for the store.example.com<\/code> subdomain is unnecessary.<\/p>\n<\/li>\n

              • \n

                Domains per Certificate<\/em> \u2014 The number of unique domains per certificate. A provider can receive a total of one star.<\/p>\n<\/li>\n

              • \n

                Delivery Method<\/em> \u2014 The means through which the provider issues a certificate, via the api, queue, or Unspecified method.<\/p>\n<\/li>\n

              • \n

                Average Delivery Time<\/em> \u2014 The amount of time the provider requires to issue a certificate, if specified. A provider can receive a total of one star.<\/p>\n<\/li>\n

              • \n

                Validity Period<\/em> \u2014 The period of time before the certificate expires, or Unspecified.<\/p>\n<\/li>\n

              • \n

                Maximum Number of Redirects<\/em> \u2014 The maximum number of redirects a domain can use and still pass an HTTP-based DCV. A provider can receive a total of one star.<\/p>\n<\/li>\n

              • \n

                Rate Limit<\/em> \u2014 The number of certificates the provider registers per domain per week, or Unspecified. A provider can receive a total of one star.<\/p>\n<\/li>\n

              • \n

                Wildcard Support<\/em> \u2014 Whether the provider supports wildcard domains. A provider can receive a total of one star.<\/p>\n<\/li>\n<\/ul>\n

                Terms of Service<\/h3>\n

                If the AutoSSL provider requires a Terms of Service or other similar agreement, review it and select the appropriate checkbox to agree to those terms.<\/p>\n

                \n
                Note:<\/div>\n
                \n

                If a provider updates their Terms of Service, you may need to return to this interface to agree to them.<\/p>\n<\/p><\/div>\n<\/div>\n

                Options<\/h2>\n

                The Options<\/em> tab allows you to configure various options for AutoSSL.<\/p>\n

                Notifications<\/h3>\n

                The notification options allow you to select the frequency at which your users receive AutoSSL-related notifications.<\/p>\n

                \n
                Note:<\/div>\n
                \n
                  \n
                • \n

                  Some of these options remove the corresponding notification option in cPanel\u2019s Contact Information<\/em> interface (cPanel<\/em> >> Home<\/em> >> Preferences<\/em> >> Contact Information<\/em>). For example, if you disable the Notify the user for all AutoSSL events and normal successes<\/em> user notification setting, this option is unavailable to your cPanel users.<\/p>\n<\/li>\n

                • \n

                  These options override the user\u2019s current settings.<\/p>\n<\/li>\n<\/ul><\/div>\n<\/div>\n

                  User Notifications<\/h4>\n

                  You can select from the following notification options for your cPanel users:<\/p>\n

                    \n
                  • \n

                    Notify the user for all<\/strong> AutoSSL events and normal successes.<\/em><\/p>\n<\/li>\n

                  • \n

                    Notify the user for AutoSSL certificate request failures, warnings, and deferrals.<\/em><\/p>\n<\/li>\n

                  • \n

                    Notify the user for AutoSSL certificate request failures only<\/strong>.<\/em><\/p>\n<\/li>\n

                  • \n

                    Disable AutoSSL user notifications.<\/em><\/p>\n<\/li>\n<\/ul>\n

                    This setting defaults to Notify the user for AutoSSL certificate request failures, warnings, and deferrals.<\/em><\/p>\n

                    Administrator Notifications<\/h4>\n

                    You can select from the following notification options for your reseller and WHM users:<\/p>\n

                      \n
                    • \n

                      Notify the administrator for all<\/strong> AutoSSL events and normal successes.<\/em><\/p>\n<\/li>\n

                    • \n

                      Notify the administrator for AutoSSL certificate request failures, warnings, and deferrals.<\/em><\/p>\n<\/li>\n

                    • \n

                      Notify the administrator for AutoSSL certificate request failures only<\/strong>.<\/em><\/p>\n<\/li>\n

                    • \n

                      Disable AutoSSL administrator notifications.<\/em><\/p>\n<\/li>\n<\/ul>\n

                      This setting defaults to Notify the user for AutoSSL certificate request failures, warnings, and deferrals<\/em>.<\/p>\n

                      Allow AutoSSL to replace invalid or expiring non-AutoSSL certificates<\/h3>\n

                      This option allows AutoSSL to replace certificates that the AutoSSL system did not<\/strong> issue. When you enable this option, AutoSSL will install certificates that replace users\u2019 non-AutoSSL certificates if they are invalid or expire within three days.<\/p>\n

                      \n
                      Important:<\/div>\n
                      \n
                        \n
                      • \n

                        Unless you fully understand this option, do not<\/strong> enable it, because the system may unexpectedly replace an expiring or invalid Extended Validation (EV) or Organization Validated (OV) certificate with a Domain Validated (DV) certificate.<\/p>\n<\/li>\n

                      • \n

                        Users\u2019 non-AutoSSL certificates are paid, and should be replaced by another paid certificate.<\/p>\n<\/li>\n<\/ul><\/div>\n<\/div>\n

                        Logs<\/h2>\n

                        Use the Logs<\/em> tab to review the system\u2019s AutoSSL log files. To view a specific log, select it from the menu and click View Log<\/em> to display the its information.<\/p>\n

                        \n
                        Note:<\/div>\n
                        \n

                        The system stores the log files in both text and JSON format in the \/var\/cpanel\/logs\/autossl<\/code> directory.<\/p>\n<\/p><\/div>\n<\/div>\n

                        Manage Users<\/h2>\n

                        The Manage Users<\/em> tab allows you to override your server\u2019s feature list settings and control whether AutoSSL is enabled for your users. Use the search text box to locate specific users, or use the check box and menu to select all users or clear your current selections.<\/p>\n

                        \n
                        Note:<\/div>\n
                        \n

                        User feature lists may differ, based on the user\u2019s assigned package. For more information, read our Feature Manager documentation.<\/p>\n<\/p><\/div>\n<\/div>\n

                        You can select from the following Toggle AutoSSL options for individual users and select users:<\/p>\n

                          \n
                        • \n

                          Enable AutoSSL on selected users<\/em> \u2014 Override the feature list setting and force AutoSSL to be enabled.<\/p>\n<\/li>\n

                        • \n

                          Disable AutoSSL on select users<\/em> \u2014 Override the feature list setting and force AutoSSL to be disabled.<\/p>\n<\/li>\n

                        • \n

                          Reset AutoSSL on selected users<\/em> \u2014 Use setting established by the feature list\u2019s default setting. For more information, read our Feature Manager documentation.<\/p>\n<\/li>\n<\/ul>\n

                          Run AutoSSL Check<\/h3>\n

                          You can use the Check<\/em> button to perform a domain check for a specific user.<\/p>\n

                          Pending Queue<\/h2>\n

                          The Pending Queue<\/em> section of the interface lists the status and the details of the pending AutoSSL jobs on your server. Use the navigation controls at the top of the table to sort and search through the list.<\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"

                          Valid for versions 88 through the latest version Version: 82 84 88 Overview This interface allows you to manage the AutoSSL feature, which automatically installs domain-validated SSL certificates for the Apache\u00ae, Dovecot, Exim, Web Disk, and cPanel Server services for users\u2019 domains. It also allows you to review the feature\u2019s log files and select which …<\/p>\n","protected":false},"author":1,"featured_media":1038,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/posts\/1037"}],"collection":[{"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/comments?post=1037"}],"version-history":[{"count":0,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/posts\/1037\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/media\/1038"}],"wp:attachment":[{"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/media?parent=1037"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/categories?post=1037"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/tags?post=1037"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}