Introduction #
It is of utmost importance to keep your SSL certificates renewed when they are about to expire as the consequence of the expiration would mean the complete inaccessibility of the sites that are utilizing them. The WHM control panel has the “Manage AutoSSL” feature that provides free SSL certificates for your domains. Not only that but those certificates that are about to expire or are insufficient to provide the expected level of security will be renewed or respectively replaced. Without further ado, let’s get right into this tutorial.
Accessing the Manage AutoSSL feature #
As with all other WHM control panel features you need to first log into the WHM service for your VPS or Dedicated Server. If you are not sure how to do that, please check our How to Access WHM tutorial. After you have logged in, please use the search field on the left side of the page and type “Manage AutoSSL”.
When the single result presents itself below the search bar, click on the “Manage AutoSSL” link in order to be redirected to the desired page.
Selecting your AutoSSL provider and configuring it #
When you land on the “Manage AutoSSL” page, you will see a brief description of the feature on the top of the page. Underneath, you will see a blue box containing information about the current AutoSSL provider and the “Run AutoSSL for All Users” button.
Please press the “Run AutoSSL For All Users” button in order to apply the AutoSSL feature for all of the users utilizing the functionality.
Below this blue bar section, you will see five tabs – “Providers”, “Options”, “Logs”, “Manage Users”, and “Pending Queue”. The one chosen by default will be the “Providers” tab so let’s discuss it first.
The Providers Tab #
In this tab, you will be able to select the AutoSSL provider for your server. At this point, WHM supports only two providers – cPanel (powered by Sectigo) and Let’sEncrypt™.
- cPanel (powered by Sectigo) – This provider needs to be able to access the store.cpanel.com hostname at all times, thus its IP address should be allowed within the FireWall if such exists to ensure that there are no issues when requesting an SSL certificate. A downside of this vendor is that under some circumstances it could take up to 48 hours to issue an SSL certificate.
- Let’sEncrypt™ – In order to be able to use this vendor, a plugin needs to be installed on the server. As always, our technical support is 24/7 available and will be more than happy to assist you with that. The positives of this vendor include the speed at which the certificates are being generated (usually around 5 seconds) and the fact that WildCard SSL certificates can be issues as well.
In order to select a provider, please use the radio button located on the left side of each of the listed providers. If you want to disable this feature, please select the “Disabled” option.
When a provider is selected or if the AutoSSL service is disabled, please press the “Save” button located on the bottom of the page to save your settings.
The Options Tab #
In order to access this tab, please click on the “Options” tab located on the right side of the “Providers” tab.
When you land on the “Options” tab, underneath you will find the “AutoSSL Options” heading, and below that you will see three sections. The first one is “User Notifications”. Here are the options it provides:
- Notify the user for all AutoSSL events and normal successes.
- Notify the user for AutoSSL certificate request failures, warnings, and deferrals.
- Notify the user for AutoSSL certificate request failures only.
- Disable AutoSSL user notifications.
In order to select one of the options, please use the radio button located on the left side of each option.
The second section is the “Administrator Notifications” section. Below you will find the options it contains:
- Notify the administrator for all AutoSSL events and normal successes.
- Notify the administrator for AutoSSL certificate request failures, warnings, and deferrals.
- Notify the administrator for AutoSSL certificate request failures only.
- Disable AutoSSL administrator notifications.
To select an option, please use the radio button located on the left side of each of the available options.
The last section in this tab has a checkbox inside it. When selected, it will replace ALL invalid or expiring non-AutoSSL certificates, regardless of the CA that issued them, 3 days before they expire. Please, DO NOT select it unless you completely understand and agree to the consequence it can bring. It will not respect the certificate even if it is an Extended Validation(EV), Organization Validation(OV), or Domain Validation(DV) SSL certificate.
When you have chosen all the desired options on this page, please press the “Save” button located at the bottom of the screen.
The Logs Tab #
This tab may be accessed when you press on the “Logs” tab located on the right side of the “Options” tab.
When redirected there you will see an “AutoSSL Logs” heading and below, a content box containing all the AutoSSL provider logs that go back 30 days. In order to review a given log, please select it by clicking on the log itself and then press the “View Log” button, located under the content box.
This log will help you track down issues related to SSL certificates not renewing or issuing properly.
The Manage Users Tab #
In order to access this tab, please click on the “Manage Users” tab located on the right side of the “Logs” tab.
When you are taken there, on the top you will see a search field. You may use it to filter out the users to whom you would like to perform changes regarding the AutoSSL functionality.
Under this search field, you will find a table section populated with the users on the server. You will also find the following AutoSSL options:
- Enable AutoSSL – This will enable the feature for this specific user.
- Disable AutoSSL – This will disable the feature for this specific user.
- Reset to Feature List Setting – This is the default setting which will be based on the configuration you have inside the list of features. For more information regarding the features, please refer to the Feature Manager tutorial.
In order to select an option from this list, please use the radio button located underneath the “Toggle AutoSSL” column.
The Pending Queue Tab #
In order to gain access to this tab, please click on the “Pending Queue” tab located on the right side of the “Manage Users” tab.
Inside you will typically find the status and the details of the pending AutoSSL jobs on your server. There is a search bar underneath the “AutoSSL Pending Queue” label, which you can use to filter the currently running jobs, based on the domain or user.
There you have it! All of the important details surrounding the “Manage AutoSSL” feature in the WHM control panel. It is a really neat functionality that with very little effort can guarantee that all of your SSL certificates will be renewed when they are about to expire. If you are having issues with this feature or you are unable to configure the AutoSSL to your liking, please give our Technical Support a try. They are 24/7 available through the ticketing system in your Client Area.