cPanel® Blog

cPanel & WHM’s AutoSSL

Update: If you’re looking for information about integrating Let’s Encrypt via AutoSSL see this blog post: Let’s Encrypt with cPanel & WHM and AutoSSL

————-

Three and a half years ago (in a galaxy far, far away) cPanel began planning a feature that we hoped would make the entire internet safer and more secure. There have been a lot of changes, both in the industry and in the company, since then. It took significant re-writes of a lot of the systems inside cPanel & WHM and the cPanel store, but it’s finally here. In cPanel & WHM version 58 we welcome AutoSSL, and it is a fantastic addition to our list of features.

What is AutoSSL?

AutoSSL is the solution to one of the biggest pain points that exists for every cPanel & WHM user: SSL installation and renewal. With AutoSSL that pain goes away. There are no more forms to fill out, and no more certificates to manually copy into place. Once you enable AutoSSL, your websites are automatically secured with a freeDomain Validated SSL certificate. Perhaps more exciting is the fact that your coverage will never lapse, because at expiration time a new, free SSL is requested and automatically installed.

How do you enable AutoSSL?

Enabling is easy! In WHM navigate to the AutoSSL interface, and adjust the selected toggle to cPanel. Then click save.

Enabling AutoSSL

The server will automatically do the following:

  • Add a feature to WHM >> Packages >> Feature Manager named “AutoSSL”
  • Add a cronjob ( /etc/cron.d/cpanel_autossl ) to handle the downloading and installation of new SSL certificates for all of your hosted domains.

There are some limitations when dealing with very large numbers of domains that is outside cPanel’s control, which you can read about in our documentation.

Troubleshooting AutoSSL

If you have any problem with the application, you can view the logs for AutoSSL right from the WHM interface. After the first run of the cronjob you’ll see the logs listed in the ‘Logs’ tab. You can load the log by selecting the log file you’d like to view and clicking ‘View Log’.

Troubleshooting AutoSSL

What’s next for AutoSSL?

It looks like cPanel & WHM version 58 will make it to RELEASE next week, which means this feature will start popping up for more and more of our customers. One of the most highly requested additions to AutoSSL is support for Let’s Encrypt.

We’re also working on adding SNI support to cPanel, WHM, and Webmail. When that’s complete, the free SSLs will allow all cPanel, WHM, and webmail logins to use the domain SSLs, and resolve this feature request. That might not make it until cPanel & WHM version 62, but it’s definitely coming!

Upgrade now to take advantage of AutoSSL

AutoSSL was introduced as a new feature in v58, but if you’re still running CentOS 5 or CentOS 6 32-bit, you won’t be able to take advantage. cPanel & WHM v56 is the last to support CentOS 5. If you want the benefits of AutoSSL, it’s time to migrate! Our Server Configuration additions to the Transfer Tool make it easier than ever, so what’s holding you back? Your feedback is crucial to me! As always, email me or find me on twitter. I want to hear from you! 

benny Vasquez

scripter, crafter, cPanel's Community Manager. Facilitating communication between cPanel's amazing development team, and cPanel's amazing community. Find me on twitter: @cpaneldev

  • Ali

    Amazing feature. Thanks for making the internet safer.

    • cPanelbenny

      So glad you like it. Thanks for helping us making the internet safer. 🙂

  • Devi Kripa

    will autossl install in subdomain too?

    • cPanelbenny

      Yup!

      • Devi Kripa

        Dear… what u mean by “Yup!” … please use standard language… Honestly I can not understand… Please be serious…

        • cPanelbenny

          I’m very sorry for the use of slag. Yes, AutoSSL will install SSLs valid for configured Subdomains as well.

  • Devi Kripa

    I have already installed SSL (wildcard), what should I do now? If I enable will it confilict?

    • cPanelbenny

      Nope! No conflict at all. AutoSSL will only install SSL certificates on domains that don’t already have valid SSLs installed, where the feature has been enabled.

  • jölli ojagy

    hehe

  • Damien Gardner

    I’m probably missing something obvious, but how do you make it do renewals of AutoSSL Certs? the daily certwatch cronjob is now sending me 50 emails a day going ‘xxxx certificate expires in 28 days’, then 27, 26, 25, etc. It’s getting more than annoying. ‘/usr/local/cpanel/bin/autossl_check –all’ doesn’t seem to do any renewals..

    • cPanelbenny

      That sounds like a bug, rather than something working as intended. The certificates should be automatically renewed without any notification being sent, unless there’s an error. Definitely reach out to your webhosting provider or license provider to have them take a look. If your webhosting or licnese providers don’t provide support, and you have root access to the server that’s having the problem, you can also submit a ticket to our support team here: https://tickets.cpanel.net/submit/

      • Damien Gardner

        Thanks Benny,

        Seems the certwatch job is from crypto-utils in CentOS. It’s not required, so support suggested I remove it. All good now 🙂

        • cPanelbenny

          No problem! I’m glad they were able to get it figured out for you. 🙂

  • Darkshifty

    this so called option “Allow AutoSSL to replace invalid or expiring non-AutoSSL certificates” where can i find it? i would like to replace an existing cert.

  • lukedouglas

    Sorry to be a bit in the dark on AutoSSL but how does this affect our current Comodo SSL’s that are installed as well as is there any advantage to using AutoSSL?

    • cPanelbenny

      Not in the dark at all! AutoSSL, once enabled, won’t replace existing SSL certificates until they are no longer considered valid. For example, if the SSL is about to expire, AutoSSL will install a new one. You can read more about it here: go.cpanel.net/autossl

      • lukedouglas

        Just did my first one. Piece of cake. For most of my clients who are small to medium size businesses and organizations who have no eCommerce needs, this will be a blessing. For the few that I have with eCommerce, we will probably stay with the higher levels of SSL.

        • cPanelbenny

          Perfect! That’s really exactly what we’re looking. We’re hoping to open up EV and OV certificate purchases in the cPanel market in version 60 as well, which will make that a breeze.

  • Is it safe to upgrade to cpanel 58 now that it’s released, without losing x3 theme?

    • cPanelbenny

      Correct, you can upgrade to cPanel & WHM version 58 without losing x3, however the underlying technology is likely to be removed in a future version as well, which will mean that x3 won’t work even on servers where it is installed. We’re always open to ways we can improve Paper Lantern, however, so if you are willing to pass on why you prefer x3, I’d love to hear it: benny@cpanel.net

      • I prefer x3 because I hate Paper Lantern and I hate mobile-style dashboards for desktop use. x3 theme has everything in one place in an easy to use and familiar environment; and because we don’t want to take the time to rebrand Paper Lantern; but moreso because x3 is the best dashboard out there. It’s the only reason cpanel is better than other systems as well as proprietary systems.

        For example, the one reason why cpanel (with x3) is infinitely better then the proprietary godaddy dashboard is because of the UI design (of the x3 theme only), not necessarily the functionality. And the fact that even after godaddy finally got cpanel, they still redesigned cpanel extirely insead of using the default layout of the x3 theme, is one of the main reason why godaddy is so disliked for web hosting. That is to say, that godaddy hosting is hated primarily because there is no vanilla x3 theme.

        If you are removing it permanently after 58 then I will not be upgrading cpanel again and may end up eventually canceling my cpanel subscription. We’re looking into alternatives now as a result of this terrible business decision by cpanel. Whoever was the person behind removing x3 and forcing paper lantern should be fired, because once x3 is removed, you will see a drastic decrease in customers once people find an alternative and get around to removing cpanel for a more user-friendly dashboard for their customers.

        Once you deprecate x3 for good we’ll be writing a flaming criticism blog post about cpanel and how you are a shining example of how the major companies are destroying user experience on the internet by neglecting to realize that people don’t want a mobile experience on the desktop. There will be consequences for your terrible business decision to forcefully remove x3.

        Please note that we would be perfectly happy if you had merely updated the icons and the background but left the layout exactly how it is in the x3 theme. But your decision to create a full new redesign and then forcefully implement Paper Lantern into all new cpanels so 1) we had to go back and change all the setting for all existing customers after upgrade, and 2) even more shocking, forcefully removed it and forced all your customers to use something they did not want to use.

        It is one thing to make a new redesign that is optional as it has been. However, the gall and arrogance of whoever made this decision to force it against your customer’s wished because the “developer” of the Paper Lantern theme liked it and was too stuck up and prideful to see past their own massive head that other people have different tastes, is appalling for such a huge company.

        You are not alone in this kind of disaster. All the major companies are doing it. Take a look at Facebook’s stocks immediately after forcing the new dashboard. That was the end of Facebook, and when everyone stopped using Facebook. Facebook fell into irrelevance immediately after forcing the unwanted new redesign. Now no one says “hey are you on Facebook anymore?” My prediction that Facebook would die after that decision was correct. A total redesign was Facebook’s worst decision.

        Google did the same thing with gmail. Gmail recently forced their new hated redesign on everyone. Since then, millions of users have been desperately seeking alternatives. But not just Gmail, google has done it with all their services, leading people to opt to ditch google altogether and write posts about “why I’m leaving google”, but really the core underlying reason is one thing: massive unwanted redesigns.

        Paypal also just implemented a massive hated redesign. As a result, many people are trying to find Paypal alternatives. It was a terrible business decision.

        As you see, I have plenty to write about, and much more, I’ll be making a new blog post about it soon and you are going to be the topic of conversation as the example of how developers can’t get over themselves and their blind massive arrogance and actually listen to what their customers want – which is, to not have a massive overhaul redesign (or at least, to have the choice to not use it if they don’t want).

  • I’m running centos 6.x 64-bit and cpanel 56

  • This is really great progress. This is going to change a lot for the hosting/ssl industry by making security and safety much more easily accessible, automatic and free.

    • cPanelbenny

      We’re definitely hoping! Between AutoSSL and the Marketplace we’re hoping to make it super simple to install any SSL certificate you need to.