AutoSSL is indisputably one of the best parts of cPanel & WHM. We have continued to improve and expand the functionality of AutoSSL since we introduced it in version 58, and version 68 includes some very specific improvements we want to talk about.
Building the best experience
Much of our work with AutoSSL has been on improving the DCV (Domain Control Validation) process and success rates. While most of the work has been behind-the-scenes and not something that is easily outwardly noticed, there are a couple things we can point to. The most obvious improvements were when we added the DCV global exclude to alleviate the .htaccess edits that were required, and adjusted the folder that was being used for the validation. We’ve worked hand-in-hand with the team over at Comodo to make the domain validation process faster and more secure.
We’ve also added features like allowing cPanel users to define which domains are secured by AutoSSL in version 66, and giving those users the ability to trigger their own AutoSSL run in version 68.
One thing that we held off on intentionally was notifications around AutoSSL. Automated notifications are one of the best ways for an administrator to be notified of a potential problem on a server, but being notified of the problem typically also means that you will want to respond to it. We avoid enabling notifications unless we think it is absolutely necessary, because notifications often cause an increase in support interactions, both for us and for our partners. In version 68 we added numerous new notifications around SSLs and SSL renewals, to help ensure that websites are being secured the best possible way. Let’s go through them.
As of v68 new and upgraded systems will default to automatically sending hosting providers and cPanel users notifications about the status of their existing SSL certificates, whether they are issued through AutoSSL or were purchased and installed outside of AutoSSL. The full list of notifications that we’ve added in version 68 is below.
Webhosting providers will receive the following notifications:
- AutoSSL certificates expiring soon — Triggered when account’s AutoSSL certificate expires soon.
- Installation of AutoSSL certificates — Triggered when AutoSSL installs an SSL certificate.
- Installation of purchased SSL certificates — Triggered when the system installs SSL certificates that a user purchased through the cPanel Market.
- SSL Certificate Expiration — Triggered when a service-level SSL certificate has expired.
- SSL Certificate Expires Soon — Triggered when an account’s SSL certificate expires soon.
- SSL certificates expiring — Triggered when an account’s SSL certificate expires soon.
cPanel users will receive the following notifications:
- AutoSSL has renewed a certificate — Triggered when AutoSSL has successfully completed a certificate renewal.
- AutoSSL certificate expiry — Triggered when an AutoSSL certificate will expire soon.
- SSL certificate expiry — Triggered when a non-AutoSSL certificate will expire soon.
This level of communication will help ensure that all domains on a server can be secured, and noticed if they are not yet secured by an SSL. Webhosting providers and cPanel users can manage their notifications in one of two ways, either on the command line using the API (WHMAPI or cPanel API), or through the appropriate contact interface (WHM Contact Manager or cPanel Contact Information).
Our end goal continues to remain the same: help make it easier to increase security around internet traffic. Looking to the numbers provided by a bunch of sources, including Let’s Encrypt and Google, the number of interactions happening over SSL has nearly doubled in the last two years, and we’re happy to be one part of that push. If you have more features you’d like to see included as part of AutoSSL, or have other questions, comment below or find me on twitter.