New SSL Notifications in v68

AutoSSL is indisputably one of the best parts of cPanel & WHM. We have continued to improve and expand the functionality of AutoSSL since we introduced it in version 58, and version 68 includes some very specific improvements we want to talk about.

Building the best experience

Much of our work with AutoSSL has been on improving the DCV (Domain Control Validation) process and success rates. While most of the work has been behind-the-scenes and not something that is easily outwardly noticed, there are a couple things we can point to. The most obvious improvements were when we added the DCV global exclude to alleviate the .htaccess edits that were required, and adjusted the folder that was being used for the validation. We’ve worked hand-in-hand with the team over at Comodo to make the domain validation process faster and more secure.

We’ve also added features like allowing cPanel users to define which domains are secured by AutoSSL in version 66, and giving those users the ability to trigger their own AutoSSL run in version 68.

New Notifications

One thing that we held off on intentionally was notifications around AutoSSL. Automated notifications are one of the best ways for an administrator to be notified of a potential problem on a server, but being notified of the problem typically also means that you will want to respond to it. We avoid enabling notifications unless we think it is absolutely necessary, because notifications often cause an increase in support interactions, both for us and for our partners. In version 68 we added numerous new notifications around SSLs and SSL renewals, to help ensure that websites are being secured the best possible way. Let’s go through them.

As of v68 new and upgraded systems will default to automatically sending hosting providers and cPanel users notifications about the status of their existing SSL certificates, whether they are issued through AutoSSL or were purchased and installed outside of AutoSSL. The full list of notifications that we’ve added in version 68 is below.

Webhosting providers will receive the following notifications: 

  • AutoSSL certificates expiring soon — Triggered when account’s AutoSSL certificate expires soon.
  • Installation of AutoSSL certificates — Triggered when AutoSSL installs an SSL certificate.
  • Installation of purchased SSL certificates — Triggered when the system installs SSL certificates that a user purchased through the cPanel Market.
  • SSL Certificate Expiration — Triggered when a service-level SSL certificate has expired.
  • SSL Certificate Expires Soon — Triggered when an account’s SSL certificate expires soon.
  • SSL certificates expiring — Triggered when an account’s SSL certificate expires soon.

cPanel users will receive the following notifications:

  • AutoSSL has renewed a certificate — Triggered when AutoSSL has successfully completed a certificate renewal.
  • AutoSSL certificate expiry — Triggered when an AutoSSL certificate will expire soon.
  • SSL certificate expiry — Triggered when a non-AutoSSL certificate will expire soon.

This level of communication will help ensure that all domains on a server can be secured, and noticed if they are not yet secured by an SSL. Webhosting providers and cPanel users can manage their notifications in one of two ways, either on the command line using the API (WHMAPI or cPanel API), or through the appropriate contact interface (WHM Contact Manager or cPanel Contact Information).

What’s next?

Our end goal continues to remain the same: help make it easier to increase security around internet traffic. Looking to the numbers provided by a bunch of sources, including Let’s Encrypt and Google, the number of interactions happening over SSL has nearly doubled in the last two years, and we’re happy to be one part of that push. If you have more features you’d like to see included as part of AutoSSL, or have other questions, comment below or find me on twitter.

benny Vasquez

scripter, crafter, cPanel's Manager of Community Engagement. Facilitating communication between cPanel's amazing development team, and cPanel's amazing community. Find me on twitter: @cpaneldev

27 responses to “New SSL Notifications in v68”

  1. Turopay says:

    Sometimes my own website also does not seem to have SSL security certifications some times. What am I supposed to do about it? This is websitem:

  2. Donna O says:

    Thanks benny for the advice and I think I will need to raise a ticket and maybe walk through one or two of the accounts with someone. It seems a better idea to fix the issues now rather just turn off the notifications.

  3. benny Vasquez says:

    Hi Donna! I’m so sorry for my delay! Unfortunately providing support via blog post comments isn’t possible, but it looks like the problem is that the domain in question doesn’t have a valid IP address. You should be able to add a A record for that subdomain through cPanel’s Zone Editor.

    If you’re still having trouble, feel free to open a ticket with our support team:

  4. Donna O says:

    Hi Benny

    So glad to find this article.

    We are a hosting reseller and have just started receiving around 55 emails a day regarding autoSSL certificates for our 55+ clients on a shared server.

    An example of text from the emails: The AutoSSL certificate expires on 2017-11-23 at 00:00:00 UTC. At the time of this notice, the certificate will expire in “4 days, 10 hours, 21 minutes, and 3 seconds”.

    AutoSSL did not renew the certificate for “”. You must take action to keep this site secure.

    The “cPanel” AutoSSL provider could not renew the SSL certificate without a reduction of coverage because of the following problems: ⛔ [ Last AutoSSL Run at “2017-11-18 at 13:12:02 UTC” ]

    “” does not resolve to any IPv4 addresses on the internet.

    Other subdomains affected are cpanel, mail, webdisk, autodiscover.

    Our hosting partner is telling us just to disable the messages by going into each account but doesn’t seem to be able to tell us why it is happening or what we can do about the issue.

    Are you able to shed light on what the cause could be or direct me to where to find more detail on this cPanel upgrade and the possible error messages and solutions.

    Also is there a setting to send out a message from our shared server when there is a cPanel/WHM update without finding it out by receiving 55 new messages each day?


  5. Diya Patel says:

    very helpful post about Auto SSL thanks for sharing i like it already installed auto ssl on my web

  6. Vinnie M. says:

    Ok, I set my Contact Manager SSL Notifications to Disabled as shown in the attached screenshot. I want to still be notified of “Service” SSL certs that are expired/expiring, but customer account SSL certs should not notify:

    Even though I set this a two days ago, I just got a notification tonight with the subject (domain masked for privacy):
    [] ⚠ SSL certificate expiry on 2017-12-05 UTC

    Why would this message still be sent based on my notification settings?

    I checked in Tweak Settings, but that setting says:

    “Send notifications when certificates approach expiry. [?]
    Send a notification when an SSL certificate expires soon. The system will only send a notification for an AutoSSL-provided certificate if that certificate fails to renew.”

    And these certs are not generated by AutoSSL so I don’t think this setting would apply. In fact, I have AutoSSL disabled as I handle the generating of my customer’s SSL certs myself from Lets Encrypt on a regular schedule (see other screenshots):

    Any ideas why the system is still generating these notifications for customer accounts that are nearing expiration?


  7. Scott Neader says:

    Color me confused. The posting above says “Webhosting providers will receive the following notifications: .AutoSSL certificates expiring soon — Triggered when account’s AutoSSL certificate expires soon. Installation of AutoSSL certificates — Triggered when AutoSSL installs an SSL certificate.” — yet I have not received a single notification. However, the end-users are most definitely getting them. That is why I was looking for the magic setting that I might not have set correctly. Since there is no such setting, then I must be set to get them “somehow” yet there are none.

  8. Vinnie M. says:

    OK, thanks.

  9. benny Vasquez says:

    Unfortunately that timeline isn’t configurable at this time. You can disable it entirely in Tweak Settings, but there’s no way to customize that yet.

  10. benny Vasquez says:

    Hi Scott! There currently isn’t a way to manage this in WHM, only as the cPanel user. There’s a script being shared on the forums to disable those as a cPanel user, if you’d like.

  11. Vinnie Murdico says:

    Is there any way to control how far in advance of a certificate expiration the system will start sending “expiring soon” notifications? I have my own system to handle renewals for my hosted customers about 10 days in advance of expiration, but cPanel is already sending me notices more than two weeks in advance of expiration.

  12. Scott Neader says:

    Syed, we have servers with well over 600 domains active, and AutoSSL works great, with either Let’s Encrypt or the cPanel/Comodo provider.

  13. Scott Neader says:

    Can you remind me… in v68 WHM, where in Contact Manager can I find “Installation of AutoSSL certificates”. I only see “Installation of purchased SSL certificates”

  14. Nonton Drama Asia says:

    this article is very good, I feel the new knowledge after reading it, hope this can help me to be better again ..

    thank you

  15. benny Vasquez says:

    There’s no limitation from the cPanel side, but there may be limitations that prevent the issuing of the SSLs. If you’re seeing any problems or have details questions, feel free to open a ticket either with your license provider or with our support team. We’ll get you squared away.

  16. Syed Muhammad Mahfuz-ul Huq says:

    Hello I have a dedicated server where i have more then 600 a/c. Does this SSL free for all 600 a/c. or is their any limitation??

  17. benny Vasquez says:

    We definitely have a closer relationship with Comodo, just due to the length of that relationship. However, you’re correct: If a bug is found in one provider, it’s addressed in both providers.

  18. Ross Gerring says:

    I think it’s fair to say the WHM users don’t have any strong allegiance towards free SSL suppliers, i.e. Comodo or Let’s Encrypt. But we do want to go with the one that works best, i.e. minimises auto-install failures. From these blogs, it appears to me that cPanel is (slightly?) more aligned with Comodo than with Let’s Encrypt. Is that fair to say? Is it also fair to say that, therefore, free Comodo SSL certs are likely to work more error-free than Let’s Encrypt free SSLs? Or is it the case that when an improvement is made for one, it’s simultaneously an impovement for the other? Thx.

  19. benny Vasquez says:

    Anytime. 🙂

  20. Scott Neader says:

    Thanks… although I think 68 going to Release is fairly imminent anyway… so I should see it soon. Thanks again for solving the mystery!

  21. benny Vasquez says:

    Yup! Unless that fix get back-ported you won’t see it until you upgrade. I’m going to ask about a backport tomorrow, though!

  22. Scott Neader says:

    Thanks. I’m on the Release tier, v66.0.29. So, I won’t see this fix until 68 moves to Release?

  23. benny Vasquez says:

    It looks like there’s a bug that’s fixed in 68.0.9 that prevents the status page from showing up if the cPanel Market wasn’t enabled. That should be fixed in CURRENT now!

  24. Scott Neader says:

    Here is a screen shot of the ‘disabled’ and ‘default’ feature list. I also confirmed that the end user’s package is using the ‘default’ feature list.

  25. Scott Neader says:

    Thanks!! I know this isn’t a support forum… but since you said to let you know if I had any questions… 🙂 Any idea what would cause ‘SSL/TLS Status’ to NOT appear in a user’s cPanel, if one had all three of those checked in every feature list, and not checked on the disabled list?

  26. benny Vasquez says:

    Right now the SSL/TLS Status feature in cPanel only shows up if you have all three of the following features enabled:

    * SSL/TLS
    * SSL Host Installer
    * SSL/TLS Wizard

    Let me know if you have any questions!

  27. Scott Neader says:

    Nick and his team really worked hard to get these SSL notifications right — please pass along my sincere thanks! I am sure there will be some tweaking needed, but “knowledge is power” and being notified when there are SSL problems is really necessary! Quick question… the v66 or v68 “SSL TLS Status” docs don’t mention how to enable the feature for cPanel users. I’m not seeing it as a feature (disabled or otherwise)… can you remind me where the feature is, so that it can be enabled?

Leave a Reply