How to Enable and Manage AutoSSL in WHM/cPanel
Posted on September 8th, 2016
In this documentation, we can learn how to enable and manage AutoSSL in WHM/cPanel. AutoSSL helped many cPanel and WHM users who had issues with SSL installation and renewal. With the entry of AutoSSL there are no more fill out, and no more certificates to manually copy. The Domain will get a Validated SSL certificate automatically by enabling AutoSSL. The advantage of AutoSSL is that on the time of expiration time a new SSL is requested and automatically installed.
How do you enable AutoSSL?
AutoSSL enabling is much easy! In WHM navigate to the AutoSSL interface, and adjust the selected toggle to cPanel. Then click save.
The server will automatically do the following:
1) Add a feature to WHM >> Packages >> Feature Manager named “AutoSSL”.
2) Add a cronjob ( /etc/cron.d/cpanel_autossl ) to handle the downloading and installation of new SSL certificates for all of your hosted domains.
Any issue with the application can be viewed from the logs of AutoSSL right from the WHM interface. We will get the logs in the ‘Logs’ tab after the first run of the cronjob. The log can be loaded by selecting the log file you would like to view and clicking ‘View Log’.
Select an AutoSSL provider
To select an AutoSSL provider, perform the following steps:
1) Select the desired AutoSSL provider.
2) If the AutoSSL provider requires that you accept their Terms of Service or other similar agreement, read the document and select the appropriate checkbox to agree to those terms.
3) If you need to reset your registration with the AutoSSL provider due to security issues, select the appropriate checkbox to agree to those terms and click Reset Registration.
4) Click Submit.
The AutoSSL feature includes the following limitations and conditions:
Main Features are:
1) Each AutoSSL provider may have a specific domain rate limit.
2) Certificates that cPanel, Inc. provides through AutoSSL can secure a maximum of 200 domains per virtual host.
3) Certificates that Let’s Encrypt™ provides can secure a maximum of 100 domains per virtual host.
4) AutoSSL will only include domains and subdomains that pass a Domain Control Validation (DCV) test, which proves ownership of the domain.
5) AutoSSL will not attempt to replace pre-existing valid certificates that expire in more than three days.
6) AutoSSL will replace certificates with overly-weak security settings (for example, RSA modulus of 512-bit or less).
7) AutoSSL includes corresponding www. domains for each domain and subdomain in the certificate, and that www. domains count towards any domain or rate limits.
7.1) For example, if your domain is example.com, AutoSSL will automatically include www.example.com in the certificate.
7.2) If the corresponding www. domain does not pass a DCV test, AutoSSL will not attempt to secure that www. domain.
7.3) This affects Let’s Encrypt’s limit of 20 certificates per week that may contain a domain or its subdomains.
8) AutoSSL does not secure proxy subdomains or wildcard domains.
9) If a virtual host contains more than the provider’s limit of domain names, AutoSSL uses the following conditions to determine the priority of domains to secure:
9.1) Whether the domains are currently secured.
9.2) Shortest domain name length.
9.3) Domain name alphabetical order.
If you need any further assistance please contact our support department.