How to Enable & Manage AutoSSL in WHM
A few days back WHM introduced the AutoSSL feature to its interface to have domain-validated SSL certificate installed on all domains hosted on servers. Furthermore, it provides flexibility to check SSL installation logs . This great feature has certainly helped domains/websites to secure data processed over internet.
Currently cPanel provides Let’s Encrypt and Comodo SSL Certificates with AutoSSL feature.
- AutoSSL covers corresponding www. domains for each domain and subdomain in the certificate, and those www. domains count towards any domain or rate limits. For example, if your domain is example.com, AutoSSL will automatically cover www.example.com in the certificate.
- AutoSSL replaces certificates those with overly-weak security settings (e.g, RSA modulus of 512-bit or less).
- Each AutoSSL provider may wait for a specific amount of time to replace an AutoSSL-provided certificate before it expires. For example: AutoSSL will attempt to renew certificates that cPanel, Inc. provides when they expire within 15 days. : AutoSSL attempts to renew certificates that Let’s Encrypt provides when they expire within 29 days.
- Due to rate limits, AutoSSL prioritizes new certificates over the renewal of existing certificates.
- If a virtual host contains more than the provider’s limit of domain names, AutoSSL uses a sort algorithm to determine the priority of domains to secure.
Domain and Rate Limits by cPanel:
- AutoSSL enabled SSL certificates can cover a maximal of 200 domains per certificate (Apache virtual host). Let’s Encrypt powered SSL can cover 100 domains.
- AutoSSL covers only domains and subdomains that pass a Domain Control Validation (DCV) test that proves ownership of the domain.
- AutoSSL will not attempt to cover www. domain, in case it fails to pass a DCV test.
- AutoSSL does not replace already installed certificates on the domains not issued by it.
- AutoSSL does not cover wildcard domains. Hence, they are left out as well.
Enable AutoSSL in WHM:
- Log in to server’s WHM as a root user
- Navigate to »SSL/TLS »Manage AutoSSL
- Under the ‘Providers‘ tab choose from the available SSL providers.
Enable AutoSSL for All Users:
- Log in to server’s WHM as a root user. Navigate to »SSL/TLS »Manage AutoSSL
Prior to running the AutoSSL for all users configure the options under the tab Options.
Note: Please be sure to tick the ‘Allow AutoSSL to replace invalid or expiring non-AutoSSL certificates’ only if you want AutoSSL to replace invalid or expiring certificates as it says.
2. Click the ‘Run The AutoSSL For All Users ‘
If required, you can select only specific users under ‘Manage Users‘ and click ‘Enable AutoSSL on selected users’ or ‘Disable AutoSSL on selected users‘ to disable AutoSSL.
The interface allows you 3 options for each user:
Forcibly enable AutoSSL and override the feature list setting.
Forcibly disable AutoSSL and override the feature list setting.
Reset to Feature List Setting
Utilize the ‘default’ feature list setting which is currently set to ‘enabled’.
Enable AutoSSL for Single User:
The interface allows enabling AutoSSL for a specific user as well.
Under ‘Manage Users‘ tab click ‘Check “user” button in blue in order to install an SSL from AutoSSL. This will allow AutoSSL to check ALL of the domains for that specific user and install SSL.
That’s it !