The SSL/TLS Status interface within cPanel & WHM offers a centralized location to monitor, upgrade, and renew the Secure Sockets Layer (SSL) certificates for your various domains. This powerful tool also allows you to delve into the specific details of each domain's certificate, ensuring robust security for your online presence.
Overview
This interface serves as your primary hub for managing SSL certificates. It enables you to conveniently view the status of your domains' certificates, initiate upgrades, or proceed with renewals. Furthermore, you can inspect detailed information for any given domain's certificate, providing complete transparency over your security posture.
Important Considerations for TLS Support:
- cPanel & WHM fully supports Transport Layer Security (TLS) protocol version 1.2 and Transport Layer Security (TLS) protocol version 1.3.
- By default, TLSv1.2 or later is enabled within the system, ensuring modern security standards.
- It is important to note that not all client systems may support TLSv1.3, as it requires OpenSSL 1.1.1 or higher for compatibility.
AutoSSL and Linked Mail Nodes:
If you are utilizing AutoSSL or SSL certificates acquired through your cPanel account to secure a linked mail node, it is critical that your cPanel & WHM nodes maintain the ability to manage the authoritative DNS server for these domains.
For a deeper understanding of how SSL/TLS protocols validate server identities and safeguard your websites, we recommend consulting our comprehensive Guide to SSL.
CAA Records in Zone Files
Certificate Authority Authorization (CAA) records, found within a domain’s zone file, play a crucial role in enhancing security by restricting which Certificate Authorities (CAs) are permitted to issue certificates for that specific domain.
- Should no CAA records be present for a domain, any CA is technically able to issue certificates for it.
- In cases where conflicting CAA records are detected, it is necessary to either remove the problematic records or introduce a new one that explicitly permits the desired CA.
You can effectively manage your CAA records using the Zone Editor interface, accessible via cPanel » Home » Domains » Zone Editor. Always refer to the specific CA’s documentation for their particular requirements regarding CAA records.
At the top of the SSL/TLS Status interface, a convenient banner provides options for the following actions:
- Purchase Certificates — Selecting this option will seamlessly redirect you to the SSL/TLS Wizard interface (cPanel » Home » Security » SSL/TLS Wizard), where you can acquire new certificates.
- Show Unsecured Domains — This setting filters the list of domains displayed in the Domains table, showing only those domains that currently lack proper SSL security.
Security Recommendation: We strongly advise that all domains your visitors might access are secured with an SSL certificate to protect sensitive data and build user trust.
Search and Filter
The intuitive Search text box empowers you to quickly narrow down the list of domains within the Domains table by entering a domain name. This feature helps in efficiently managing a large number of domains.
- Simply input a complete or partial domain name, and the table will dynamically update to reflect your search criteria.
- Click the filter icon
to reveal all available filter settings, offering granular control over your domain list.
The following comprehensive filter options are available to help you organize and view your domains:
Domain Types
- All — Displays every domain regardless of its classification. This is the default viewing option.
- Main — Shows primary domains, such as
example.comandwww.example.com. - Subdomain — Lists subdomains like
store.example.comandwww.store.example.com. - Addon Domains — Presents addon domains, for instance,
addon.comandwww.addon.com. - Parked Domains — Displays parked domains, such as
parked.comandwww.parked.com. - www and mail domain — Specifically shows
wwwandmailsubdomains, likewww.example.comandmail.example.com. - Service subdomains — Enlists service subdomains, including
cpanel.example.com,whm.example.com,webmail.example.com, andwebdisk.example.com. - DDNS Domains — Shows dynamic DNS domains, such as
home.example.comandoffice.example.com.
SSL Types
- All — Presents all domains irrespective of their certificate type. This is the default filter.
- Unsecured — Identifies domains that currently do not possess an SSL certificate.
- Self-Signed — Lists domains secured with a self-signed certificate, which are not validated by a trusted Certificate Authority.
- AutoSSL DV Certificate — Shows domains protected by an AutoSSL-issued Domain-Validated (DV) certificate.
- DV Certificate — Displays domains secured with a standard DV certificate.
- OV Certificate — Includes domains protected by an Organizational Validation (OV) certificate, offering a higher level of trust.
- EV Certificate — Features domains secured with an Extended Validation (EV) certificate, providing the highest level of trust and security.
SSL Statuses
- All — Displays all domains, irrespective of their certificate's current status. This is the default view.
- Active — Shows domains that are secured by currently active and valid certificates.
- Expired — Lists domains whose SSL certificates have passed their expiration date.
- Expiring Soon — Identifies domains with certificates that are approaching their expiration date.
- Unsecured — Highlights domains that lack any form of SSL certificate.
- Has AutoSSL Problems — Displays domains experiencing issues with AutoSSL. An example includes domains that do not correctly resolve to an IPv4 address on the internet, preventing certificate issuance.
AutoSSL Statuses
- All — Displays all domains regardless of their AutoSSL inclusion status. This is the default filter.
- Included — Shows domains that are configured to be included during AutoSSL runs for automatic certificate management.
- Excluded — Lists domains that have been specifically excluded from AutoSSL's automatic certificate issuance and renewal processes.
AutoSSL Selection
This section provides direct control over how AutoSSL manages certificates for individual domains, allowing you to include or exclude them from automatic processing as needed.
- Include during AutoSSL — To include specific domains in AutoSSL's automated certificate processes, select the checkbox next to each desired domain and then click the Include during AutoSSL button.
- Exclude during AutoSSL — Conversely, to prevent AutoSSL from managing certificates for certain domains, select their respective checkboxes and click Exclude during AutoSSL.
- Run AutoSSL — This option allows you to manually trigger an immediate AutoSSL run. Upon activation, the system will display an AutoSSL is in progress … message until the process is complete. The _SSL/TLS Status_ interface will automatically refresh once AutoSSL has finished its operations.
Note: You might encounter the AutoSSL is in progress … message if you access this interface while an AutoSSL process is already underway in the background.
The Domains Table
The Domains table provides a comprehensive listing of all your domains along with their associated SSL certificates. This table is your central point for viewing certificate information and initiating certificate upgrades or renewals.
Domain
This column presents a complete or filtered list of all domains associated with your cPanel account. Each domain entry is accompanied by an icon that visually represents its current certificate type:
— Indicates an Unsecured domain, meaning it has no SSL certificate.
— Represents a domain secured with a Self-Signed certificate.
— Denotes an AutoSSL DV certificate, issued automatically by AutoSSL.
— Signifies a standard DV certificate.
— Marks an OV certificate, indicating organizational validation.
— Highlights an EV certificate, providing extended validation for the highest trust level.
Certificate Status
This column delivers critical information regarding a domain’s certificate. In instances where an error pertaining to the domain exists in the /var/cpanel/logs/autossl/ directory, this error message will be prominently displayed. Additionally, the column indicates the last time AutoSSL was executed for the specific domain. Within this column, you can also access the following actionable settings:
- View Certificate — Clicking this option allows you to inspect the domain's installed certificate. You will be redirected to the Install and Manage SSL for your site (HTTPS) section of the SSL/TLS interface (cPanel » Home » Security » SSL/TLS).
Note: The View Certificate option is exclusively available for domains that already have an active SSL certificate installed.
- Upgrade Certificate or Purchase Certificate — These options facilitate either upgrading an existing certificate or acquiring a new one for the domain. You will be directed to the SSL/TLS Wizard interface (cPanel » Home » Security » SSL/TLS Wizard), which will present the domain and available certificate types.
Note: These upgrade or purchase options are only presented for domains where such actions are applicable and available.
- Include during AutoSSL or Exclude from AutoSSL — These settings enable you to individually control whether AutoSSL includes or excludes this particular domain from its automatic certificate management processes.
Note: If you have installed a non-AutoSSL certificate and have not configured AutoSSL to utilize that certificate, these specific inclusion/exclusion settings will not be visible.
