1. Knowledge Base
  2. >
  3. Results
  4. >
  5. Manage AutoSSL in WHM

Manage AutoSSL in WHM

This article will cover the Manage AutoSSL feature for WHM with the following topics:

Features of AutoSSL

cPanel has recently implemented a new feature in WHM called AutoSSL. This feature will allow domain validated SSL certificates to be automatically installed on cPanel accounts for VPS and Dedicated Server packages. The Manage AutoSSL feature will let select an SSL certificate provider, view logs, and manage which users can be secured with an SSL Certificate. For more information regarding the AutoSSL in WHM, please refer to cPanel's documentation,

Note: To allow AutoSSL to replace invalid or expiring non-AutoSSL certificates, proceed to the Options tab click the option to Allow AutoSSL to replace invalid or expiring non-AutoSSL certificates. If you are unsure that you should replace the certificates, we do recommend consulting with a developer.
  • The AutoSSL does cover the www. subdomain for each domain and subdomain listed in the certificate. These certificates do count towards any daily rate limits. For example, domain example.com and www.example.com will both be included in the certificate.
  • AutoSSL does prioritize new certificates over the renewal of existing certificates due to rate limits.
  • The AutoSSL sorting algorithm determines the priority of the domains to secure if a virtual host contains more than the provider's limit of domain names.
  • Different providers may wait for a certain amount of time to replace an AutoSSL provided certificate before it is due to expire. Such as, certificates provided by cPanel will attempt to renew within 15 days of expiry.
  • Certificates with overly-weak security settings will be replaced by AutoSSL. Example: RSA modulus of 512-bit or less.

AutoSSL will automatically check that all domains within the cPanel user account have a certificate unless you exclude them within the Manage Users option. Please see the Disable for Certain Users section below for instructions on how to complete this.

Limitations of AutoSSL
  • cPanel provided certificates through AutoSSL can secure up to 200 domains per certificate (Apache virtual host).
  • Domains and subdomains must pass a Domain Control Validation (DCV) test to provide ownership of the domain.
    • Corresponding www. Domains will not be included if they also do not pass the DCV test.
    For the AutoSSL DCV to function, the domain must be pointed to HostGator via either by nameservers or an A record to your server's IP address. This change must be completed where the domain is managed at.
  • Pre-existing certificates will not be attempted to be replaced if it was not issued via AutoSSL.
  • Wildcard domains are not secured by AutoSSL.

How to Enable SSL in WHM

This video discusses how to enable your preferred SSL in a VPS or Dedicated server's WHM using Let's Encrypt as an example. For a Reseller's WHM, we will configure it for you.

Here are the steps outlined in the video guide above.

  1. Log into the WHM.
  2. In the Search box on the top left corner, search for AutoSSL.
  3. Select Manage AutoSSL.

    WHM's Manage AutoSSL

  4. Scroll down a little bit and select Let's Encrypt under AutoSSL Providers. The cPanel (powered by Sectigo) is enabled by default.
  5. Click the Options tab. This section allows you to customize your SSL and also to replace invalid or expiring SSL certificates.

    WHM - Manage AutoSSL - Options Tab

    • If you have a paid SSL installed in a domain and would want to use the Let's Encrypt instead, select Allow AutoSSL to replace invalid or expiring non-AutoSSL certificates to automatically replace it with either cPanel or Let's Encrypt SSL.
    • Leave this checkbox unselected if you do not wish to overwrite your paid SSL with the AutoSSL.
  6. Next is to run AutoSSL.
    • To use AutoSSL for all cPanel users in your WHM, click the AutoSSL for All Users button.

    • If you wish to choose the users that will use AutoSSL, click the Manage Users tab, select your preferred cPanel users and Enable AutoSSL radiobutton, and click the Check "(username)" button under Run AutoSSL Check.

      WHM - Manage AutoSSL - Manage Users

  7. Once the AutoSSL is triggered, you can check its status in the Logs tab. 
  8. Click View Logs to see the complete details.

    WHM- View Logs

  9. Scroll down the logs to find the "green-colored" texts indicating succesful installation.
  10. Check your website in a browser by typing in https:// plus your domain name. Your SSL should now be activated in your website. 

Disable for Certain Users
  1. Click on the Manage Users tab, and then click the checkbox on the left-hand side of each user that you wish to disable.
  2. Once all of the users are selected, click Disable AutoSSL on selected users at the top.
  3. Then click Save at the bottom of the screen.
Note: Disabling the AutoSSL will be for all of the domains under that user.
Enable for Certain Users
  1. Click on the Manage Users tab, and then click the checkbox on the left-hand side of each user that you wish to enable.
  2. Once all of the users are selected, click Enable AutoSSL on selected users at the top.
  3. Then click Save at the bottom of the screen.

Change AutoSSL Provider

Within Manage AutoSSL, you can change the SSL provider by selecting which provider you would like to use. The provider may require that you read and accept their Terms of Service by selecting the checkbox to agree to the terms.

To reset your registration with the provider, select the appropriate checkbox to agree to the terms, then Reset Registration, and then click Submit.


Let's Encrypt™ AutoSSL Plugin

The Let's Encrypt™ plugin will automatically provision cPanel accounts with Let's Encrypt SSL certificates for sites that do not already have valid CA-signed SSL certificates. The plugin only integrates with the AutoSSL feature, which generates SSL certificates for cPanel accounts. It does not generate hostname certificates for your system's services.

  1. Using SSH, login as the root user of the server.
  2. Run the following command:
    /scripts/install_lets_encrypt_autossl_provider

To disable and uninstall the Let's Encrypt plugin, run the following command via SSH:

/usr/local/cpanel/scripts/uninstall_lets_encrypt_autossl_provider


AutoSSL Troubleshooting

The Log tab within the AutoSSL manager will display issue once the first cronjob has run. Viewing the log is done by selecting the date of the file, then clicking View Log.