Page tree
Skip to end of metadata
Go to start of metadata

For cPanel & WHM version 68

(cPanel >> Home >> Security >> SSL/TLS Status)

Overview

This interface allows you to view, upgrade, or renew your Secure Sockets Layer (SSL) certificates. You can also view useful information about each domain's SSL certificate, for example:

  • The type of certificate that secures the domain.
  • When the certificate expires or expired.
  • Graphical representation of all certificates for quick reference.
  • Options such as View Certificate or Upgrade Certificate for applicable domains.
  • AutoSSL Domain Control Validation (DCV) error messages for applicable domains.
  • The last time that AutoSSL ran for applicable domains.

Warning:

As of cPanel & WHM version 68, we only support Transport Layer Security (TLS) protocol version 1.2

  • We will only support applications that use TLSv1.2.
  • We strongly recommend that your hosting provider enable TLSv1.2 for your account. 

Note:

CAA records in the domain's zone file restrict which CAs (Certificate Authority) may issue certificates for that domain.

  • If no CAA records exist for a domain, all CAs can issue certificates for that domain.
  • If conflicting CAA records already exist, remove the existing CAA records or add one for the desired CA.

For example, a CAA record for Comodo would resemble the following example, where example.com represents the domain name:

example.com. 86400 IN CAA 0 issue "comodoca.com"

You can manage CAA records through the Zone Editor interface.

Purchase certificates banner

The banner at the top of the interface allows you to perform the following actions:

  • View a list of unsecured domains.
  • Purchase certificates for all unsecured domains. 
  • Select which domains to secure. 

When you click Purchase Certificates, cPanel's  SSL TLS Wizard  interface (cPanel >>  Home >> Security >> SSL/TLS Wizard) will appear, which displays the unsecured domains and available certificates. When you click Show Unsecured Domains, the Domain list will display only unsecured domains.

Search bar and filter

The Search text box allows you to filter by domain name. Enter all or part of the domain name to update the domain list. For filter options, click the filter icon ().

Click the tabs below to view each filter option.

TypeDescription
AllSelect all of the domains, regardless of type.
Main

Select only the main domains. For example:

  • example.com
  • www.example.com
Subdomain

Select only the subdomains. For example:

  • store.example.com
  • www.store.example.com
Addon Domains

Select only the addon domains. For example:

  • addon.com
  • www.addon.com
Parked Domains

Select only the parked domains. For example:

  • parked.com
  • www.parked.com
www and mail domain

Select only the www and mail subdomains. For example:

  • www.example.com
  • mail.example.com
Proxy subdomains

Select only the proxy subdomains. For example:

  • cpanel.example.com
  • whm.example.com
  • webmail.example.com
  • webdisk.example.com
TypeDescription
AllSelect all of the domains, regardless of certificate type.
Unsecured

Select only the unsecured domains. No certificates secure these domains.

Warning:

We strongly recommend that you secure all of the domains that you visitors may view.

Self-SignedSelect only the domains that a self-signed certificate secures.
AutoSSL DV CertificateSelect only the domains that an AutoSSL-issued domain validated (DV) certificate secures.
DV CertificateSelect only the domains that a DV certificate secures.
OV CertificateSelect only the domains that a organization validated (OV) certificate secures.
EV CertificateSelect only the domains that a Extended Validation (EV) certificate secures.
StatusDescription
AllSelect all of the domains, regardless of certificate status.
ActiveSelect only the domains that active certificates secure.
ExpiredSelect only the domains with an expired certificate.
Expiring SoonSelect only the domains secured by certificates that expire soon.
UnsecuredSelect only the domains that no certificate secures.
Has AutoSSL Problems

Select only the domains with AutoSSL problems. For example:

This domain does not resolve to an IPv4 address on the internet.

Note:

Some Certificate Authorities (CA) require a CAA record in the domain's DNS zone file to issue certificates through AutoSSL. For more information, read our Zone Editor documentation.

StatusDescription
AllSelect all of the domains, regardless of AutoSSL status.
Included

Select only the domains that AutoSSL includes.

ExcludedSelect only the domains that AutoSSL does not include.

AutoSSL selection

To control whether AutoSSL includes an individual domain, select one of the following options:

  • Include during AutoSSL — Select the checkbox of each domain to include when AutoSSL runs, then click Include during AutoSSL.
  • Exclude during AutoSSL — Select the checkbox of each domain to exclude when AutoSSL runs, then click Exclude during AutoSSL.
  • Run AutoSSL — Force AutoSSL to run immediately. The AutoSSL is in progress … message displays for the duration of the AutoSSL operation. The page will refresh when the operation completes.

    Note:

    The AutoSSL is in progress... message may display when you load this interface if the AutoSSL operation is already in progress.

The Domains table

The Domains table displays each domain's certificate and provides options to view or upgrade the certificate.

  • Domain — This column displays a complete or filtered list of all domains on the cPanel account. The following certificates display in this column:
    • Unsecured
    • Self-Signed certificate
    • Domain validated
    • AutoSSL Domain Validated
    • Organization validated
    • Extended validation
  • Certificate Status — This column displays domain specific certificate information. If an error exists for the domain in the /var/cpanel/logs/autossl/ directory, that error will display in this column. This column also displays the time AutoSSL last ran for applicable domains. The following options display in this column:
    • View Certificate — View the certificate of the domain if the certificate exists. The Manage SSL Hosts  section of cPanel's SSL/TLS interface (cPanel >> Home >> Security >> SSL/TLS) will appear in a new window.
    • Upgrade Certificate or Purchase Certificate — Upgrade or purchase a certificate for the domain. cPanel's SSL/TLS Wizard  interface (cPanel >>  Home >> Security >> SSL/TLS Wizard) will appear, which will display the specified domain and available certificates.

      Note:

      The View Certificate, Upgrade Certificate, and Purchase Certificate options only appear for applicable domains.

    • Include during AutoSSL or Exclude from AutoSSL — Apply or remove AutoSSL for this domain. For more information about AutoSSL, read our Manage AutoSSL documentation.

      Note:

      To select multiple domains, perform the following steps:

      1. Select or deselect the checkboxes to add or remove the applicable domains.
      2. Click Include Domains during AutoSSL or Exclude Domains during AutoSSL at the top-left of the interface. For example, click Include 5 Domains during AutoSSL.