(WHM >> Home >> SSL/TLS >> Manage AutoSSL)
This interface allows you to manage the AutoSSL feature, which automatically installs domain-validated SSL certificates for the Apache, Dovecot, Exim, Web Disk, and cPanel Server services for users' domains. It also allows you to review the feature's log files and select which users receive AutoSSL certificates.
- The cPanel AutoSSL provider requires outbound access to the
store.cpanel.netserver over port 443. For more information, read our How to Configure Your Firewall for cPanel Services documentation.
- While the cPanel AutoSSL provider generally only requires a short amount of time to complete the installation process, certain factors may cause longer wait times. Under some conditions, certificates may require up to 48 hours to process.
Run AutoSSL for All Users
Click Run AutoSSL for All Users at the top of the interface to run the AutoSSL feature for all users for whom you enabled the feature.
- The system runs the AutoSSL feature for all users when it performs nightly system updates via the
/usr/local/cpanel/scripts/upcpscript. AutoSSL examines the system's SSL coverage and requests certificates from the configured provider to improve the system's SSL coverage.
- To run the AutoSSL feature for all users via the command line, run the
cPanel AutoSSL certificates
The system automatically polls the cPanel AutoSSL certificate provider to determine each pending certificate's status:
|Age of certificate request||Polling frequency|
|Less than one day.||Once per five minutes.|
|Between one and two days.||Once per hour.|
|More than two days.||Once per day.|
The cPanel (powered by Comodo®) provider does not request additional certificates for a web virtual host if the provider already possesses a pending certificate request for that web virtual host.
Let's Encrypt™ imposes significant rate limits. For more information, read our SSL FAQ and Troubleshooting documentation.
To select an AutoSSL provider, perform the following steps:
Select the desired AutoSSL provider or select Disabled to disable this feature.
If the AutoSSL provider requires a Terms of Service or other similar agreement, review it and select the appropriate checkbox to agree to those terms.
If the provider updates their Terms of Service, you may need to return to this interface to agree to them.
- Click Save.
The Options tab allows you to configure various options for AutoSSL.
The notification options allow you to select the frequency at which your users receive AutoSSL-related notifications.
- Some of these options remove the corresponding notification option in cPanel's Contact Information interface (Home >> cPanel >> Preferences >> Contact Information). For example, if you disable the Notify the user for all AutoSSL events and normal successes user notification setting, this option is unavailable to your cPanel users.
- These options override the user's current settings.
You can select from the following notification options for your cPanel users:
This setting defaults to
You can select from the following notification options for your reseller and WHM users:
This setting defaults to
Allow AutoSSL to replace invalid or expiring non-AutoSSL certificates.
This option allows AutoSSL to replace certificates that the AutoSSL system did not issue. When you enable this option, AutoSSL will install certificates that replace users’ non-AutoSSL certificates if they are invalid or expire within 3 days.
- Unless you fully understand this option, do not enable it, because the system may unexpectedly replace an expiring or invalid Extended Validation (EV) or Organization Validated (OV) certificate with a Domain Validated (DV) certificate.
- Users' non-AutoSSL certificates are paid, and should be replaced by another paid certificate.
Use the Logs tab to review the system's AutoSSL log files. To view a specific log, select it from the menu and click View Log to display the its information.
The system stores the log files in both text and JSON format in the
The Manage Users tab allows you to override your server's feature list settings and control whether AutoSSL is enabled for your users. Use the search text box to locate specific users, or use the check box and menu to select all users or clear your current selections.
User feature lists may differ, based on the user's assigned package. For more information, read our Feature Manager documentation.
You can select from the following Toggle AutoSSL options for individual users and select users:
- Enable AutoSSL on selected users — Override the feature list setting and force AutoSSL to be enabled.
- Disable AutoSSL on select users — Override the feature list setting and force AutoSSL to be disabled.
- Reset AutoSSL on selected users — Use setting established by the feature list's default setting. For more information, read our Feature Manager documentation.
Run AutoSSL Check
You can use the Check button to perform a domain check for a specific user.