The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

autossl enabled on all accounts

Discussion in 'Security' started by zye, Nov 7, 2016.

Tags:
  1. zye

    zye Well-Known Member

    Joined:
    Dec 6, 2002
    Messages:
    104
    Likes Received:
    2
    Trophy Points:
    168
    i noticed today that all accounts did get ssl certs.

    why the hell did you enable it on all accounts?
    Log for the AutoSSL run for all users: Monday, November 7, 2016 1:33:01 AM GMT+0100 (cPanel (powered by Comodo))

    it just took me 1,5h to delete all of them.

    i charge for ssl certs free or not free...

    please do not change any account related settings / features without notice.
     
    #1 zye, Nov 7, 2016
    Last edited: Nov 7, 2016
  2. danielpmc

    danielpmc Well-Known Member

    Joined:
    Nov 3, 2016
    Messages:
    59
    Likes Received:
    27
    Trophy Points:
    18
    Location:
    Gainesville, Florida
    cPanel Access Level:
    Root Administrator
    Hello zye,

    1. WHM/SSLTLS/Manage AutoSSL/Manage Users

    Find the accounts you need AutoSSL disabled for and click Disable AutoSSL

    This will override the feature list setting and force AutoSSL to be disabled.

    2. WHM/SSLTLS/Manage AutoSSL/Options

    Allow AutoSSL to replace invalid or expiring non-AutoSSL certificates. Make sure setting this is unchecked.
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,064
    Likes Received:
    1,287
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello @zye,

    AutoSSL is enabled by default on new installations as of cPanel version 60, however it's not enabled by default on systems that update to cPanel version 60 from earlier versions. Here's a quote from the cPanel version 60 Release Notes noting this behavior:

    I tested updating a system with AutoSSL disabled from version 58 to version 60, and confirmed that AutoSSL remained disabled. Could you verify if you are seeing different behavior? Is it possible you left the AutoSSL feature set to "Yes" in the "Feature Showcase" when accessing Web Host Manager after the update?

    Thank you.
     
  4. zye

    zye Well-Known Member

    Joined:
    Dec 6, 2002
    Messages:
    104
    Likes Received:
    2
    Trophy Points:
    168
    i don t know if autossl was enabled or disabled as i did not use it because i use an addon for letsencrypt.

    i did an manual update on 11/05/2016:08:39:20 to WHM 60.0 (build 15) .
    when i checked i think cPanel (powered by Comodo) was activated

    and today from the logfile November 7, 2016 1:33:01 AM autossl was enabled on ALL accounts by cron and on all accounts ssl certs had been installed.

    just Reset to Feature List Setting or Disable AutoSSL did not clear the ssl issue. i had to manually delete every ssl host 1 by one :-(
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,064
    Likes Received:
    1,287
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    You can review /usr/local/cpanel/logs/access_log to see if Web Host Manager was accessed after the update to cPanel version 60. If it was, it's likely the AutoSSL setting in the "Feature Showcase" that automatically loads was left at "Yes", and the "Save Changes" button was clicked. This would have lead to the the automatic generation of SSL certificate with the AutoSSL feature.

    Disabling AutoSSL after it was previously enabled won't automatically delete the SSL certificates that were generated.

    Thank you.
     
Loading...

Share This Page