TCB13

Well-Known Member
Jul 25, 2014
62
1
8
cPanel Access Level
Root Administrator
Hello,

I just did some testing with the "new" AutoSSL feature and seems like it works just fine. Thanks for the addition.

However I don't understand one thing: AutoSSL is available for all my customers, what about the server domain itself?

How can deploy an SSL certificate for the server domain using AutoSSL?

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,226
463
However I don't understand one thing: AutoSSL is available for all my customers, what about the server domain itself?

How can deploy an SSL certificate for the server domain using AutoSSL?
Hello,

Free cPanel-signed certificates for the hostname are generated as of cPanel 56. Here's the relevant quote from 56 Release Notes - Version 56 Documentation - cPanel Documentation :

Free cPanel-signed hostname certificate
As part of the introduction of this feature, cPanel offers valid cPanel & WHM license holders a free cPanel-signed hostname certificate for your server's services. This replaces the certificates for these services that meet any of the following conditions:
  • Has a weak signature algorithm. — New in version 56
  • Revoked. — New in version 56
  • Self-signed.
  • Invalid (For example, your server's hostname must be valid and resolve in DNS).
  • Expires in less than one week.
Note:
Comodo™ cross-signs these cPanel-signed certificates for additional security.

Your server will automatically order the free signed certificate when the server runs the /usr/local/cpanel/bin/checkallsslcerts tool as part of the upcp maintenance script and connects to the license server. The server will download and install the certificate when it is available.

When that signed certificate is less than seven days from expiration, your server will automatically order a replacement free signed certificate. The server will download and install the certificate when it is available. Otherwise, if the signed certificate expires, the server will install a self-signed certificate, and then replace that certificate with the free signed certificate when it is ready.

If you wish to replace your services certificate with one from another provider, use WHM's Manage Service SSL Certificates interface (Home >> Service Configuration >> Manage Service SSL Certificates).

Important:
  • Your server's hostname must be valid and resolve in DNS.
  • Your server must have a valid cPanel & WHM license.
  • This system will only replace self-signed or expired certificates. It will not replace an existing valid certificate from a certificate authority.
Important:

You can disable the free cPanel-signed hostname certificate. You can configure this setting in Manage2's Update Company Information interface (Dashboard >> Company >> Update Company Information).
Thank you.
 
Last edited:

TCB13

Well-Known Member
Jul 25, 2014
62
1
8
cPanel Access Level
Root Administrator
What if I already have a certificate from another entity. Is it safe to remove it and run `/usr/local/cpanel/bin/checkallsslcerts`? Will it deploy a free certificate instantaneously?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,226
463
What if I already have a certificate from another entity. Is it safe to remove it and run `/usr/local/cpanel/bin/checkallsslcerts`? Will it deploy a free certificate instantaneously?
Yes, it's safe. The server will download and install the certificate when it is available, however note it can sometimes take up to 48 hours for processing.

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,226
463
This was my exact issue as well so i used the script( /usr/local/cpanel/bin/checkallsslcerts) as you guys discussed.
How long before I can expect https?
It's generally issued within minutes, but can sometimes take several hours. Let us know if the certificates aren't issued within 24 hours.

Thank you.