The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

AutoSSL in V. 58

Discussion in 'Security' started by jhawkins003, Jul 12, 2016.

  1. jhawkins003

    jhawkins003 Member

    Joined:
    Jun 24, 2014
    Messages:
    12
    Likes Received:
    2
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    We have just begun testing v.58 and I would like to verify with the community a quick detail regarding AutoSSL functionality. After activating the Cpanel AutoSSL provider, the system appears to have fetched free certificates for the handful of domains hosted on that machine. So... is this basically a "Cpanel version" of the free certificate service LetsEncrypt has?

    I knew Cpanel offered free certificates for the hostname, but the capability to generate free certs for all account domains is new to me - so I just want to make sure I understand what I am seeing. :)

    UPDATE: This post should be in security - I have no clue why its in CloudLinux... mods please feel free to move as appropriate!
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    cPanel (powered by Comodo) is the AutoSSL provider that's shipped with cPanel 58. The free offering is limited to DV certificates (This link from Comodo explains how a DV certificate works). The "AutoSSL" feature allows you to let users automatically purchase and install SSL certificates from your chosen provider. The following document offers some more information on how this works:

    Market Provider Manager - Documentation - cPanel Documentation

    Support for "Let's Encrypt" is planned for the future as part of a separate plugin. The cPanel 58 release notes go into detail about this feature:

    58 Release Notes - Documentation - cPanel Documentation

    The following blog posts offer some more details about the new SSL offerings:

    The cPanel Market Provider, and free hostname SSLs | cPanel Blog

    Let us know if you have any questions.

    Thanks!
     
  3. trs

    trs Member

    Joined:
    Jul 7, 2016
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Mississauga
    cPanel Access Level:
    Root Administrator
    So I ran AutoSSL for all users and it installed certs for all domains and subdomains (AWESOME!)

    Now the question is, how is it different from lets encrypt?
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    The ability to issue free DV certificates from Comodo was a project started before support for "Let's Encrypt" was planned. You can monitor the progress on the planned "Let's Encrypt" plugin at:

    Provide Support for Let's Encrypt Automated Certificate Management/SSL

    The free cPanel (powered by Comodo) and the free "Let's Encrypt" certificates both utilize domain validation (DV).

    Thank you.
     
    trs likes this.
  5. trs

    trs Member

    Joined:
    Jul 7, 2016
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Mississauga
    cPanel Access Level:
    Root Administrator
    Is AutoSSL available for subdomains?
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Yes, with the exception of proxy subdomains or wildcard domains. The following document includes additional information about this feature you may find helpful:

    Manage AutoSSL - Documentation - cPanel Documentation

    Thanks!
     
  7. sparek-3

    sparek-3 Well-Known Member

    Joined:
    Aug 10, 2002
    Messages:
    1,381
    Likes Received:
    23
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Doesn't this effectively cannibalize Comodo's PositiveSSL offering (and Geotrust's RapidSSL offering)?

    With everyone wanting to go to HTTPS it makes sense to have DV certificates for free. They never really proved anything anyway. Of course, self-signed certificates could almost serve this purpose, until the browser braintrust decided to start putting up that ugly "this certificate isn't signed" message.
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    It's difficult to predict how the widespread availability of free DV certificates could affect those specific product offerings. For anyone interested, the comments section of the following feature request includes additional discussion from cPanel users about how free DV certificates might affect the SSL certificate industry as a whole :

    Provide Support for Let's Encrypt Automated Certificate Management/SSL

    Thank you.
     
  9. jhawkins003

    jhawkins003 Member

    Joined:
    Jun 24, 2014
    Messages:
    12
    Likes Received:
    2
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    So a quick question for anyone watching this thread who may have upgraded to v.58. How has your experience been with AutoSSL?

    We have experienced a mountain of issues with AutoSSL across both servers we have upgraded. cPanel is being very helpful in our support tickets, but I'm curious to see what other people have experienced so far. Is AutoSSL running smooth as silk for you?
     
  10. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,448
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Quite well on this end. I did have a couple domains now dead that were still in the system I had to clean up. For example one was an Parked domain (Alias) that no longer exists. Each night the system checks, finds it and spits out this message in the "All Users" log in Logs area:

    Code:
    3:51:07 AM Checking websites for “cPusernme” …
    3:51:07 AM The website, example.com, owned by “cPusernme” has a valid SSL certificate, but additional SSL coverage may be possible for the domains “example.info” and “www.example.info”. Attempting replacement …
    3:51:07 AM WARN The domain “example.info” has failed domain control validation (“example.info” does not resolve to any IPv4 addresses on the internet.). at bin/autossl_check.pl line 361.
    3:51:07 AM WARN The domain “www.example.info” has failed domain control validation (“www.example.info” does not resolve to any IPv4 addresses on the internet.). at bin/autossl_check.pl line 361.
    3:51:07 AM The system has completed the AutoSSL check for “cPusernme”. 
    I have 2 sub domain issues and one Addon domain issue:

    Code:
    3:51:08 AM Checking websites for “cPusernme” …
    3:51:09 AM The website, site.example.net, owned by “cPusernme” has a valid SSL certificate, but additional SSL coverage may be possible for the domains “www.site.example.net”. Attempting replacement …
    3:51:09 AM WARN The domain “www.site.example.net” has failed domain control validation (“www.site.example.net” does not resolve to any IPv4 addresses on the internet.). at bin/autossl_check.pl line 361.
    3:51:09 AM The website, blog.example.net, owned by “cPusernme” has a valid SSL certificate, but additional SSL coverage may be possible for the domains “www.blog.example.net”. Attempting replacement …
    3:51:09 AM WARN The domain “www.blog.example.net” has failed domain control validation (“www.blog.example.net” does not resolve to any IPv4 addresses on the internet.). at bin/autossl_check.pl line 361.
    3:51:09 AM The website, cms.example.net, owned by “cPusernme” has a valid SSL certificate, but additional SSL coverage may be possible for the domains “www.cms.example.net”. Attempting replacement …
    3:51:09 AM WARN The domain “www.cms.example.net” has failed domain control validation (“www.cms.example.net” does not resolve to any IPv4 addresses on the internet.). at bin/autossl_check.pl line 361.
    3:51:09 AM The system has completed the AutoSSL check for “cPusernme”.
    
    And 2 sub domains that longer exists, but the redirect for them did.

    Overall I found the process to be quite easy. I only did a few at a time, as the magic doesn't happen right away of course, it takes a few minutes to retrieve and setup the cert(s) for each. I also manually added rules to several of the site's htaccess' to force www as well.

    Images on a sites homepage linked to from somewhere else, will get you a "Connection is not secure" message.

    I recommend this new feature. :)

    If https makes google happy and your users can't afford their own SSL proper, this is a pretty darn good stand in.
     
    cPanelMichael likes this.
  11. jhawkins003

    jhawkins003 Member

    Joined:
    Jun 24, 2014
    Messages:
    12
    Likes Received:
    2
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    Great to hear, and thanks for sharing details! I do agree this is an amazing feature, and we believe most of the issues we are seeing are specific to our install. This happily confirms. :)

    We had an Apache template that originally messed with AutoSSL, and ever since the feature has yet to really work properly. Some certificates never pull down - others pull but never install, the logs chronically get stuck in 'in processing' and don't reflect the actual status of the installs, and we have one server that throws an AutoSSL CRON alert every 5 minutes because the scripts are attempting to act on a queued account that no longer exists.

    Just a few growing pains, but as I said - cPanel support is fantastic, so we'll certainly be up and running soon. :-D
     
    cPLevey and Infopro like this.
  12. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,448
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Those guys in cPanel Technical Support can fix anything. :)


    GL!
     
    cPLevey likes this.
Loading...

Share This Page