Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Force Autossl to replace certs by other providers

Discussion in 'Security' started by EneTar, Nov 13, 2016.

Tags:
  1. EneTar

    EneTar Well-Known Member

    Joined:
    Dec 19, 2015
    Messages:
    137
    Likes Received:
    9
    Trophy Points:
    18
    Location:
    Greece
    cPanel Access Level:
    Root Administrator
    I have some domains that use certificates from other providers which will expire in 20 days. I would like to force Autossl to replace those certificates. How can I do that in a way that it will not affect the uptime of the websites? I thought to remove the certificates first but I will need to wait until autossl issue a certificate and combined with the fact that those website use HSTS it would cause a period of non accessible websites.
     
  2. verdon

    verdon Well-Known Member

    Joined:
    Nov 1, 2003
    Messages:
    870
    Likes Received:
    3
    Trophy Points:
    168
    Location:
    Northern Ontario, Canada
    cPanel Access Level:
    Root Administrator
    I believe there is an option for this in the settings area of manage AutoSSL, though I haven't tried it yet.
     
  3. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,145
    Likes Received:
    1,932
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    The following option is available under the "Options" tab in "WHM >> Manage AutoSSL":

    Allow AutoSSL to replace invalid or expiring non-AutoSSL certificates.

    Per the option description, this option will allow AutoSSL to replace certificates that the AutoSSL system did not issue. When you enable this option, AutoSSL will install certificates that replace users’ CA-issued certificates if they are invalid or about to expire.

    In addition, it notes the following warning:

    Unless you fully understand this option, do not select it, because the system could unexpectedly replace an expiring or invalid EV or OV certificate with a DV certificate.

    Let us know if you have any additional questions.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    EneTar likes this.
  4. greatwitenorth

    Joined:
    Feb 28, 2014
    Messages:
    12
    Likes Received:
    1
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    What if you only want to force AutoSSL to replace a certificate for one account only? Is this possible?
     
  5. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,145
    Likes Received:
    1,932
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    You could completely disable AutoSSL for all accounts except for one, however it's not currently possible to enable "Allow AutoSSL to replace invalid or expiring non-AutoSSL certificates" on a per-account basis. Feel free to open a feature request if you'd like to see that functionality:

    Submit A Feature Request

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice