The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Notifications for expired or expiring SSL certificates?

Discussion in 'Security' started by sneader, Jan 1, 2017.

  1. sneader

    sneader Well-Known Member

    Joined:
    Aug 21, 2003
    Messages:
    1,145
    Likes Received:
    32
    Trophy Points:
    178
    Location:
    La Crosse, WI
    cPanel Access Level:
    Root Administrator
    Is there a way to receive notifications from WHM/cPanel when an SSL certificate is either expired, or maybe expiring within XX days?

    We are using the Let's Encrypt plugin, which attempts to renew certificates within 29 days, I believe (or less if the existing certificate is non-LE). Let's say I want to know if an SSL certificate is within 3 days of expiring... or at least if the cert has expired... is there such a mechanism?

    - Scott
     
  2. PaulK

    PaulK Registered

    Joined:
    Jan 1, 2017
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    Don't know about LE but most of third-party resellers send expiry reminders, I have certs from two different vendors both are good at this stage. I know few third-party sites (listed below) where you can signup for expiry notification on email, I haven't use them but they seem to be legit at first glance.

    certificatemonitor.org
    trackssl.com

    Hope this will help.
     
    #2 PaulK, Jan 1, 2017
    Last edited by a moderator: Jan 2, 2017
  3. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    15,620
    Likes Received:
    296
    Trophy Points:
    433
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    The Contacts Manager has alerts for this.
     

    Attached Files:

  4. sneader

    sneader Well-Known Member

    Joined:
    Aug 21, 2003
    Messages:
    1,145
    Likes Received:
    32
    Trophy Points:
    178
    Location:
    La Crosse, WI
    cPanel Access Level:
    Root Administrator
    Thanks, InfoPro! I double checked and I have both of those options enabled and alerts set. However, they did not fire. I am thinking these alerts are ONLY for the hostname SSL certificate, and not for individual customer SSL certificates?

    The Documentation site simply says that these alerts will fire when "A domain's SSL certificate expires soon" and "A domain's SSL certificate has expired"

    Are you able to confirm whether these alerts should fire for all SSL certs on the server, or only for the hostname cert?

    - Scott
     
  5. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    15,620
    Likes Received:
    296
    Trophy Points:
    433
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    I'm not. I don't use the Lets Encrypt plugin. I did find this post though:
    Expiration notices for certificates that don't expire yet

    Not sure if this is has anything to do with the cPanel plugin though, sorry.
     
  6. sneader

    sneader Well-Known Member

    Joined:
    Aug 21, 2003
    Messages:
    1,145
    Likes Received:
    32
    Trophy Points:
    178
    Location:
    La Crosse, WI
    cPanel Access Level:
    Root Administrator
    Thanks, InfoPro! I was hoping that cPanel had a way to alert the server admin of any SSL certificates on the server that are about to expire, and again when the certificate is expired. The data is available... You can log into WHM, click Manage SSL Hosts, and sort that list by expiration date... but that is pretty time intensive when there are many servers and especially since Let's Encrypt uses 3 month certificates.

    I think I will open a ticket, just to confirm that the two notification options in Notification Manager are really only for the server's hostname certificate, and not for the rest of the installed customer certs... and, if that is the case, will start a Feature Request to expand the notifications. I'll report back with what I find (and link to feature request, if opened).

    - Scott
     
  7. sneader

    sneader Well-Known Member

    Joined:
    Aug 21, 2003
    Messages:
    1,145
    Likes Received:
    32
    Trophy Points:
    178
    Location:
    La Crosse, WI
    cPanel Access Level:
    Root Administrator
    I received feedback from cPanel support (Tickets ID# 8102289) that the two notification options in Contact Manager for SSL Expiration notifications are ONLY for the server's hostname SSL certificate... not for any customer SSL certificates that are installed.

    I have created a Feature Request for cPanel to consider adding a feature to alert sysadmins of pending SSL certificate expirations, and again to alert after an SSL certificate has expired. The Feature Request is here:

    Notify sysadmin when customer SSL Certificate near expiration, and again after expiration

    (as of this writing, the request was pending moderation, so if you don't see it, check it out later)

    - Scott
     
    Infopro likes this.
Loading...

Share This Page