SSL Notifications in cPanel 68

[cPanelMichael]

Hello @stormy,

I'm formulating my response based on the behavior in cPanel version 70, as it's nearing publication to the Current build tier (tentatively planned for the third week of January). cPanel version 68 becomes EOL once version 70 reaches the Stable build tier.

1. Tweak settings > Notifications > Send notifications when certificates approach expiry ("Send a notification when an SSL certificate expires soon. The system will only send a notification for an AutoSSL-provided certificate if that certificate fails to renew".)

Does this send notifications to the cPanel user or to the server admin? Or both?

As of cPanel version 70, the "Send notifications when certificates approach expiry" option in "WHM >> Tweak Settings" applies to non-AutoSSL certificates only (unless AutoSSL is disabled on the system):

Fixed case CPANEL-16927: Make notify_expiring_certificates ignore AutoSSL when AutoSSL is active.

Thus, since you are using AutoSSL, the "Send notifications when certificates approach expiry" only applies to non-AutoSSL certificates. Additionally, by default, notifications are sent both to users and administrators. If "Send notifications when certificates approach expiry" is disabled, this notification type is not utilized at all. If you want the administrator notification enabled, but the user notification disabled, then you'd leave the option enabled in "WHM >> Tweak Settings" and access cPanel to disable "SSL certificate expiry" under the "Contact Information" option for each user. If you want user notifications enabled, but the administrator notification disabled, then you'd leave the tweak setting option on and modify the contact preference for "SSL certificates expiring" in "WHM >> Contact Manager".

3. Manage AutoSSL > Options. Here are the new notification options. I think these are user only notifications. Am I right?

No, that's not correct. The "WHM >> Manage AutoSSL" notification settings control whether a specific AutoSSL notification type is active on the system. For the enabled AutoSSL notification types, you use "WHM >> Contact Manager" to control if the enabled notification types are sent to the administrator, and you use "cPanel >> Contact Information" to control whether enabled notification types are sent to the cPanel user.

Thank you.

 

[WorkinOnIt]

Well I've read through this entire thread and I am still confused.

I simply want to disable the email notifications for Auto SSL that get sent to the end user (cPanel account email address).

I've had dozens of clients contacting me wondering what all the AutoSSL emails mean.

Since I manage the server, I don't want end users seeing this kind of communication.

So - please explain in the simplest terms, how can I turn off the AutoSSL emails for the end users?

I can see that it is possible to control this in the "Contact Information and Preferences" section within each individual cPanel account - but I want to control the notifications for all users on a server wide basis.

There really should be a simple WHM panel interface that contains the notification controls for all the end users (cPanel accounts) - that's separate from the admin notifications.

 

[rodpascoe]

Well I've read through this entire thread and I am still confused.

I simply want to disable the email notifications for Auto SSL that get sent to the end user (cPanel account email address).

I've had dozens of clients contacting me wondering what all the AutoSSL emails mean.

Since I manage the server, I don't want end users seeing this kind of communication.

So - please explain in the simplest terms, how can I turn off the AutoSSL emails for the end users?

I can see that it is possible to control this in the "Contact Information and Preferences" section within each individual cPanel account - but I want to control the notifications for all users on a server wide basis.

There really should be a simple WHM panel interface that contains the notification controls for all the end users (cPanel accounts) - that's separate from the admin notifications.

Confusing isn't it?

I still get the emails (as do my users) despite following all the instructions on here.

Opened a ticket and never got a reply.

Gave up and now just delete the emails.

 

[sparek-3]

Have you tried running:

/usr/local/cpanel/bin/whmapi1 set_autossl_metadata metadata_json={\"notify_autossl_expiry_coverage\":0}
/usr/local/cpanel/bin/whmapi1 set_autossl_metadata metadata_json={\"notify_autossl_renewal_coverage\":0}
/usr/local/cpanel/bin/whmapi1 set_autossl_metadata metadata_json={\"notify_autossl_renewal\":0}

Or through the WHM interface:

Manage AutoSSL -> Options -> Notify when AutoSSL defers certificate renewal because a domain on the current certificate has failed DCV.

Manage AutoSSL -> Options -> Uncheck Notify when AutoSSL will not secure new domains because a domain on the current certificate has failed DCV.

Manage AutoSSL -> Options -> Uncheck Send notifications when AutoSSL has renewed a certificate.

Further explanation:

/usr/local/cpanel/bin/whmapi1 set_autossl_metadata metadata_json={\"notify_autossl_expiry_coverage\":0} unchecks Manage AutoSSL -> Options -> Notify when AutoSSL defers certificate renewal because a domain on the current certificate has failed DCV.

/usr/local/cpanel/bin/whmapi1 set_autossl_metadata metadata_json={\"notify_autossl_renewal_coverage\":0} unchecks Manage AutoSSL -> Options -> Notify when AutoSSL will not secure new domains because a domain on the current certificate has failed DCV.

/usr/local/cpanel/bin/whmapi1 set_autossl_metadata metadata_json={\"notify_autossl_renewal\":0} unchecks Manage AutoSSL -> Options -> Send notifications when AutoSSL has renewed a certificate.

Doing it through the command-line is quicker for me, but may not be the case for you.

Does this stop all of the notifications? I'm really not sure.

 

[cPanelMichael]

I can see that it is possible to control this in the "Contact Information and Preferences" section within each individual cPanel account - but I want to control the notifications for all users on a server wide basis.

Hello,

Here's a post here with an example of a script you can use to disable the cPanel user AutoSSL notifications for every user:

Post 2496419

Keep in mind this is improved in cPanel version 70, as the ability to disable options that send AutoSSL notifications to cPanel users will exist in "WHM >> Home >> SSL/TLS >> Manage AutoSSL".

Thank you.

 

[ChadBigHippoHost]

Hello,

Here's a post here with an example of a script you can use to disable the cPanel user AutoSSL notifications for every user:

Post 2496419

Keep in mind this is improved in cPanel version 70, as the ability to disable options that send AutoSSL notifications to cPanel users will exist in "WHM >> Home >> SSL/TLS >> Manage AutoSSL".

Thank you.

Thank you for clarifying this. I will look forward to this solving these emails in cPanel 70.

 

[Hedloff]

Have anyone tested that these emails are not sent out in version 70 after disabling this in tweak settings?
We're still at version 66 because of these terrible emails causing so much pain for our customers and helpdesk!

 

[sneader]

We're still at version 66 because of these terrible emails causing so much pain for our customers and helpdesk!

The fix is well documented in this thread... one simple command line, and the notifications can be disabled. Did you miss that? upgrade to 68, then run the command, problem solved.

We have found that the notifications are actually helpful, except for the "successful renewal" emails, so those are the only ones we have disabled. The rest of them are almost always pointing to some type of problem that should be fixed anyway. We have devised a couple of standard responses that help customers to learn more about the "SSL/TLS Status" feature in cPanel to give them control over what FQDNs they want protected by SSL. Your mileage may vary here... but, I think you could upgrade and disable the notifications easily.

- Scott

 

[Hedloff]

Thanks Scott!
But we do not use AutoSSL for our customers. We sell SSL and actually make profits, therefore we do not want to use it.

No, I didn't read the whole thread because I will skip version 68 on our servers and go directly to version 70.
I updated one server to 70 and changed setting, but I do not fully trust cPanel have fixed it.... That's why I wanted some feedback on this setting in tweak:

 

[cPanelMichael]

But we do not use AutoSSL for our customers. We sell SSL and actually make profits, therefore we do not want to use it.

I updated one server to 70 and changed setting, but I do not fully trust cPanel have fixed it.... That's why I wanted some feedback on this setting in tweak (Send notifications when certificates approach expiry)

Hello @Hedloff,

Yes, disabling the "Send notifications when certificates approach expiry" option in "WHM >> Tweak Settings" in cPanel version 70 will disable the notifications that occur when non-AutoSSL SSL certificates are about to expire.

Let us know if you have any additional questions.

Thank you.

 

[rodpascoe]

The fix is well documented in this thread... one simple command line, and the notifications can be disabled. Did you miss that? upgrade to 68, then run the command, problem solved.

We have found that the notifications are actually helpful, except for the "successful renewal" emails, so those are the only ones we have disabled. The rest of them are almost always pointing to some type of problem that should be fixed anyway. We have devised a couple of standard responses that help customers to learn more about the "SSL/TLS Status" feature in cPanel to give them control over what FQDNs they want protected by SSL. Your mileage may vary here... but, I think you could upgrade and disable the notifications easily.

- Scott

Only it didn't fix it for everyone (us included) so Hedloff's question is valid.

Thanks Scott!
But we do not use AutoSSL for our customers. We sell SSL and actually make profits, therefore we do not want to use it.

No, I didn't read the whole thread because I will skip version 68 on our servers and go directly to version 70.
I updated one server to 70 and changed setting, but I do not fully trust cPanel have fixed it.... That's why I wanted some feedback on this setting in tweak:

We sell them too and couldn't agree more.

Yes Hedloff, 70 finally fixed it, just take all the ticks out of the boxes to say good-bye to those pesky emails.

 

[Tam]

Thus, since you are using AutoSSL, the "Send notifications when certificates approach expiry" only applies to non-AutoSSL certificates. Additionally, by default, notifications are sent both to users and administrators. If "Send notifications when certificates approach expiry" is disabled, this notification type is not utilized at all. If you want the administrator notification enabled, but the user notification disabled, then you'd leave the option enabled in "WHM >> Tweak Settings" and access cPanel to disable "SSL certificate expiry" under the "Contact Information" option for each user. If you want user notifications enabled, but the administrator notification disabled, then you'd leave the tweak setting option on and modify the contact preference for "SSL certificates expiring" in "WHM >> Contact Manager".



No, that's not correct. The "WHM >> Manage AutoSSL" notification settings control whether a specific AutoSSL notification type is active on the system. For the enabled AutoSSL notification types, you use "WHM >> Contact Manager" to control if the enabled notification types are sent to the administrator, and you use "cPanel >> Contact Information" to control whether enabled notification types are sent to the cPanel user.

Thank you.

cPanel is not listening to us....

As administrators, and those of us who wish to use autoSSL, we want to be able have the option to receive our chosen notifications, and we want the facility to turn off select or all notifications to cPanel users. It is very simple. As it stands now we would have to go into each user's cPanel and manually turn them off. cPanel has created a rod for our backs here, a massive increase in support requests from users who do not know what to do about these notifications. Even in v70, it is still not right.

 

[Hedloff]

Only it didn't fix it for everyone (us included) so Hedloff's question is valid.

We sell them too and couldn't agree more.

Yes Hedloff, 70 finally fixed it, just take all the ticks out of the boxes to say good-bye to those pesky emails.

Thank you rodpascoe ! Great to hear that it's just not us having huge issues.....
Tested on a couple of server now and it seems to be working fine.

cPanel also added self signed ssl a while ago for all accounts as default and when thousends of customers get notification about these aswell, it creates a lot of work for our support department!

Would really wish cPanel would start to listen and when they add new features they have them disabled by default!

 

[Tam]

If you want the administrator notification enabled, but the user notification disabled, then you'd leave the option enabled in "WHM >> Tweak Settings" and access cPanel to disable "SSL certificate expiry" under the "Contact Information" option for each user.

"access cPanel to disable "SSL certificate expiry" under the "Contact Information" option for each user."

Where is that? I cannot find it in WHM or user cPanels.

 

[cPanelMichael]

"access cPanel to disable "SSL certificate expiry" under the "Contact Information" option for each user."

Where is that? I cannot find it in WHM or user cPanels.

Hello @Tam,

This is found in cPanel, under the "Preferences" section. Or, from the dropdown option in the upper right of the theme where you see the account username. The option is documented at:

Contact Information - Version 70 Documentation - cPanel Documentation

Note the following section:

Important:

• This interface only appears if your hosting provider enables either of the following features in WHM's Feature Manager interface (WHM >> Home >> Features >> Feature Manager).
  • The Contact Information feature.
  • The Update Notification Preferences feature.
• To use the Reset Password feature, you must set your contact email address.

Thank you.

 

[Tam]

Hello @Tam,

This is found in cPanel, under the "Preferences" section. Or, from the dropdown option in the upper right of the theme where you see the account username. The option is documented at:

Contact Information - Version 70 Documentation - cPanel Documentation

Note the following section:



Thank you.

Ah, the issue is with the documentation then, if the notifications are disabled in WHM > Manage AutoSSL > Options, then they will not show in the Contact Information options.

 

[cPanelMichael]

Ah, the issue is with the documentation then, if the notifications are disabled in WHM > Manage AutoSSL > Options, then they will not show in the Contact Information options.

Hello @Tam,

That's by design and documented on our Manage AutoSSL document:

• If you deselect any of the following options, it will also remove the corresponding option in cPanel's Contact Information interface (Home >> cPanel >> Preferences >> Contact Information).
• The system will not send notifications to cPanel users for options that you disable.
• These options override the user's current settings.

Can you verify which behavior or documentation you are referring to that's not accurate?

Thank you.

 

[Tam]

It is clearly there in the documentation linked to in the previous post. For instance,

My account approaches its bandwidth usage limit.


This setting notifies you if your website will soon exceed the maximum amount of traffic allowed.

Notes:

• This setting only appears if your hosting provider limits the bandwidth usage for your cPanel account and enables bandwidth notifications.
  
  
• After you reach your maximum bandwidth, visitors cannot access your website.
• To resolve this issue, you must upgrade your hosting plan. Otherwise, you must wait until the limit resets. Generally, this limit resets at the end of each month.

In any of the AutoSSL references there is no mention of This setting only appears if your hosting provider......

But anyway, as so many people are discovering with cPanel and their lovely AutoSSL, cPanel is not allowing us to have full control over the feature. Okay, we can enable or disable it, but we need to be able to control whether our clients receive AutoSSL notifications or not, and by not allowing us to do so you are burgeoning our support departments/facilities with excessive work because the vast majority of clients do not know what to do with these notifications and it is predominantly a server administrative issue. It is completely impractical for us to have to enter a client's cPanel and disable it manually from within there, many of us have thousands of clients.

The feature should be considered incomplete until that facility is available to admins.​

 

[cPanelMichael]

In any of the AutoSSL references there is no mention of This setting only appears if your hosting provider......

Good point. I've opened a case with our Documentation Team (#DOC-10387) to have the Contact Information document updated to reflect that information.

It is completely impractical for us to have to enter a client's cPanel and disable it manually from within there, many of us have thousands of clients.

You can disable the AutoSSL notifications completely without logging into cPanel for each account by disabling the notification types under the "Options" tab in "WHM >> Manage AutoSSL". This action alone will ensure the notifications are not sent to cPanel users or administrators. That said, if I understand correctly, you'd like to disable the AutoSSL notifications for all users, but still have it sent to the administrator. Is that correct? If so, we have a feature request open that would offer what you are seeking:

Ability to set defaults for cPanel User Notifications

In the meantime, you could use a workaround like the one referenced on this post.

Thank you.

 

[Tam]

That said, if I understand correctly, you'd like to disable the AutoSSL notifications for all users, but still have it sent to the administrator. Is that correct? If so, we have a feature request open that would offer what you are seeking:

Ability to set defaults for cPanel User Notifications

In the meantime, you could use a workaround like the one referenced on this post.

Thank you.

Yes, thank you.