InMotion Hosting Support Center

Note: This feature is only available for Resellers, and root users on VPS or Dedicated servers.

What is AutoSSL?

cPanel has recently added a feature for VPS and Dedicated server users called AutoSSL. This interface allows you to install domain-validated SSL certificates on domains setup in cPanel accounts. It also allows you the ability to view the log files and select the users that you can secure with AutoSSL. In this article, we'll show you how you can use AutoSSL in WHM.

The AutoSSL feature has the following limitations:

  • Certificates that cPanel, Inc. provides through AutoSSL can secure a maximum of 200 domains per certificate (Apache virtual host).
  • AutoSSL will only include domains and subdomains that pass a Domain Control Validation (DCV) test, which proves ownership of the domain.
  • AutoSSL does not secure wildcard domains.
  • If the corresponding www. domain does not pass a DCV test, AutoSSL will not attempt to secure that www. domain.
  • AutoSSL will not attempt to replace pre-existing certificates that it did not issue.

The AutoSSL feature includes:

  • AutoSSL includes corresponding www. domains for each domain and subdomain in the certificate, and those www. domains count towards any domain or rate limits. For example, if your domain is example.com, AutoSSL will automatically include www.example.com in the certificate.
  • Each AutoSSL provider may wait for a specific amount of time to replace an AutoSSL-provided certificate before it expires. For example: AutoSSL will attempt to renew certificates that cPanel, Inc. provides when they expire within 15 days.
  • Due to rate limits, AutoSSL prioritizes new certificates over the renewal of existing certificates.
  • AutoSSL will replace certificates with overly-weak security settings (for example, RSA modulus of 512-bit or less).
  • AutoSSL uses a sort algorithm to determine the priority of domains to secure if a virtual host contains more than the provider's limit of domain names

The users used by AutoSSL are the cPanel users created within your VPS or Dedicated server account. AutoSSL will check ALL domains within the user account unless you make an exception for them within the Manage Users option of AutoSSL.


How to Run AutoSSL for All Users


Before you begin, you will need to be logged into the Web Host Manager as a root user. The button labeled Run AutoSSL for All Users runs the module based on the options selected in the tabs below.

Warning before using AutoSSL to replace all SSL certificates

NOTE: If you want the AutoSSL option to replace invalid or expiring non-AutoSSL certificates, then click on the Options tab and click on Allow AutoSSL to replace invalid or expiring non-AutoSSL certificates. Make sure to read the warning. If you don't know if you should replace your EV/OV or DV certificate, then do not select this option until you have spoken with a knowledgeable Web developer, administrator, or support person.

  1. Verify the certificate provider

    Select the Certificate Provider (typically, the default certificate provider is Comodo, so you can skip this step)

  2. Manage Users for AutoSSL

    If necessary, click on the tab labeled Manage Users in order to disable AutoSSL for specific users. Make to click on Save button at the bottom of the screen if you have selected a user.

  3. Run SSL for all users

    Once you are sure of the users that you want to use AutoSSL with, click on the blue button labeled Run AutoSSL For All Users

  4. NGINX users only! If you are using NGINX you will need to rebuild the NGINX configuration after running AutoSSL buy running the following commands via SSH as root.

    ngxconf -u $user -rd
    service nginx restart
    service httpd restart

How to Run AutoSSL for Specific Users

  1. Verify the certificate provider

    Select the Certificate Provider (typically, the default certificate provider is Comodo, so you can skip this step)

  2. Manage Users for AutoSSL

    Click on the tab labeled Manage Users in order to select or disable AutoSSL for specific users. Make to click on Save button at the bottom of the screen if you make any changes. You can disable AutoSSL for all the users that you do not wish to use AutoSSL.

  3. Select Users

    Click on the blue button labeled Check "user" in order to apply an SSL from AutoSSL. Note that when you check it, it checks ALL of the domains for that particular user.

  4. NGINX users only! If you are using NGINX you will need to rebuild the NGINX configuration after running AutoSSL buy running the following commands via SSH as root.

    ngxconf -u $user -rd
    service nginx restart
    service httpd restart

Was this article helpful?
n/a Points
2018-08-20 5:28 am

Hello,

I have a issue with the AutoSSL function.  I have cpanel installed on a vps.  The vps and cpanel hostname is asd.domanin.com.  The account domain created in cpanle is domain.com and have active only the abc.domain.com subdomain. The domain.com is hosted on another vps.  When I run AutoSSL it give me error that all the next subdomains does not resolve to any IPv4 addresses on the internet: domain.com www.domain.com cpanel.domain.com webmail.domain.com mail.domain.com webdisk.domain.com But nothing about my active subdomain, abc.domain.com.How can Install ssl on this subdomain, if cpanle inly check for standard cpanel subdomains?Regards,

Andrei

Staff
3,017 Points
2018-08-21 10:36 am
Hello Andrei.
AutoSSL will check any domains/subdomains to properly pass Domain Control Validation. If you are using third party nameservers you need to make sure that the DNS will properly route the subdomains to the correct websites. If DCV fails then the Certificates will not be issued as cPanel is unable to validate the ownership of the domains/subdomains you are using.
n/a Points
2018-06-29 10:41 am

I have a question about auto SSL renewal & your advice to proceed further, I have a domain abcd.com

Currently, following host has SSL & it will expire in 5 day's.

 

abcd.com

cpanel.abcd.com

webdisk.abcd.com

webmail.abcd.com

www.abcd.com

 

Today I got a notification regarding SSL renewal.

 

++++++++++++++++++

abcd.com: AutoSSL would normally renew this certificate now, but 1 of the website’s secured domains just failed DCV. To provide you with more time to resolve this problem, AutoSSL will defer the renewal until Jul 2, 2018 at 12:00:00 AM UTC. After that time, AutoSSL will request a replacement certificate that excludes any domains that fail DCV. At the time of this notice, the certificate will expire in 5 days, 21 hours, and 17 seconds.

AutoSSL did not renew the certificate for “abcd.com”. You must take action to keep this site secure.

 

The “cPanel” AutoSSL provider could not renew the SSL certificate without a reduction of coverage because of the following problem:

 

webdisk.abcd.com (checked on Jun 29, 2018 at 2:59:38 AM UTC)

 

“webdisk.abcd.com” does not resolve to any IPv4 addresses on the internet.

 

For the most current status, navigate to the “SSL/TLS Status” interface. You can also exclude domains from future renewal attempts, which would cease future notifications.

 

To upgrade to an EV or OV certificate, navigate to the “SSL/TLS Wizard” interface.

++++++++++++++++++

 

The webdisk.abcd.com not pointing to the server, so My question is, it will affect the remaining domain from autorenewal

like

 

abcd.com

cpanel.abcd.com

webmail.abcd.com

www.abcd.com

 

or only it affect for webdisk.abcd.com ?, Non resolving subdomain blocks the autorenewal process of remaining domains ?

 

Please let me know regarding auto SSL update process. 

Staff
3,017 Points
2018-06-29 1:17 pm
"After that time, AutoSSL will request a replacement certificate that excludes any domains that fail DCV."

To clarify, this means that the failure of the subdomain would not affect the main domain. Although, it is causing a delay the next time it is checked for renewal it will proceed to renew certificates except for that subdomain (if at that time it still does not pass DCV). I hope this helps!

Sincerely,
Carlos D
n/a Points
2018-04-09 5:15 am

Does this autossl can be renewel by cpanel users instead from whm ? 

 

Staff
31,313 Points
2018-04-09 9:06 am
Once AutoSSL is enabled, it will auto-renew the certificate by default. But, it must be enabled via WHM.
Thank you,
John-Paul
n/a Points
2018-04-03 11:30 pm

I have several domains on my vps account. Can I add SSL for some accounts, but not others?

Staff
42,337 Points
2018-04-04 10:10 am
Thanks for your question about the SSL certificates. If you want to specify the free SSL on your VPS, yes you can do that through the Manage SSL interface. There you can enable or disable the free SSL per user. You can also purchase SSL certificates as they are domain specific. Then you can turn off the free SSL option, then the only sites secured with SSLs would be the ones that have purchased them.

n/a Points
2018-03-31 10:03 am
Does this auto install SSL for all cpanel users or must they do it manually?
Staff
10,765 Points
2018-04-02 9:23 am
Yes, this is meant to automatically isntall SSL for the cPanel users you select in WHM. If you have any trouble in initiating the Auto SSL, feel free to contact our live support team.
n/a Points
2018-03-19 5:09 pm

My WHM looks quite different. Where do I find "Run AutoSSL for All Users"?

Staff
3,017 Points
2018-03-19 5:15 pm
You must have root access to log into WHM to maintain the AutoSSL feature. If you are not seeing this option, you should speak with your systems administrator to determine why it is not appearing.

If you are logged into WHM as root, you will see the "Manage AutoSSL" option. That is where the "Run AutoSSL For All Users" button is located, as outlined by our guide.
n/a Points
2018-01-22 3:05 am

I have a VPS with 2 domains, one has already got an SSL from comodo if I select "Allow AutoSSL to replace invalid or expiring non-AutoSSL certificates." will it replace this certificate? (It still has 2 years before expiry)

I want be able to auto renew on the other domain (without an existing SSL cert)

Staff
10,765 Points
2018-01-22 12:27 pm
It is meant to automatically install and renew, yes, but I advise checking with our Live Support for help setting it up to make sure you don't have a lapse between the outgoing SSL and the Auto SSL.
n/a Points
2018-01-05 10:22 am

I have accounts on my WHM that have multiple domains (ex: example.com, example.org, example.net or myexample.com, examplesite.com, someotherdomain.com) in their cPanel.

The primary domain manages to get the auto SSL cert, however the others do not. How do I get auto SSL for all the domains in their website?

 

Staff
3,017 Points
2018-01-05 2:05 pm
All domains under the user should be checked for Domain Control Validation. If the domain is not registered or is not pointed properly, then the errors would report a failure during this check. I recommend checking the logs in AutoSSL.
n/a Points
2017-11-27 11:03 am

I have two vps with whm for the same domain one for web and one for mail and in the second server cant use auto SSL

ADVERTENCIA The domain “domain.cl” failed domain control validation: The system queried for a temporary file at “http://domain.cl/.well-known/pki-validation/4EA9DE45DB6FC4D860FE68C65598E448.txt”, but the web server responded with the following error: 404 (Not Found). A DNS (Domain Name System) or web server misconfiguration may exist. The domain “domain.cl” resolved to an IP address “xx.xx.xx.xx” that does not exist on this server.

Staff
1,173 Points
2017-11-27 2:09 pm
Hello,

Auto SSL requires the domain to be pointed to the IP of the server. If you wanted to use AutoSSL on the secondary server that is only running the mail you would need to run it on the main server and manually copy over the certificates as needed.

Best Regards,
Kyle M
n/a Points
2017-11-03 8:14 pm

Hello I have a dedicated server where i have more then 600 a/c. Does this SSL free for all 600 a/c. or is their any limitation??

13,821 Points
2017-11-06 7:19 am
There is no limitation on the FREE SSL.
n/a Points
2017-10-10 6:33 am

Does auto SSL is considered self-signed? Will it show red mark not secure on browser?

13,821 Points
2017-10-10 7:04 am
Great question! Auto SSL certificates are not considering self-signed. They will display correctly.
n/a Points
2017-07-14 12:10 pm

What is the specification of this SSL? 

Staff
42,337 Points
2017-07-14 1:27 pm
Hello Alan,

The information for the SSL is in the article above. If you require more information, please indicate what you mean by "specification". It is a domain-validated certificate.

If you have any further questions or comments, please let us know.

Regards,
Arnel C.
n/a Points
2017-06-14 5:10 pm

Once you've changed your settings to enable AutoSSL how long does it typically take for the provider to issue the certificate?

Staff
42,337 Points
2017-06-15 7:08 am
Hello Travis,

It should not take longer than 24 hours. If you're seeing it take longer, then please contact your host technical support.

If you have any further questions, please let us know.

Kindest regards,
Arnel C.

Post a Comment

Name:
Email Address:
Phone Number:
Comment:
Submit

Please note: Your name and comment will be displayed, but we will not show your email address.

28 Questions & Comments

Post a comment

Back to first comment | top

Need more Help?

Search

Ask the Community!

Get help with your questions from our community of like-minded hosting users and InMotion Hosting Staff.

Current Customers

Chat: Click to Chat Now E-mail: support@InMotionHosting.com
Call: 888-321-HOST (4678) Ticket: Submit a Support Ticket

Not a Customer?

Get web hosting from a company that is here to help. Sign up today!