(Home >> SSL/TLS >> Manage AutoSSL)
This interface allows you to manage the AutoSSL feature, which automatically installs domain-validated SSL certificates on users' domains for the Apache and Dovecot services. It also allows you to review the feature's log files and select which users to secure with AutoSSL.
|
The AutoSSL feature includes the following limitations and conditions:
Each AutoSSL provider may have a specific domain rate limit. For example:
Certificates that cPanel, Inc. provides through AutoSSL can secure a maximum of 200 domains per virtual host.
Certificates that Let's Encrypt™ provides can secure a maximum of 100 domains per virtual host.
AutoSSL will only include domains and subdomains that pass a Domain Control Validation (DCV) test, which proves ownership of the domain.
www.
domains for each domain and subdomain in the certificate, and those www.
domains count towards any domain or rate limits.For example, if your domain is example.com
, AutoSSL will automatically include www.example.com
in the certificate.
www.
domain does not pass a DCV test, AutoSSL will not attempt to secure that www.
domain.This affects Let's Encrypt's limit of 20 certificates per week that may contain a domain or its subdomains.
Whether the domains are currently secured.
Shortest domain name length.
Domain name alphabetical order.
For example, the following table demonstrates these limitations for the cPanel AutoSSL provider:
Virtual Host 1 | Virtual Host 2 | Result |
---|---|---|
200 domains | AutoSSL will generate one certificate for the account which secures all 200 domains. | |
202 domains | AutoSSL will generate one certificate for the account which secures the 200 domains with the shortest names. | |
100 domains | 100 domains | AutoSSL will generate a certificate for each virtual host that secures all of its domains. |
100 domains | 102 domains | AutoSSL will generate a certificate for each virtual host that secures all of its domains. |
100 domains | 202 domains | AutoSSL will generate two certificates:
|
To select an AutoSSL provider, perform the following steps:
Select the desired AutoSSL provider.
Select disabled to disable this feature.
If the provider updates their Terms of Service, you may need to return to this interface to agree to them. |
Users must use a package that includes the autossl
feature to receive the free certificates. For more information about feature lists, read our Feature Manager documentation.
To override the feature settings and control whether AutoSSL is enabled for a user or users, perform the following steps:
|
Click Run AutoSSL for all users at the top of the interface to run the AutoSSL feature for all users with the feature enabled.
To run the AutoSSL feature for a single user, click the user's Check button in the Run AutoSSL Check column of the table.
To review AutoSSL log files, perform the following steps:
The system stores the log files in both text and JSON format in the /var/cpanel/logs/autossl
directory.
We do not support the revocation of certificates through cPanel & WHM at this time.
Let's Encrypt will only issue a certificate five times per week to a specific set of domains before it blocks any further certificates for that set of domains.
To work around this rate limitation, create an alias to a domain in the virtual host list (website) so that Let's Encrypt interprets the virtual host as a new set of domains.
That version of cPanel & WHM does not support deferred Apache and Dovecot configuration restarts, which results in unacceptable downtime and a poor customer experience. As such, we will not make the plugin available for version 56.