For cPanel & WHM 68

This page was last updated on:  

Upgrade blockers

LiteSpeed update required to maintain SSL functionality

If LiteSpeed exists on your server, you must upgrade to LiteSpeed version 5.2.1 build 2 or later before you upgrade to cPanel & WHM version 68. Otherwise, websites will not provide the entire certificate chain and browsers may display an SSL error. For more information about how to upgrade LiteSpeed, read LiteSpeed's cPanel Plugin documentation. View the /usr/local/lsws/autoupdate/build file to verify your LiteSpeed version information.

If your server does not contain the /usr/local/lsws/ directory, LiteSpeed likely does not exist on your server.

The ea-apache24-config-runtime package

You must upgrade the ea-apache24-config-runtime package to version 1.0-113 or later.

New features

New access privileges

In cPanel & WHM version 68, we added the following access privileges to WHM's  Edit Reseller Nameservers and Privileges interface (WHM >> Home >> Resellers >> Edit Reseller and Nameserver Privileges):

For more information about these new ACL privileges, read the following documentation:

Default access privileges

As of cPanel & WHM version 68, the system assigns the following access privileges to newly-created reseller accounts by default:

You cannot assign or unassign these access privileges.

For more information, read our Edit Reseller Nameservers and Privileges documentation.

The  /usr/local/cpanel/scripts/fix_reseller_acls script

In cPanel & WHM version 68, we added the /usr/local/cpanel/scripts/fix_reseller_acls script. The system executes this script when it upgrades your server to cPanel & WHM version 68. This script assigns the access privileges that we added in cPanel & WHM version 68 to existing reseller accounts.

Support for Virtuozzo 7 

In cPanel & WHM version 68, we added support for Virtuozzo 7. For more information about Virtuozzo, read their documentation.

Large Amount of Outbound Email Detected notification

In cPanel & WHM version 68, we added the Large Amount of Outbound Email Detected notification to WHM's Contact Manager interface (WHM >> Home >> Server Contacts >> Contract Manager). The system counts every user's outbound messages every 15 minutes. It will send a notification when a mail user exceeds the preconfigured threshold of 500 unique outbound messages over the previous hour (excluding mailing lists). This will help the administrator detect potential spammers or compromised accounts.

  • This notification defaults to disabled on existing systems and enabled for new installations.
  • We do not currently offer the option to configure the threshold.

New notification templates

In cPanel & WHM version 68, we added notifications to WHM's  Contact Manager interface (WHM >> Home >> Server Contacts >> Contact Manager):

For the full list of available alerts, read our Contact Manager  and Notification Templates  documentation.

SSL and AutoSSL certificate renewal, expiry, failure, and success notifications

In cPanel & WHM version 68, by default, the system automatically sends users notifications about the status of SSL and AutoSSL certificates. These notifications include useful information and URLs users can access to correct a problem. You can enable or disable the following notifications:

In WHM's Contact Manager  interface (WHM >> Home >> Server Contacts >> Contact Manager):

In cPanel's Contact Information  interface (cPanel >> Home >> Preferences >> Contact Information):

AutoSSL certificate error status

In cPanel & WHM version 68, we added messages about each domain's AutoSSL status, if such information exists, to cPanel's  SSL/TLS Status  interface (cPanel >> Home >> Security >> SSL/TLS Status). For example, these messages include information about pending orders, validation problems, or changes to the domains on a certificate for certificate renewal. Users can view the inline information message next to each domain in this interface.

phpMyAdmin performance setting

In cPanel & WHM version 68, we added the Enable phpMyAdmin information schema searches setting to the Software section of WHM's Tweak Settings interface (WHM >> Home  >> Server Configuration >> Tweak Settings). If you disable this setting, the system disables information schema searches by phpMyAdmin in MySQL. This may improve phpMyAdmin performance.

EasyApache 4 and http2

EasyApache 4 now supports  mod_http2

New individual file restoration from a backup

cPanel & WHM version 68 provides backup restoration for individual files.

For these restoration features to work appropriately in cPanel & WHM, system administrators must enable account file backups through WHM's  Backup Configuration interface (WHM >> Home >> Backup >> Backup Configuration).


  • We strongly recommend that you use unique filepaths when you store multiple-server backup files in a shared filesystem. This action prevents backup file conflicts.
  • When you terminate an account, you must remove the account's backup files manually or move the backups to another server. This action prevents an account collision if you add a new account with a previous account's username.

Public Contact information

In cPanel & WHM version 68, resellers now control their company's public contact information. A user who contacts cPanel & WHM Customer Service or Technical Support will see the reseller's custom contact information instead of one of the resellers' provider's information. We strongly recommend that resellers use this feature to protect their brand. For more information about how to enter your default public contact information, read our Customization documentation.

  • All of the information that you provide in this tab will be publicly available.
  • We strongly recommend that server owners provide this contact information, otherwise, customers may discover the hosting provider's contact information. This could negatively affect the server owner’s brand.
  • This interface will not reveal the company name that you enter in the Customize Branding tab to the public.


  • If you own your own account, the domain that the server owner used to create your account presents your contact information.
  • If you do not own your own account, the domain presents the server owner's information instead.
  • In future versions, we plan to add this contact information to the Account Suspended and Default Webpage pages, and anywhere a user searches for their hosting provider's contact information.

Set SSL/TLS via the command line

In cPanel & WHM version 68, we added the /usr/local/cpanel/bin/set-tls-settings script. This script allows you to set your SSL and TLS cipher suites, and your SSL and TLS protocols via the command line. For more information, read our The set-tls-settings Script documentation.

Updated features

Updated cPanel icons

cPanel & WHM version 66 replaces the cPanel interface's feature icons with new .svg icons.

For a complete list of icons and their filenames, read our Guide to cPanel Interface Customization - Appkeys documentation.

WHM plugin interfaces in PHP

WHM plugin developers can now use PHP to render the WHM interface's chrome. 

Renamed privileges

In cPanel & WHM version 68, we renamed the following privileges:

Old nameNew name
CreateCreate Account
TerminateTerminate Account
(Un)SuspendSuspend/Unsuspend
Upgrade/DowngradeUpgrade/Downgrade Accounts
SSL Certificate PurchasePurchase SSL Certificates
SSL CSR/CRTSSL/CSR Certificate Generator
AddAdd DNS Zones
RemoveRemove DNS Zones
EditEdit DNS Zones
ParkPark DNS Zones
Allow the reseller to use all global packages (global packages are any packages without a "_" in them)Use Root Packages
Allow Creation of Packages with Addon Domains Create Packages with Addon Domains
Allow Creation of Packages with Parked DomainsCreate Packages with Parked  Domains
Allow Creation of Packages with a Dedicated IP  Create Packages with a Dedicated IP Address
Allow Creation of Packages with Shell AccessCreate packages with Shell Access
Allow Creation of Packages with Unlimited Features (ie. unlimited pop accounts)  Create Packages with Unlimited Features
Allow Creation of Packages with non-default Email LimitsCreate Packages with Custom Email Limits 
Allow Creation of Packages with Unlimited DiskspaceCreate Packages with Unlimited Disk Usage
Allow Creation of Packages with Unlimited BandwidthCreate Packages with Unlimited Bandwidth
Prevent Accounts from being created with shell accessForbid Account Creation with Shell Access
Allow modification of existing locales and creation of new localesModify & Create Locales

For more information about these renamed ACL privileges, read our Edit Reseller Nameservers and Privileges documentation.

Locales interface restriction

As of cPanel & WHM version 68, resellers must possess the Modify and Create Locales access privilege in order to access WHM's  View Available Locales  interface (WHM >> Home >> Locales >> View Available Locales). 

Limit API tokens to specific privileges

As of cPanel & WHM version 68, you can perform the following actions in WHM's  Manage API Tokens  interface (WHM >> Home  >> Development >> Manage API Tokens):

Additionally, users who create API tokens on cPanel DNSONLY systems can assign the following access privileges to the API token:

For more information, read our cPanel DNSONLY documentation.

Improved package extensions management through API

In cPanel & WHM version 68, we added the add_package_extension and delete_package_extension WHM API 1 functions to better manage extensions on packages. We also deprecated the _PACKAGE_EXTENSIONS parameters from the addpkg and modifypkg WHM API 1 functions.

We strongly recommend that you modify any scripts that create or manage package extensions to call these new WHM API 1 functions.

If you need to edit a package extension setting, use WHM API 1's addpkgext function with the same package extension name and desired settings.

EasyApache displays php (DSO) properly

In EasyApache 4, the interface now displays php (DSO) instead of php in the list of Apache packages under each version of PHP.

upcp script's preflight check of RPM database

In cPanel & WHM version 68, if the system cannot install an RPM and detects a corrupted RPM database, it does not run the upcp script.

Added zlib.output_compression setting to MultiPHP INI Editor

In cPanel & WHM version 68, we added the zlib.output_compression setting to cPanel's MultiPHP INI Editor  interface (cPanel >> Home >> Software >> MultiPHP INI Editor) and WHM's  MultiPHP INI Editor  interface (WHM >> Home  >> Software >> MultiPHP INI Editor). This setting allows the server to transparently compress pages if the browser sends an Accept-Encoding: gzip or deflate header.

This setting defaults to Disabled.

PHP compression note on cPanel's Optimize Website interface

In cPanel & WHM version 68, we added a note to cPanel's Optimize Website  interface (cPanel >> Home >> Software >> Optimize Website) which indicates that you can enable PHP compression in the cPanel's  MultiPHP INI Editor interface (cPanel >> Home >> Software >> MultiPHP INI Editor). If the system administrator has disabled the MultiPHP INI Editor feature for the account, the note will advise that the user should contact their system administrator.

EasyApache 4 interface

We made several updates to WHM's  EasyApache 4  interface (WHM >> Home >> Software >> EasyApache 4). 

WHM's MultiPHP INI Editor

cPanel's MultiPHP INI Editor

Authentication update for Amazon S3 version 4

We updated our Amazon S3™ module in cPanel & WHM version 68. The new module uses Amazon S3 version 4 authentication, which supports all S3 locations. 

EasyApache 4 RPM update

In cPanel & WHM version 68, we modified the /usr/local/cpanel/scripts/sysup script to automatically update the EasyApache 4 RPMs. This ensures that older RPMs do not break rebuilds of the httpd.conf file.

This update occurs regardless of your local configuration. The following settings will not prevent an automatic update:

  • The RPMUP variable set to never in the /etc/cpupdate.conf file.
  • The Operating System Package set to Never Update in WHM's Update Preferences interface (WHM >> Home >> Server Configuration >> Update Preferences).

TLS changes

In cPanel & WHM version 68, the system enables Transport Layer Security (TLS) protocol version 1.2 on new installations of cPanel & WHM. 

We only support applications that use TLSv1.2, such as IMAP, POP, FTP, and SMTP. However, you can use TLSv1.1 or TLSv1.2 to manage your Pure-FTPd server.

Additionally, the OpenSSL cipher settings now default to Mozilla's modern cipher suite settings, which pass PCI compliance scans:

ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256

You must reset your current systems' configuration settings and security protocol settings in order to apply the new default settings.

When you upgrade your system from cPanel & WHM version 66 to cPanel & WHM version 68, your system's cipher suite settings and security protocol settings will not change.

For more information, read the following documentation:

PureFTPd and ProFTPd restart failure and configuration file

In cPanel & WHM version 68, we improved how we interact with Pure-FTPd and ProFTPD. The system rebuilds the FTP configuration file (either the /etc/pure-ftpd.conf or the /etc/proftpd.conf file) if an FTP service fails to restart. The system replaces Pure-FTPd's or ProFTPD's configuration file with cPanel's default configuration file if any of the following circumstances exist:

SSL storage modification

In cPanel & WHM version 68, we redesigned the datastore for Apache’s SSL certificates and converted the database to SQLite. The new system dramatically increases the speed of SSL management and Apache-restart-times on servers that host large numbers of SSL certificates.

This update could potentially break the following two operations:

  1. Custom Apache virtual host templates no longer receive the  vhost.sslcertificatekeyfile  variable or the  vhost.sslcertificatefile  variable. Instead, custom templates load all resources via the  vhost.sslcertificatefile  variable.
  2. The contents of a virtual host’s YAML file in the  /var/cpanel/userdata/  directory no longer determine the location of a virtual host’s SSL certificate. The system ignores any custom SSL path values in these files.

Custom SSL template configuration

In cPanel & WHM version 68, we disable any .local file templates that are incompatible with the new SSL certificate-loading logic. We rename these files during the upgrade.

  • We strongly recommend that you back up any .local template customizations before you upgrade to cPanel & WHM version 68. 
  • If you use the /var/cpanel/templates/apache2_4/ssl_vhost.local file to override the default SSL configuration template, you must merge the changes back into the /var/cpanel/templates/apache2_4/ssl_vhost.local file after you upgrade. If you do not merge the changes, you will lose all of your customizations.
  • For more information, read our Custom Templates documentation.

Deprecated and removed items

Removed RPM targets

cPanel & WHM version 68 removes the MySQL50 and MySQL51 targets from the rpm.versions system. We removed support for MySQL versions 5.0 and 5.1 in cPanel & WHM version 60.

The upgrade process from cPanel & WHM version 60 to cPanel & WHM version 62 requires MySQL version 5.5 or higher. For this reason, this removal should not impact most servers. For more information, read our Upgrade Blockers documentation. 

Removed privileges

In cPanel & WHM version 68, we removed the Demo and Any ACLs from WHM's Edit Reseller Nameservers and Privileges interface (WHM >> Home  >> Resellers >> Edit Reseller and Nameserver Privileges).

Removed cPanel Feature Spotlight

In cPanel & WHM version 68, we removed the cPanel interface's feature spotlight and the associated cPanel Spotlight feature in WHM's  Feature Manager  interface (WHM >> Home >> Packages >> Feature Manager).

Removed WHM API 1 function

In cPanel & WHM version 68, we removed the WHM API 1  getlongtermsupport  function.

Removed cgiemail and cgiecho

cPanel & WHM version 68 removes cgiemail and cgiecho. For more infromation, read our Removal of cgiemail and cgiecho documentation. 

Deprecated hardened-kernel update

In cPanel & WHM version 68, we deprecated the cPanel-provided hardened-kernel update. We strongly recommend that you use the KernelCare "Extra" Patchset from CloudLinux™. For more information about this update, contact CloudLinux.

Removed Recently Uploaded CGI Script Mail notification

In cPanel & WHM version 68, we removed the Recently Uploaded CGI Script Mail notification option from WHM's Contact Manager  interface (WHM >> Home >> Server Contacts >> Contact Manager). To better counteract the abilities of email spammers, we replaced the legacy system with the new outbound email tracking system. To monitor potential spammers, you must now use the Large Amount of Outbound Email Detected and Maximum Hourly Emails Exceeded notifications instead. We strongly  recommend that you enable both of these settings.

Appendix A: Third-party applications

cPanel-provided

cPanel & WHM version 68 includes the following third-party applications:

PHP Modules

Perl modules

OS-provided

cPanel & WHM uses the following operating system-provided third-party applications:

Appendix B: New and modified API functions

New UAPI functions

New WHM API 1 functions

Modified UAPI functions

Modified cPanel API 2 functions

Modified WHM API 1 functions

Modified WHM API 0 functions