Revision as of 19:34, 18 February 2019

SSL Monitoring allows an admin or client to see the SSL status of a domain in real time when viewing a domain or service in WHMCS. The display will either be an icon only, or the icon with a text description. For the icon only display, hovering over the icon will provide the available information on the SSL status.

For products that do not have a domain, or contain data in the domain field that is not formatted as a domain, no check will occur.

Where is the Status Shown?

Admin Area

SSL Status Admin Area

In the admin area, the icon displaying the status of SSL on the domain can be found on the service and domain details page, in the top right of the display next to the move button.

Client Area

SSL Status Client Area List

The client area displays the status on the client service and domains lists, and on the service and domain details pages. On the lists, a new column has been added to the table with the list containing the status, with the status retrieved by and ajax call and updated.

SSL Status Client Area

On the products details page, the status can be see on the 'domain' tab. The domain details page lists the ssl status as part of the standard domain information. In the client area, the details pages will contain information about the SSL issued to the domain. This includes the issuer and expiry date of the issued SSL.

What are the Icons?

There are four icons that display the SSL information.

 - A green padlock indicates that the selected domain has an active and valid SSL Certificate.

 - A grey padlock with a negative sign is displayed for domains that are not considered active. These are services and domains that are in a Terminated, Expired or Cancelled status.
 
 - A red padlock indicates that the selected domain does not have an active or valid SSL Certificate.

 - A grey padlock with a question mark indicates that the state of SSL for a domain cannot be verified with any certainty.

Troubleshooting

Technical Details

1. Upon loading the page, a cURL call is made from the WHMCS server to https://$domain.com with the ssl_verify_peer option enabled
   • Where $domain.com is the contents of the service's Domain field
2. If no response is received, the "?" padlock icon is displayed
3. If a cURL error is received, then the red padlock icon is displayed
   • This indicates cURL was unable to validate the certificate
4. If no cURL error is received, the test was successful and the yellow padlock icon is displayed

Testing

• Connect to the command-line of your WHMCS server and run:

curl -v https://$yourdomain.com

• • Replace $yourdomain.com with the value from the Domain field in WHMCS. 
• Look for an error code at the end of the output. An example is shown below:

[root@john ~]# curl -v https://v75.test.whmcs.rocks
* About to connect() to v75.test.whmcs.rocks port 443 (#0)
*   Trying 104.20.20.8... connected
* Connected to v75.test.whmcs.rocks (104.20.20.8) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSL: certificate subject name '*.whmcs.com' does not match target host name 'v75.test.whmcs.rocks'
* NSS error -12276
* Closing connection #0
curl: (51) SSL: certificate subject name '*.whmcs.com' does not match target host name 'v75.test.whmcs.rocks'

• In this example a 51 error code is returned
• Please work with your server admin/hosting provider to resolve the cURL connection error between the WHMCS server and the hosting server.