Difference between revisions of "SSL Monitoring"
From WHMCS Documentation
m (→Client Area) |
James.white (talk | contribs) |
||
| (20 intermediate revisions by 6 users not shown) | |||
| Line 1: | Line 1: | ||
| − | SSL | + | SSL monitoring makes it easy to see which domains have SSL. It also makes it easy to spot issues with validation sooner and know ahead of time when SSL certificates are approaching their expiry dates. |
| − | + | The system cron updates the SSL status in batches of 100 every 24 hours. If the system has not cached a domain's SSL status within 24 hours, the system will check the SSL status in real time. | |
| + | |||
| + | * An icon indicates the status for each certificate (see below). | ||
| + | * Hovering over the icon will provide additional information via a tooltip. | ||
==Where is the Status Shown?== | ==Where is the Status Shown?== | ||
===Admin Area=== | ===Admin Area=== | ||
| + | |||
[[File:admin_area_display.png|thumb|SSL Status Admin Area]] | [[File:admin_area_display.png|thumb|SSL Status Admin Area]] | ||
| − | In the | + | |
| + | In the [[Admin Area]], you can find the icon displaying the SSL status for a domain in the '''[[Clients:Products/Services Tab|Products/Services]]''' tab in the client's profile. This appears in the top right corner next to the '''[[Products_Management#Moving_a_Product.2FService_to_another_Client|Move Product/Service]]''' button. | ||
| + | |||
| + | The '''Ssl Certificate Monitoring''' report monitors and reviews the status of SSL across all domains within your WHMCS installation. You can access this report in the '''General''' section at '''Reports > [[Reports]]'''. | ||
===Client Area=== | ===Client Area=== | ||
| + | |||
[[File:client_area_list_display.png|thumb|SSL Status Client Area List]] | [[File:client_area_list_display.png|thumb|SSL Status Client Area List]] | ||
| − | |||
| − | + | The Client Area displays SSL status in the client service and domains lists and in the service and domain details pages. In the client service and domains lists, you can find the status in the table. | |
| − | + | ||
[[File:client_area_display.png|thumb|SSL Status Client Area]] | [[File:client_area_display.png|thumb|SSL Status Client Area]] | ||
| − | + | ||
| + | On the products details page, you can view the status in the '''Domains''' tab. This lists the SSL status as part of the standard domain information. It also contains information about the domain's SSL certificate, including the issuer and start and expiry date, if they are available. | ||
| + | |||
| + | <div class="clearfix"></div> | ||
| + | <div class="docs-alert-info"> | ||
| + | <span class="title">Note:</span><br/> | ||
| + | The status will not display for products that have the '''[[Products_and_Services#Products|Product Type]]''' set to ''Other''. | ||
| + | </div> | ||
==What are the Icons?== | ==What are the Icons?== | ||
| − | There are four icons that display the SSL information | + | There are four icons that display the SSL information: |
| − | [[File: | + | |
| − | [[File:ssl-inactive-domain.png]] | + | [[File:Ssl-active-green.png]] — A green padlock indicates that the selected domain has an active and valid SSL certificate. |
| − | [[File: | + | |
| − | [[File:ssl-unknown.png]] - | + | [[File:ssl-inactive-domain.png]] — A grey padlock with a negative sign indicates that the domain is inactive. These are services and domains that are in a ''Terminated'', ''Expired'', or ''Cancelled'' status. |
| + | |||
| + | [[File:Ssl-inactive-red.png]] — A red padlock indicates that the selected domain does not have an active or valid SSL certificate. | ||
| + | |||
| + | [[File:ssl-unknown.png]] — A grey padlock with a question mark indicates that the state of SSL for a domain cannot be verified with any certainty. | ||
| + | |||
| + | ==Troubleshooting== | ||
| + | |||
| + | ===Technical Details=== | ||
| + | |||
| + | When loading the SSL status, the system makes a cURL call from the WHMCS server to <tt><nowiki>https://$example.com</nowiki></tt>, where <tt><nowiki>$example.com</nowiki></tt> is the contents of the service's '''Domain''' field, with the <tt>ssl_verify_peer</tt> option enabled. | ||
| + | |||
| + | * If the system does not receive a response, the grey '''?''' padlock icon displays. | ||
| + | * If the system receives a cURL error, the red padlock icon displays. This indicates that cURL could not [https://curl.haxx.se/docs/sslcerts.html validate the certificate]. | ||
| + | * If the system does not receive a cURL error, the test succeeded and the yellow padlock icon displays. | ||
| + | |||
| + | If the system detects any unsupported cURL versions, they will display at '''Configuration (<i class="fa fa-wrench" aria-hidden="true"></i>) > [[System Health Status]]''' or, prior to WHMCS 8.0, '''Help > System Health Status'''. | ||
| + | |||
| + | ===Testing=== | ||
| + | |||
| + | To test this: | ||
| + | |||
| + | # Connect to the command line of your WHMCS server and run the following command, replacing <tt><nowiki>$example.com</nowiki></tt> with the value from the '''Domain''' field in WHMCS:<div class="source-cli"><nowiki>curl --max-time 10 -v https://$example.com</nowiki></div> | ||
| + | # Look for an error code at the end of the output. For example: <div class="source-cli"><nowiki>[root@example ~]# curl -v https://v75.test.whmcs.rocks</nowiki><br/><nowiki>About to connect() to v75.test.whmcs.rocks port 443 (#0)</nowiki><br/><nowiki>Trying 104.20.20.8... connected</nowiki><br/><nowiki>Connected to v75.test.whmcs.rocks (104.20.20.8) port 443 (#0)</nowiki><br/><nowiki>Initializing NSS with certpath: sql:/etc/pki/nssdb</nowiki><br/><nowiki>CAfile: /etc/pki/tls/certs/ca-bundle.crt</nowiki><br/><nowiki>CApath: none</nowiki><br/><nowiki>SSL: certificate subject name '*.whmcs.com' does not match target host name 'v75.test.whmcs.rocks'</nowiki><br/><nowiki>NSS error -12276</nowiki><br/><nowiki>Closing connection #0</nowiki><br/><nowiki>curl: (51) SSL: certificate subject name '*.whmcs.com' does not match target host name 'v75.test.whmcs.rocks'</nowiki></div>This example returns a '''51''' error code. | ||
| + | |||
| + | Work with your system administrator or hosting provider to resolve the cURL connection error between the WHMCS server and the hosting server. | ||
Latest revision as of 13:54, 20 December 2023
SSL monitoring makes it easy to see which domains have SSL. It also makes it easy to spot issues with validation sooner and know ahead of time when SSL certificates are approaching their expiry dates.
The system cron updates the SSL status in batches of 100 every 24 hours. If the system has not cached a domain's SSL status within 24 hours, the system will check the SSL status in real time.
- An icon indicates the status for each certificate (see below).
- Hovering over the icon will provide additional information via a tooltip.
Contents
Where is the Status Shown?
Admin Area
In the Admin Area, you can find the icon displaying the SSL status for a domain in the Products/Services tab in the client's profile. This appears in the top right corner next to the Move Product/Service button.
The Ssl Certificate Monitoring report monitors and reviews the status of SSL across all domains within your WHMCS installation. You can access this report in the General section at Reports > Reports.
Client Area
The Client Area displays SSL status in the client service and domains lists and in the service and domain details pages. In the client service and domains lists, you can find the status in the table.
On the products details page, you can view the status in the Domains tab. This lists the SSL status as part of the standard domain information. It also contains information about the domain's SSL certificate, including the issuer and start and expiry date, if they are available.
Note:
The status will not display for products that have the Product Type set to Other.
What are the Icons?
There are four icons that display the SSL information:
— A green padlock indicates that the selected domain has an active and valid SSL certificate.
— A grey padlock with a negative sign indicates that the domain is inactive. These are services and domains that are in a Terminated, Expired, or Cancelled status.
— A red padlock indicates that the selected domain does not have an active or valid SSL certificate.
— A grey padlock with a question mark indicates that the state of SSL for a domain cannot be verified with any certainty.
Troubleshooting
Technical Details
When loading the SSL status, the system makes a cURL call from the WHMCS server to https://$example.com, where $example.com is the contents of the service's Domain field, with the ssl_verify_peer option enabled.
- If the system does not receive a response, the grey ? padlock icon displays.
- If the system receives a cURL error, the red padlock icon displays. This indicates that cURL could not validate the certificate.
- If the system does not receive a cURL error, the test succeeded and the yellow padlock icon displays.
If the system detects any unsupported cURL versions, they will display at Configuration () > System Health Status or, prior to WHMCS 8.0, Help > System Health Status.
Testing
To test this:
- Connect to the command line of your WHMCS server and run the following command, replacing $example.com with the value from the Domain field in WHMCS:curl --max-time 10 -v https://$example.com
- Look for an error code at the end of the output. For example: [root@example ~]# curl -v https://v75.test.whmcs.rocksThis example returns a 51 error code.
About to connect() to v75.test.whmcs.rocks port 443 (#0)
Trying 104.20.20.8... connected
Connected to v75.test.whmcs.rocks (104.20.20.8) port 443 (#0)
Initializing NSS with certpath: sql:/etc/pki/nssdb
CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
SSL: certificate subject name '*.whmcs.com' does not match target host name 'v75.test.whmcs.rocks'
NSS error -12276
Closing connection #0
curl: (51) SSL: certificate subject name '*.whmcs.com' does not match target host name 'v75.test.whmcs.rocks'
Work with your system administrator or hosting provider to resolve the cURL connection error between the WHMCS server and the hosting server.