Difference between revisions of "SSL Monitoring"

From WHMCS Documentation

 
(10 intermediate revisions by 4 users not shown)
Line 1: Line 1:
SSL Monitoring makes it easy to see which domains have SSL and which do not.
+
SSL monitoring makes it easy to see which domains have SSL. It also makes it easy to spot issues with validation sooner and know ahead of time when SSL certificates are approaching their expiry dates.
  
It also makes it easy to spot issues with validation sooner, and know ahead of time when SSL Certificates are approaching their expiry dates. It's the perfect way to keep on top of your own SSL certificates, and be in a position to help your customers with their renewals.  
+
The system cron updates the SSL status in batches of 100 every 24 hours. If the system has not cached a domain's SSL status within 24 hours, the system will check the SSL status in real time.
  
For both client end users and admin users, SSL status is displayed in real-time when viewing a product/service within WHMCS. The status is indicated by an icon. An explanation of the different icons you might see is available below. Hovering over the icon will provide any additional information that is available via a tooltip.
+
* An icon indicates the status for each certificate (see below).  
 +
* Hovering over the icon will provide additional information via a tooltip.
  
 
==Where is the Status Shown?==
 
==Where is the Status Shown?==
  
 
===Admin Area===
 
===Admin Area===
 +
 
[[File:admin_area_display.png|thumb|SSL Status Admin Area]]
 
[[File:admin_area_display.png|thumb|SSL Status Admin Area]]
In the admin area, the icon displaying the status of SSL on the domain can be found on the service and domain details page, in the top right of the display next to the [[Products_Management#Moving_a_Product.2FService_to_another_Client|move]] button.
 
  
There is also a new SSL Status report which can be used to monitor and review the status of SSL across all the domains within your WHMCS installation. This new report can be accessed by navigating to ''Reports > General > SSL Status Monitoring'' within the WHMCS admin area.
+
In the [[Admin Area]], you can find the icon displaying the SSL status for a domain in the '''[[Clients:Products/Services Tab|Products/Services]]''' tab in the client's profile. This appears in the top right corner next to the '''[[Products_Management#Moving_a_Product.2FService_to_another_Client|Move Product/Service]]''' button.
  
 +
The '''Ssl Certificate Monitoring''' report monitors and reviews the status of SSL across all domains within your WHMCS installation. You can access this report in the '''General''' section at '''Reports > [[Reports]]'''.
  
 
===Client Area===
 
===Client Area===
 +
 
[[File:client_area_list_display.png|thumb|SSL Status Client Area List]]
 
[[File:client_area_list_display.png|thumb|SSL Status Client Area List]]
The client area displays the status on the client service and domains lists, and on the service and domain details pages. On the lists, a new column has been added to the table with the list containing the status, with the status retrieved by and ajax call and updated.
+
 
 +
The Client Area displays SSL status in the client service and domains lists and in the service and domain details pages. In the client service and domains lists, you can find the status in the table.
 +
 
 
[[File:client_area_display.png|thumb|SSL Status Client Area]]
 
[[File:client_area_display.png|thumb|SSL Status Client Area]]
On the products details page, the status can be see on the 'domain' tab.
+
 
The domain details page lists the ssl status as part of the standard domain information.
+
On the products details page, you can view the status in the '''Domains''' tab. This lists the SSL status as part of the standard domain information. It also contains information about the domain's SSL certificate, including the issuer and start and expiry date, if they are available.
In the client area, the details pages will contain information about the SSL Certificate installed for the domain. This includes the issuer and expiry date of the issued SSL in cases where it can be reliably retrieved.
+
 
 +
<div class="clearfix"></div>
 +
<div class="docs-alert-info">
 +
<span class="title">Note:</span><br/>
 +
The status will not display for products that have the '''[[Products_and_Services#Products|Product Type]]''' set to ''Other''.
 +
</div>
  
 
==What are the Icons?==
 
==What are the Icons?==
  
There are four icons that display the SSL information.
+
There are four icons that display the SSL information:
  [[File:Ssl-active-green.png]] - A green padlock indicates that the selected domain has an active and valid SSL Certificate.
+
 
 +
  [[File:Ssl-active-green.png]] A green padlock indicates that the selected domain has an active and valid SSL certificate.
 
   
 
   
  [[File:ssl-inactive-domain.png]] - A grey padlock with a negative sign is displayed for domains that are not considered active. These are services and domains that are in a Terminated, Expired or Cancelled status.
+
  [[File:ssl-inactive-domain.png]] A grey padlock with a negative sign indicates that the domain is inactive. These are services and domains that are in a ''Terminated'', ''Expired'', or ''Cancelled'' status.
 
 
[[File:ssl-inactive-red.png]] - A red padlock indicates that the selected domain does not have an active or valid SSL Certificate.
 
 
   
 
   
  [[File:ssl-unknown.png]] - A grey padlock with a question mark indicates that the state of SSL for a domain cannot be verified with any certainty.
+
[[File:Ssl-inactive-red.png]] — A red padlock indicates that the selected domain does not have an active or valid SSL certificate.
 +
 +
  [[File:ssl-unknown.png]] A grey padlock with a question mark indicates that the state of SSL for a domain cannot be verified with any certainty.
  
 
==Troubleshooting==
 
==Troubleshooting==
 +
 
===Technical Details===
 
===Technical Details===
# Upon loading the page, a cURL call is made from the WHMCS server to https://$domain.com with the ssl_verify_peer option enabled
+
 
#* Where $domain.com is the contents of the service's Domain field
+
When loading the SSL status, the system makes a cURL call from the WHMCS server to <tt><nowiki>https://$example.com</nowiki></tt>, where <tt><nowiki>$example.com</nowiki></tt> is the contents of the service's '''Domain''' field, with the <tt>ssl_verify_peer</tt> option enabled.
# If no response is received, the "?" padlock icon is displayed
+
 
# If a cURL error is received, then the red padlock icon is displayed
+
* If the system does not receive a response, the grey '''?''' padlock icon displays.
#* This indicates cURL was unable to [https://curl.haxx.se/docs/sslcerts.html validate the certificate]
+
* If the system receives a cURL error, the red padlock icon displays. This indicates that cURL could not [https://curl.haxx.se/docs/sslcerts.html validate the certificate].
# If no cURL error is received, the test was successful and the yellow padlock icon is displayed
+
* If the system does not receive a cURL error, the test succeeded and the yellow padlock icon displays.
 +
 
 +
If the system detects any unsupported cURL versions, they will display at '''Configuration (<i class="fa fa-wrench" aria-hidden="true"></i>) > [[System Health Status]]''' or, prior to WHMCS 8.0, '''Help > System Health Status'''.
  
 
===Testing===
 
===Testing===
* Connect to the command-line of your WHMCS server and run:
+
 
curl -v https://$yourdomain.com
+
To test this:
** Replace $yourdomain.com with the value from the Domain field in WHMCS. 
+
 
* Look for an error code at the end of the output. An example is shown below:
+
# Connect to the command line of your WHMCS server and run the following command, replacing <tt><nowiki>$example.com</nowiki></tt> with the value from the '''Domain''' field in WHMCS:<div class="source-cli"><nowiki>curl --max-time 10 -v https://$example.com</nowiki></div>
<source>
+
# Look for an error code at the end of the output. For example: <div class="source-cli"><nowiki>[root@example ~]# curl -v https://v75.test.whmcs.rocks</nowiki><br/><nowiki>About to connect() to v75.test.whmcs.rocks port 443 (#0)</nowiki><br/><nowiki>Trying 104.20.20.8... connected</nowiki><br/><nowiki>Connected to v75.test.whmcs.rocks (104.20.20.8) port 443 (#0)</nowiki><br/><nowiki>Initializing NSS with certpath: sql:/etc/pki/nssdb</nowiki><br/><nowiki>CAfile: /etc/pki/tls/certs/ca-bundle.crt</nowiki><br/><nowiki>CApath: none</nowiki><br/><nowiki>SSL: certificate subject name '*.whmcs.com' does not match target host name 'v75.test.whmcs.rocks'</nowiki><br/><nowiki>NSS error -12276</nowiki><br/><nowiki>Closing connection #0</nowiki><br/><nowiki>curl: (51) SSL: certificate subject name '*.whmcs.com' does not match target host name 'v75.test.whmcs.rocks'</nowiki></div>This example returns a '''51''' error code.
[root@john ~]# curl -v https://v75.test.whmcs.rocks
+
 
* About to connect() to v75.test.whmcs.rocks port 443 (#0)
+
Work with your system administrator or hosting provider to resolve the cURL connection error between the WHMCS server and the hosting server.
Trying 104.20.20.8... connected
 
* Connected to v75.test.whmcs.rocks (104.20.20.8) port 443 (#0)
 
* Initializing NSS with certpath: sql:/etc/pki/nssdb
 
CAfile: /etc/pki/tls/certs/ca-bundle.crt
 
  CApath: none
 
* SSL: certificate subject name '*.whmcs.com' does not match target host name 'v75.test.whmcs.rocks'
 
* NSS error -12276
 
* Closing connection #0
 
curl: (51) SSL: certificate subject name '*.whmcs.com' does not match target host name 'v75.test.whmcs.rocks'
 
</source>
 
* In this example a '''51''' error code is returned
 
*  Please work with your server admin/hosting provider to resolve the cURL connection error between the WHMCS server and the hosting server.
 

Latest revision as of 13:54, 20 December 2023

SSL monitoring makes it easy to see which domains have SSL. It also makes it easy to spot issues with validation sooner and know ahead of time when SSL certificates are approaching their expiry dates.

The system cron updates the SSL status in batches of 100 every 24 hours. If the system has not cached a domain's SSL status within 24 hours, the system will check the SSL status in real time.

  • An icon indicates the status for each certificate (see below).
  • Hovering over the icon will provide additional information via a tooltip.

Where is the Status Shown?

Admin Area

SSL Status Admin Area

In the Admin Area, you can find the icon displaying the SSL status for a domain in the Products/Services tab in the client's profile. This appears in the top right corner next to the Move Product/Service button.

The Ssl Certificate Monitoring report monitors and reviews the status of SSL across all domains within your WHMCS installation. You can access this report in the General section at Reports > Reports.

Client Area

SSL Status Client Area List

The Client Area displays SSL status in the client service and domains lists and in the service and domain details pages. In the client service and domains lists, you can find the status in the table.

SSL Status Client Area

On the products details page, you can view the status in the Domains tab. This lists the SSL status as part of the standard domain information. It also contains information about the domain's SSL certificate, including the issuer and start and expiry date, if they are available.

Note:
The status will not display for products that have the Product Type set to Other.

What are the Icons?

There are four icons that display the SSL information:

Ssl-active-green.png — A green padlock indicates that the selected domain has an active and valid SSL certificate.

Ssl-inactive-domain.png — A grey padlock with a negative sign indicates that the domain is inactive. These are services and domains that are in a Terminated, Expired, or Cancelled status.

Ssl-inactive-red.png — A red padlock indicates that the selected domain does not have an active or valid SSL certificate.

Ssl-unknown.png — A grey padlock with a question mark indicates that the state of SSL for a domain cannot be verified with any certainty.

Troubleshooting

Technical Details

When loading the SSL status, the system makes a cURL call from the WHMCS server to https://$example.com, where $example.com is the contents of the service's Domain field, with the ssl_verify_peer option enabled.

  • If the system does not receive a response, the grey ? padlock icon displays.
  • If the system receives a cURL error, the red padlock icon displays. This indicates that cURL could not validate the certificate.
  • If the system does not receive a cURL error, the test succeeded and the yellow padlock icon displays.

If the system detects any unsupported cURL versions, they will display at Configuration () > System Health Status or, prior to WHMCS 8.0, Help > System Health Status.

Testing

To test this:

  1. Connect to the command line of your WHMCS server and run the following command, replacing $example.com with the value from the Domain field in WHMCS:
    curl --max-time 10 -v https://$example.com
  2. Look for an error code at the end of the output. For example:
    [root@example ~]# curl -v https://v75.test.whmcs.rocks
    About to connect() to v75.test.whmcs.rocks port 443 (#0)
    Trying 104.20.20.8... connected
    Connected to v75.test.whmcs.rocks (104.20.20.8) port 443 (#0)
    Initializing NSS with certpath: sql:/etc/pki/nssdb
    CAfile: /etc/pki/tls/certs/ca-bundle.crt
    CApath: none
    SSL: certificate subject name '*.whmcs.com' does not match target host name 'v75.test.whmcs.rocks'
    NSS error -12276
    Closing connection #0
    curl: (51) SSL: certificate subject name '*.whmcs.com' does not match target host name 'v75.test.whmcs.rocks'
    This example returns a 51 error code.

Work with your system administrator or hosting provider to resolve the cURL connection error between the WHMCS server and the hosting server.