Difference between revisions of "SSL Certificates via WHMCS MarketConnect"

From WHMCS Documentation

 
(2 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 
{{MarketConnect}}
 
{{MarketConnect}}
 
+
WHMCS MarketConnect allows you to resell SSL Certificates from DigiCert, RapidSSL and GeoTrust with fully automated end-to-end provisioning and deployment. For more information, see our [https://marketplace.whmcs.com/help/connect/kb/digicert_ssl_certificates DigiCert SSL Certificates Knowledgebase].
+
WHMCS MarketConnect allows you to resell SSL Certificates from DigiCert, RapidSSL, and GeoTrust with fully automated end-to-end provisioning and deployment.
 
+
 +
For more information, see our [https://marketplace.whmcs.com/help/connect/kb/digicert_ssl_certificates DigiCert SSL Certificates Knowledgebase].
 +
 
== Control Panels For Automatic SSL Installation ==
 
== Control Panels For Automatic SSL Installation ==
 
+
For some control panels, WHMCS can fully automate the SSL procurement process by generating a CSR, submitting it to the certificate authority, and installating the certificate. This is supported for the following control panels:
+
For some control panels, WHMCS can fully automate the SSL procurement process by generating a CSR, submitting it to the certificate authority, and installing the certificate. This is supported for the following control panels:
 
+
 
* cPanel & WHM
 
* cPanel & WHM
 
* Plesk
 
* Plesk
 
* DirectAdmin
 
* DirectAdmin
 
+
 
For other control panels, SSL certificates must be configured manually. Manual configuration requires the user to submit a CSR via the WHMCS Client Area.
 
For other control panels, SSL certificates must be configured manually. Manual configuration requires the user to submit a CSR via the WHMCS Client Area.
 
+
 
== Landing Pages ==
 
== Landing Pages ==
 
+
 
WHMCS MarketConnect includes SSL landing pages to send your new and existing customers to in order to learn about SSL and the SSL options you offer:
 
WHMCS MarketConnect includes SSL landing pages to send your new and existing customers to in order to learn about SSL and the SSL options you offer:
 
+
 
* Overview (pictured below)
 
* Overview (pictured below)
 
* Standard SSL DV Certificates
 
* Standard SSL DV Certificates
Line 22: Line 24:
 
* Extended Validation EV Certificates
 
* Extended Validation EV Certificates
 
* Wildcard Certificates
 
* Wildcard Certificates
 
+
 
These can be enabled when you start selling SSL certificates via MarketConnect. They can also be enabled or disabled via the '''Management''' panel for SSL certificate sales at '''Configuration (<i class="fa fa-wrench" aria-hidden="true"></i>) > System Settings > [[MarketConnect]]''' or, prior to WHMCS 8.0, '''Setup > MarketConnect'''.
 
These can be enabled when you start selling SSL certificates via MarketConnect. They can also be enabled or disabled via the '''Management''' panel for SSL certificate sales at '''Configuration (<i class="fa fa-wrench" aria-hidden="true"></i>) > System Settings > [[MarketConnect]]''' or, prior to WHMCS 8.0, '''Setup > MarketConnect'''.
 
+
 
== Setup and Configuration ==
 
== Setup and Configuration ==
 
+
 
To activate and begin reselling SSL certificates via WHMCS MarketConnect, navigate to '''Configuration (<i class="fa fa-wrench" aria-hidden="true"></i>) > System Settings > [[MarketConnect]]''' or, prior to WHMCS 8.0, '''Setup > MarketConnect''' within your WHMCS admin area and click '''Activate''' under the SSL certificates product offering.
 
To activate and begin reselling SSL certificates via WHMCS MarketConnect, navigate to '''Configuration (<i class="fa fa-wrench" aria-hidden="true"></i>) > System Settings > [[MarketConnect]]''' or, prior to WHMCS 8.0, '''Setup > MarketConnect''' within your WHMCS admin area and click '''Activate''' under the SSL certificates product offering.
 
+
 
== SSL Certificate Automation ==
 
== SSL Certificate Automation ==
 
+
 
 
When ordering an SSL certificate for a cPanel & WHM, Plesk, or DirectAdmin hosting account, WHMCS and MarketConnect fully automate the SSL provisioning process. The following actions will be performed without any manual user interaction:
 
When ordering an SSL certificate for a cPanel & WHM, Plesk, or DirectAdmin hosting account, WHMCS and MarketConnect fully automate the SSL provisioning process. The following actions will be performed without any manual user interaction:
 
+
 
 
* CSR generation
 
* CSR generation
 
* Certificate configuration
 
* Certificate configuration
Line 38: Line 40:
 
* Retrieval of the issued certificate
 
* Retrieval of the issued certificate
 
* Certificate installation
 
* Certificate installation
 +
 
 +
In some cases, such as orders for OV and EV SSL certificates, additional steps to complete the extended validation may be required. After all of the extended validation requirements have been completed, the SSL certificate will be recognised, retrieved, and installed automatically.
 +
 
 +
MarketConnect will also automate the necessary reissuances for the duration of a multi-year certificate purchase. For more information, [[#Reissuance_and_Installation|see below]].
 +
 +
=== Instant Issuance ===
 +
 +
In WHMCS 8.7 and later, MarketConnect supports Instant Issuance for DV-based DigiCert SSL certificates. With Instant Issuance, WHMCS, as a DigiCert partner, can run the DV check and receive a signed CSR immediately at the time of order. This reduces the risk of failure and other issues while providing instantaneous SSL protection.
 +
 +
Instant Issuance functions through the use of pre-generated cryptographic content for file-based and DNS authorization checks (Domain Control Validation or DCV).
 +
 +
For more information about Instant Issuance in WHMCS, see [[SSL Certificate Instant Issuance]] and the [[#Troubleshooting|Troubleshooting]] section below.
 +
 +
==== Requirements ====
 +
 +
Instant Issuance requires that:
 
    
 
    
In some cases, such as orders for OV and EV SSL certificates, additional steps to complete the extended validation may be required. After all of the extended validation requirements have been completed, the SSL certificate will be recognised, retrieved, and installed automatically.
+
* The system has access to create the necessary files.
 +
* The Domain Control Validation (DCV) for the order is file-based or, in some circumstances, DNS-based.
 
    
 
    
MarketConnect will also automate the necessary reissuances for the duration of a multi-year certificate purchase. For more information, [[#Reissuance_and_Installation|see below]].
+
If the purchase meets these conditions, the system will always attempt Instant Issuance.   
 
+
 +
==== Instant Issuance Activity ====
 +
 +
You can view Instant Issuance activity in the '''Activity Log''' section at '''Configuration (<i class="fa fa-wrench" aria-hidden="true"></i>) > System Logs'''.
 +
 
=== cPanel Requirements ===
 
=== cPanel Requirements ===
 
+
 
For automated SSL CSR generation and installation, cPanel accounts require you to enable the ''SSL/TLS'' feature on the appropriate feature list. You can enable this in WHM at '''WHM > Packages > [https://docs.cpanel.net/whm/packages/feature-manager/ Feature Manager]'''.
 
For automated SSL CSR generation and installation, cPanel accounts require you to enable the ''SSL/TLS'' feature on the appropriate feature list. You can enable this in WHM at '''WHM > Packages > [https://docs.cpanel.net/whm/packages/feature-manager/ Feature Manager]'''.
 
+
 
=== Other Control Panels ===
 
=== Other Control Panels ===
 
+
 
At this time, fully-automated provisioning is only supported for cPanel & WHM, Plesk, and DirectAdmin.
 
At this time, fully-automated provisioning is only supported for cPanel & WHM, Plesk, and DirectAdmin.
 
+
 
Ordering an SSL certificate as a standalone product or as an addon to a hosting account on an unsupported control panel will require manual input from clients to complete the process.
 
Ordering an SSL certificate as a standalone product or as an addon to a hosting account on an unsupported control panel will require manual input from clients to complete the process.
 
+
 
After submitting and paying for an SSL certificate order, the certificate will be provisioned and the customer will receive an email with a link to configure the certificate. They will be asked to provide a CSR and select an approver email address as part of the configuration process. The approver email will be used to validate the certificate's domain's owner.
 
After submitting and paying for an SSL certificate order, the certificate will be provisioned and the customer will receive an email with a link to configure the certificate. They will be asked to provide a CSR and select an approver email address as part of the configuration process. The approver email will be used to validate the certificate's domain's owner.
 
+
 
=== Domain Control Validation Methods ===
 
=== Domain Control Validation Methods ===
 
+
 
<div class="docs-alert-success">
 
<div class="docs-alert-success">
 
<span class="title">HTTP File Method Support</span><br />
 
<span class="title">HTTP File Method Support</span><br />
 
In accordance with CA/B ballot 3.2.2.4.18, DigiCert has [https://knowledge.digicert.com/alerts/domain-authentication-changes-in-2021.html announced the termination of support for file-based wildcard DCV authentication as of November 15th, 2021]. We recommend upgrading to WHMCS 8.3 or higher to use DNS validation for full automation of DV wildcard certificates.
 
In accordance with CA/B ballot 3.2.2.4.18, DigiCert has [https://knowledge.digicert.com/alerts/domain-authentication-changes-in-2021.html announced the termination of support for file-based wildcard DCV authentication as of November 15th, 2021]. We recommend upgrading to WHMCS 8.3 or higher to use DNS validation for full automation of DV wildcard certificates.
 
</div>
 
</div>
 
+
 
WHMCS's automation for MarketConnect SSL certificate purchases includes several options for DCV:
 
WHMCS's automation for MarketConnect SSL certificate purchases includes several options for DCV:
 
+
 
* DNS validation is available in WHMCS 8.3 and later.
 
* DNS validation is available in WHMCS 8.3 and later.
 
* Email and HTTP file validation are available in all supported WHMCS versions.
 
* Email and HTTP file validation are available in all supported WHMCS versions.
 
+
 
In WHMCS 8.3 and later, clients and admins can select a validation method during the '''Validation''' step of the manual configuration process for DigiCert certificates.
 
In WHMCS 8.3 and later, clients and admins can select a validation method during the '''Validation''' step of the manual configuration process for DigiCert certificates.
 
+
 
For more information about selling DigiCert SSL certificates via WHMCS MarketConnect, see [https://marketplace.whmcs.com/help/connect/kb/digicert_ssl_certificates the WHMCS MarketConnect Knowledgebase].
 
For more information about selling DigiCert SSL certificates via WHMCS MarketConnect, see [https://marketplace.whmcs.com/help/connect/kb/digicert_ssl_certificates the WHMCS MarketConnect Knowledgebase].
 
+
 
=== Multi-Year SSL Certificates ===
 
=== Multi-Year SSL Certificates ===
 +
 
 +
In WHMCS 8.5 and later, MarketConnect allows you to sell two-year and three-year DigiCert SSL certificates. WHMCS will automatically handle reissuance and reinstallation throughout the order period, including automated emails and renewals.
 
   
 
   
In WHMCS 8.5 and later, MarketConnect allows you to sell two-year and three-year DigiCert SSL certificates. WHMCS will automatically handle reissuance and reinstallation throughout the order period, including automated emails and renewals.
 
 
 
==== Reissuance and Installation ====
 
==== Reissuance and Installation ====
+
 
 
Multi-year certificates will require reissuance throughout the life of the certificate. The cron checks for certificates that require reissuance and reissues them. It will also attempt to install automatic '''and''' manual reissues automatically (see below).
 
Multi-year certificates will require reissuance throughout the life of the certificate. The cron checks for certificates that require reissuance and reissues them. It will also attempt to install automatic '''and''' manual reissues automatically (see below).
+
 
 
* Clients and admins can reissue and install certificates at any time via the Client Area.
 
* Clients and admins can reissue and install certificates at any time via the Client Area.
 
* Admins can reissue and install certificates via the '''[[Clients:Products/Services Tab|Products/Services]]''' tab of the client's profile in the Admin Area.
 
* Admins can reissue and install certificates via the '''[[Clients:Products/Services Tab|Products/Services]]''' tab of the client's profile in the Admin Area.
+
 
 
After WHMCS automatically '''or''' manually reissues a certificate, it will automatically attempt to install it. In WHMCS 8.4 and earlier, installation failures for one-year certificates were silent and did not send notification emails.
 
After WHMCS automatically '''or''' manually reissues a certificate, it will automatically attempt to install it. In WHMCS 8.4 and earlier, installation failures for one-year certificates were silent and did not send notification emails.
+
 
 
In WHMCS 8.5 and later, the system will send the following [[Email Templates|email templates]] in the following scenarios:
 
In WHMCS 8.5 and later, the system will send the following [[Email Templates|email templates]] in the following scenarios:
+
 
 
* '''SSL Certificate Issued''' — The system could not automatically install the certificate after reissuance and it requires manual installation. This template is only for reissuance, not for new SSL orders.
 
* '''SSL Certificate Issued''' — The system could not automatically install the certificate after reissuance and it requires manual installation. This template is only for reissuance, not for new SSL orders.
 
* '''SSL Certificate Installed''' — The system successfully automatically installed the certificate after automatic '''or''' manual issuance.
 
* '''SSL Certificate Installed''' — The system successfully automatically installed the certificate after automatic '''or''' manual issuance.
 
* '''SSL Certificate Multi-Year Reissue Due''' — The system could not automatically reissue the certificate '''or''' a reissuance attempt failed.
 
* '''SSL Certificate Multi-Year Reissue Due''' — The system could not automatically reissue the certificate '''or''' a reissuance attempt failed.
 
* '''SSL Certificate Validation Manual Intervention''' — The system could not automatically configure the certificate reissuance because of problems writing to the file or DNS record.
 
* '''SSL Certificate Validation Manual Intervention''' — The system could not automatically configure the certificate reissuance because of problems writing to the file or DNS record.
 
+
 
==== Updating to WHMCS 8.5 or Later ====
 
==== Updating to WHMCS 8.5 or Later ====
+
 
Upgrading to WHMCS 8.5 or later will add the new <tt>SslReissues</tt> cron task to handle automatic reissuance for two-year and three-year certificates and set its schedule.
+
Upgrading to WHMCS 8.5 or later will add the new <tt>SslReissues</tt> cron task to handle automatic reissuance for two-year and three-year certificates and set its schedule.  
+
 
 
The upgrade process will use the annual price to set the two-year and three-year prices.
 
The upgrade process will use the annual price to set the two-year and three-year prices.
+
 
* The system will multiply the one-year price by 1.9 to set the two-year price and by 2.8 (or 2.75 for DigiCert-branded certificates) for the three-year price.  
+
* The system will multiply the one-year price by 1.9 to set the two-year price and by 2.8 (or 2.75 for DigiCert-branded certificates) for the three-year price.
 
* The Client Area will display all prices as a per-year price.
 
* The Client Area will display all prices as a per-year price.
 
* You can update these prices at '''Configuration (<i class="fa fa-wrench" aria-hidden="true"></i>) > System Settings > [[MarketConnect]]''' when you click '''Manage''' under '''SSL Certificates from DigiCert'''.
 
* You can update these prices at '''Configuration (<i class="fa fa-wrench" aria-hidden="true"></i>) > System Settings > [[MarketConnect]]''' when you click '''Manage''' under '''SSL Certificates from DigiCert'''.
 
* WHMCS installations on WHMCS 8.4 or earlier should not have existing pricing for multi-year certificates. However, if your installation already specifies custom prices for them, the update process may overwrite them.
 
* WHMCS installations on WHMCS 8.4 or earlier should not have existing pricing for multi-year certificates. However, if your installation already specifies custom prices for them, the update process may overwrite them.
 
+
 
==Supported Client Actions==
 
==Supported Client Actions==
 
+
 
===Retrieve Certificate===
 
===Retrieve Certificate===
 
+
 
Clients can retrieve and download certificates that have been issued at any time from the WHMCS client area.
 
Clients can retrieve and download certificates that have been issued at any time from the WHMCS client area.
 
+
 
===Update Approver Email===
 
===Update Approver Email===
 
+
 
Clients can update the approver email for a pending certificate at any time via the WHMCS client area.
 
Clients can update the approver email for a pending certificate at any time via the WHMCS client area.
 
+
 
===Reissues===
 
===Reissues===
 
+
Clients can self-service reissue SSL certificates at any time via the WHMCS client area.
+
Clients can reissue SSL certificates at any time with self service in the WHMCS Client Area.
 
+
 
== Supported Admin Actions ==
 
== Supported Admin Actions ==
 
+
 
Many actions are available once a certificate order has been created.
 
Many actions are available once a certificate order has been created.
 
+
 
==== Check Status ====
 
==== Check Status ====
 
+
 
Click here to view the order status. The order information will appear in the displayed output, displaying the Marketplace and remote order statuses. This allows you to see the validation status of the certificate.
 
Click here to view the order status. The order information will appear in the displayed output, displaying the Marketplace and remote order statuses. This allows you to see the validation status of the certificate.
 
+
 
'''Check Status''' will appear for any certificate status other than '''Cancelled'''.
 
'''Check Status''' will appear for any certificate status other than '''Cancelled'''.
 
+
 
==== Resend Configuration Email ====
 
==== Resend Configuration Email ====
 
+
 
'''Resend Configuration Email''' appears when the certificate's remote status is '''Awaiting Configuration'''.
 
'''Resend Configuration Email''' appears when the certificate's remote status is '''Awaiting Configuration'''.
 
+
 
==== Retrieve Certificate ====
 
==== Retrieve Certificate ====
 
+
 
After the certificate has been issued, you can click '''Retrieve Certificate''' to view the full certificate to be installed. Use this if the client did not receive the certificate via email.
 
After the certificate has been issued, you can click '''Retrieve Certificate''' to view the full certificate to be installed. Use this if the client did not receive the certificate via email.
 
+
 
==== Install Certificate ====
 
==== Install Certificate ====
 
+
 
If the certificate is associated with a hosting plan on a supported control panel, clicking '''Install Certificate''' will allow you to install or reinstall the certificate.
 
If the certificate is associated with a hosting plan on a supported control panel, clicking '''Install Certificate''' will allow you to install or reinstall the certificate.
 
+
 
==== Configure Certificate ====
 
==== Configure Certificate ====
 
+
Click '''Configure Certificate''' to manually configure a pending SSL certificate by uploading a CSR and providing administrator contact information.  
+
Click '''Configure Certificate''' to manually configure a pending SSL certificate by uploading a CSR and providing administrator contact information.
 
+
 
* In WHMCS 8.2 and earlier, this supports both email and file DCV.
 
* In WHMCS 8.2 and earlier, this supports both email and file DCV.
 
* In WHMCS 8.3 and later, this supports email, file, and DNS DCV.
 
* In WHMCS 8.3 and later, this supports email, file, and DNS DCV.
 
+
 
== Troubleshooting ==
 
== Troubleshooting ==
 +
 
 +
===cPanel: Key Generation Failed: (XID xxxxxx) You do not have the feature “sslmanager”.===
 +
 
 +
This error message may indicate that the cPanel hosting account does not have the required ''SSL/TLS'' feature enabled. This feature is required for automatic SSL CSR generation and installation. You '''must''' enable the ''SSL/TLS'' feature in WHM for all cPanel packages that will use SSL automation. After adding the necessary feature to your cPanel packages, you can retry the automated provisioning again by setting the SSL certificate product back to ''Pending'' and clicking the '''Resend Configuration Data''' module command button, which should be available when you view the SSL product in WHMCS.
 
   
 
   
'''cPanel: Key Generation Failed: (XID xxxxxx) You do not have the feature “sslmanager”.'''
+
===Instant Issuance Failures===
 
   
 
   
This error message may indicate that the cPanel hosting account does not have the required ''SSL/TLS'' feature enabled. This feature is required for automatic SSL CSR generation and installation. You '''must''' enable the ''SSL/TLS'' feature in WHM for all cPanel packages that will use SSL automation. After adding the necessary feature to your cPanel packages, you can retry the automated provisioning again by setting the SSL certificate product back to ''Pending'' and clicking the '''Resend Configuration Data''' module command button, which should be available when you view the SSL product in WHMCS.
+
Instant Issuance reduces the overall likelihood of issuance failure. However, if an error occurs, it will display when you click '''View Order''' for the associated order in the '''[[Clients:Products/Services_Tab|Products/Services]]''' tab in the client's profile:
 +
 +
* '''Standard DCV Polling - The Instant Issuance token is not deployable''' indicates that the system received the instant issuance token from MarketConnect but the hosting control panel could not deploy it.
 +
* '''Standard DCV Polling - The Instant Issuance token could not be acquired''' indicates that MarketConnect failed to provide the instant issuance token.
 +
* '''Standard DCV Polling - DigiCert could not validate the Instant Issuance token''' indicates that DigiCert cannot resolve the domain, cannot find the required file, or the file does not include the expected contents.
 +
* '''Standard DCV Polling''' indicates that another type of error occurred.
 +
 +
All of the above errors also indicate that the system fell back to standard DCV polling to complete the process.

Latest revision as of 21:49, 26 January 2023


WHMCS MarketConnect allows you to resell SSL Certificates from DigiCert, RapidSSL, and GeoTrust with fully automated end-to-end provisioning and deployment.

For more information, see our DigiCert SSL Certificates Knowledgebase.

Control Panels For Automatic SSL Installation

For some control panels, WHMCS can fully automate the SSL procurement process by generating a CSR, submitting it to the certificate authority, and installing the certificate. This is supported for the following control panels:

  • cPanel & WHM
  • Plesk
  • DirectAdmin

For other control panels, SSL certificates must be configured manually. Manual configuration requires the user to submit a CSR via the WHMCS Client Area.

Landing Pages

WHMCS MarketConnect includes SSL landing pages to send your new and existing customers to in order to learn about SSL and the SSL options you offer:

  • Overview (pictured below)
  • Standard SSL DV Certificates
  • Organizational OV Certificates
  • Extended Validation EV Certificates
  • Wildcard Certificates

These can be enabled when you start selling SSL certificates via MarketConnect. They can also be enabled or disabled via the Management panel for SSL certificate sales at Configuration () > System Settings > MarketConnect or, prior to WHMCS 8.0, Setup > MarketConnect.

Setup and Configuration

To activate and begin reselling SSL certificates via WHMCS MarketConnect, navigate to Configuration () > System Settings > MarketConnect or, prior to WHMCS 8.0, Setup > MarketConnect within your WHMCS admin area and click Activate under the SSL certificates product offering.

SSL Certificate Automation

When ordering an SSL certificate for a cPanel & WHM, Plesk, or DirectAdmin hosting account, WHMCS and MarketConnect fully automate the SSL provisioning process. The following actions will be performed without any manual user interaction:

  • CSR generation
  • Certificate configuration
  • Domain Ownership Verification setup
  • Retrieval of the issued certificate
  • Certificate installation

In some cases, such as orders for OV and EV SSL certificates, additional steps to complete the extended validation may be required. After all of the extended validation requirements have been completed, the SSL certificate will be recognised, retrieved, and installed automatically.

MarketConnect will also automate the necessary reissuances for the duration of a multi-year certificate purchase. For more information, see below.

Instant Issuance

In WHMCS 8.7 and later, MarketConnect supports Instant Issuance for DV-based DigiCert SSL certificates. With Instant Issuance, WHMCS, as a DigiCert partner, can run the DV check and receive a signed CSR immediately at the time of order. This reduces the risk of failure and other issues while providing instantaneous SSL protection.

Instant Issuance functions through the use of pre-generated cryptographic content for file-based and DNS authorization checks (Domain Control Validation or DCV).

For more information about Instant Issuance in WHMCS, see SSL Certificate Instant Issuance and the Troubleshooting section below.

Requirements

Instant Issuance requires that:

  • The system has access to create the necessary files.
  • The Domain Control Validation (DCV) for the order is file-based or, in some circumstances, DNS-based.

If the purchase meets these conditions, the system will always attempt Instant Issuance.

Instant Issuance Activity

You can view Instant Issuance activity in the Activity Log section at Configuration () > System Logs.

cPanel Requirements

For automated SSL CSR generation and installation, cPanel accounts require you to enable the SSL/TLS feature on the appropriate feature list. You can enable this in WHM at WHM > Packages > Feature Manager.

Other Control Panels

At this time, fully-automated provisioning is only supported for cPanel & WHM, Plesk, and DirectAdmin.

Ordering an SSL certificate as a standalone product or as an addon to a hosting account on an unsupported control panel will require manual input from clients to complete the process.

After submitting and paying for an SSL certificate order, the certificate will be provisioned and the customer will receive an email with a link to configure the certificate. They will be asked to provide a CSR and select an approver email address as part of the configuration process. The approver email will be used to validate the certificate's domain's owner.

Domain Control Validation Methods

HTTP File Method Support
In accordance with CA/B ballot 3.2.2.4.18, DigiCert has announced the termination of support for file-based wildcard DCV authentication as of November 15th, 2021. We recommend upgrading to WHMCS 8.3 or higher to use DNS validation for full automation of DV wildcard certificates.

WHMCS's automation for MarketConnect SSL certificate purchases includes several options for DCV:

  • DNS validation is available in WHMCS 8.3 and later.
  • Email and HTTP file validation are available in all supported WHMCS versions.

In WHMCS 8.3 and later, clients and admins can select a validation method during the Validation step of the manual configuration process for DigiCert certificates.

For more information about selling DigiCert SSL certificates via WHMCS MarketConnect, see the WHMCS MarketConnect Knowledgebase.

Multi-Year SSL Certificates

In WHMCS 8.5 and later, MarketConnect allows you to sell two-year and three-year DigiCert SSL certificates. WHMCS will automatically handle reissuance and reinstallation throughout the order period, including automated emails and renewals.

Reissuance and Installation

Multi-year certificates will require reissuance throughout the life of the certificate. The cron checks for certificates that require reissuance and reissues them. It will also attempt to install automatic and manual reissues automatically (see below).

  • Clients and admins can reissue and install certificates at any time via the Client Area.
  • Admins can reissue and install certificates via the Products/Services tab of the client's profile in the Admin Area.

After WHMCS automatically or manually reissues a certificate, it will automatically attempt to install it. In WHMCS 8.4 and earlier, installation failures for one-year certificates were silent and did not send notification emails.

In WHMCS 8.5 and later, the system will send the following email templates in the following scenarios:

  • SSL Certificate Issued — The system could not automatically install the certificate after reissuance and it requires manual installation. This template is only for reissuance, not for new SSL orders.
  • SSL Certificate Installed — The system successfully automatically installed the certificate after automatic or manual issuance.
  • SSL Certificate Multi-Year Reissue Due — The system could not automatically reissue the certificate or a reissuance attempt failed.
  • SSL Certificate Validation Manual Intervention — The system could not automatically configure the certificate reissuance because of problems writing to the file or DNS record.

Updating to WHMCS 8.5 or Later

Upgrading to WHMCS 8.5 or later will add the new SslReissues cron task to handle automatic reissuance for two-year and three-year certificates and set its schedule.

The upgrade process will use the annual price to set the two-year and three-year prices.

  • The system will multiply the one-year price by 1.9 to set the two-year price and by 2.8 (or 2.75 for DigiCert-branded certificates) for the three-year price.
  • The Client Area will display all prices as a per-year price.
  • You can update these prices at Configuration () > System Settings > MarketConnect when you click Manage under SSL Certificates from DigiCert.
  • WHMCS installations on WHMCS 8.4 or earlier should not have existing pricing for multi-year certificates. However, if your installation already specifies custom prices for them, the update process may overwrite them.

Supported Client Actions

Retrieve Certificate

Clients can retrieve and download certificates that have been issued at any time from the WHMCS client area.

Update Approver Email

Clients can update the approver email for a pending certificate at any time via the WHMCS client area.

Reissues

Clients can reissue SSL certificates at any time with self service in the WHMCS Client Area.

Supported Admin Actions

Many actions are available once a certificate order has been created.

Check Status

Click here to view the order status. The order information will appear in the displayed output, displaying the Marketplace and remote order statuses. This allows you to see the validation status of the certificate.

Check Status will appear for any certificate status other than Cancelled.

Resend Configuration Email

Resend Configuration Email appears when the certificate's remote status is Awaiting Configuration.

Retrieve Certificate

After the certificate has been issued, you can click Retrieve Certificate to view the full certificate to be installed. Use this if the client did not receive the certificate via email.

Install Certificate

If the certificate is associated with a hosting plan on a supported control panel, clicking Install Certificate will allow you to install or reinstall the certificate.

Configure Certificate

Click Configure Certificate to manually configure a pending SSL certificate by uploading a CSR and providing administrator contact information.

  • In WHMCS 8.2 and earlier, this supports both email and file DCV.
  • In WHMCS 8.3 and later, this supports email, file, and DNS DCV.

Troubleshooting

cPanel: Key Generation Failed: (XID xxxxxx) You do not have the feature “sslmanager”.

This error message may indicate that the cPanel hosting account does not have the required SSL/TLS feature enabled. This feature is required for automatic SSL CSR generation and installation. You must enable the SSL/TLS feature in WHM for all cPanel packages that will use SSL automation. After adding the necessary feature to your cPanel packages, you can retry the automated provisioning again by setting the SSL certificate product back to Pending and clicking the Resend Configuration Data module command button, which should be available when you view the SSL product in WHMCS.

Instant Issuance Failures

Instant Issuance reduces the overall likelihood of issuance failure. However, if an error occurs, it will display when you click View Order for the associated order in the Products/Services tab in the client's profile:

  • Standard DCV Polling - The Instant Issuance token is not deployable indicates that the system received the instant issuance token from MarketConnect but the hosting control panel could not deploy it.
  • Standard DCV Polling - The Instant Issuance token could not be acquired indicates that MarketConnect failed to provide the instant issuance token.
  • Standard DCV Polling - DigiCert could not validate the Instant Issuance token indicates that DigiCert cannot resolve the domain, cannot find the required file, or the file does not include the expected contents.
  • Standard DCV Polling indicates that another type of error occurred.

All of the above errors also indicate that the system fell back to standard DCV polling to complete the process.