Difference between revisions of "SSL Monitoring"
| Line 41: | Line 41: | ||
#* This indicates cURL was unable to [https://curl.haxx.se/docs/sslcerts.html validate the certificate] | #* This indicates cURL was unable to [https://curl.haxx.se/docs/sslcerts.html validate the certificate] | ||
# If no cURL error is received, the test was successful and the yellow padlock icon is displayed | # If no cURL error is received, the test was successful and the yellow padlock icon is displayed | ||
| + | # Unsupported cURL versions will be flagged in the [[System Health Status]] page | ||
===Testing=== | ===Testing=== | ||
Revision as of 21:34, 12 January 2021
SSL Monitoring makes it easy to see which domains have SSL and which do not.
It also makes it easy to spot issues with validation sooner, and know ahead of time when SSL Certificates are approaching their expiry dates. It's the perfect way to keep on top of your own SSL certificates, and be in a position to help your customers with their renewals.
For both client end users and admin users, SSL status is displayed in real-time when viewing a product/service within WHMCS. The status is indicated by an icon. An explanation of the different icons you might see is available below. Hovering over the icon will provide any additional information that is available via a tooltip.
Contents
Where is the Status Shown?
Admin Area
In the admin area, the icon displaying the status of SSL on the domain can be found on the service and domain details page, in the top right of the display next to the move button.
There is also a new SSL Status report which can be used to monitor and review the status of SSL across all the domains within your WHMCS installation. This new report can be accessed by navigating to Reports > General > SSL Status Monitoring within the WHMCS admin area.
Client Area
The client area displays the status on the client service and domains lists, and on the service and domain details pages. On the lists, a new column has been added to the table with the list containing the status, with the status retrieved by and ajax call and updated.
On the products details page, the status can be see on the 'domain' tab. The domain details page lists the ssl status as part of the standard domain information. In the client area, the details pages will contain information about the SSL Certificate installed for the domain. This includes the issuer and expiry date of the issued SSL in cases where it can be reliably retrieved.
What are the Icons?
There are four icons that display the SSL information.
- A green padlock indicates that the selected domain has an active and valid SSL Certificate.
- A grey padlock with a negative sign is displayed for domains that are not considered active. These are services and domains that are in a Terminated, Expired or Cancelled status.
- A red padlock indicates that the selected domain does not have an active or valid SSL Certificate.
- A grey padlock with a question mark indicates that the state of SSL for a domain cannot be verified with any certainty.
Troubleshooting
Technical Details
- Upon loading the page, a cURL call is made from the WHMCS server to https://$example.com with the ssl_verify_peer option enabled
- Where $example.com is the contents of the service's Domain field
- If no response is received, the "?" padlock icon is displayed
- If a cURL error is received, then the red padlock icon is displayed
- This indicates cURL was unable to validate the certificate
- If no cURL error is received, the test was successful and the yellow padlock icon is displayed
- Unsupported cURL versions will be flagged in the System Health Status page
Testing
- Connect to the command-line of your WHMCS server and run:
curl -v https://$example.com
- Replace $example.com with the value from the Domain field in WHMCS.
- Look for an error code at the end of the output. An example is shown below:
[root@john ~]# curl -v https://v75.test.whmcs.rocks
* About to connect() to v75.test.whmcs.rocks port 443 (#0)
* Trying 104.20.20.8... connected
* Connected to v75.test.whmcs.rocks (104.20.20.8) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSL: certificate subject name '*.whmcs.com' does not match target host name 'v75.test.whmcs.rocks'
* NSS error -12276
* Closing connection #0
curl: (51) SSL: certificate subject name '*.whmcs.com' does not match target host name 'v75.test.whmcs.rocks'- In this example a 51 error code is returned
- Please work with your server admin/hosting provider to resolve the cURL connection error between the WHMCS server and the hosting server.