Difference between revisions of "SSL Certificates via WHMCS MarketConnect"
(→Domain Control Validation Methods: Removed surplus square brackets from link syntax) |
|||
| Line 30: | Line 30: | ||
== SSL Certificate Automation == | == SSL Certificate Automation == | ||
| − | + | ||
When ordering an SSL certificate for a cPanel & WHM, Plesk, or DirectAdmin hosting account, WHMCS and MarketConnect fully automate the SSL provisioning process. The following actions will be performed without any manual user interaction: | When ordering an SSL certificate for a cPanel & WHM, Plesk, or DirectAdmin hosting account, WHMCS and MarketConnect fully automate the SSL provisioning process. The following actions will be performed without any manual user interaction: | ||
| − | + | ||
* CSR generation | * CSR generation | ||
* Certificate configuration | * Certificate configuration | ||
| Line 38: | Line 38: | ||
* Retrieval of the issued certificate | * Retrieval of the issued certificate | ||
* Certificate installation | * Certificate installation | ||
| − | + | ||
In some cases, such as orders for OV and EV SSL certificates, additional steps to complete the extended validation may be required. After all of the extended validation requirements have been completed, the SSL certificate will be recognised, retrieved, and installed automatically. | In some cases, such as orders for OV and EV SSL certificates, additional steps to complete the extended validation may be required. After all of the extended validation requirements have been completed, the SSL certificate will be recognised, retrieved, and installed automatically. | ||
| − | + | ||
| + | MarketConnect will also automate the necessary reissuances for the duration of a multi-year certificate purchase. | ||
=== cPanel Requirements === | === cPanel Requirements === | ||
For automated SSL CSR generation and installation, cPanel accounts require you to enable the ''SSL/TLS'' feature on the appropriate feature list. You can enable this in WHM at '''WHM > Packages > [[https://docs.cpanel.net/whm/packages/feature-manager/ Feature Manager]]'''. | For automated SSL CSR generation and installation, cPanel accounts require you to enable the ''SSL/TLS'' feature on the appropriate feature list. You can enable this in WHM at '''WHM > Packages > [[https://docs.cpanel.net/whm/packages/feature-manager/ Feature Manager]]'''. | ||
| − | |||
=== Other Control Panels === | === Other Control Panels === | ||
| Line 54: | Line 54: | ||
After submitting and paying for an SSL certificate order, the certificate will be provisioned and the customer will receive an email with a link to configure the certificate. They will be asked to provide a CSR and select an approver email address as part of the configuration process. The approver email will be used to validate the certificate's domain's owner. | After submitting and paying for an SSL certificate order, the certificate will be provisioned and the customer will receive an email with a link to configure the certificate. They will be asked to provide a CSR and select an approver email address as part of the configuration process. The approver email will be used to validate the certificate's domain's owner. | ||
| − | |||
=== Domain Control Validation Methods === | === Domain Control Validation Methods === | ||
| Line 117: | Line 116: | ||
== Troubleshooting == | == Troubleshooting == | ||
| − | + | ||
The following are some common problems and solutions. | The following are some common problems and solutions. | ||
| − | + | ||
| + | '''Reissuances''' | ||
| + | |||
| + | In WHMCS 8.5 and later, the module log at '''Configuration (<i class="fa fa-wrench" aria-hidden="true"></i>) > [[System Logs]]''' lists SSL certificate reissuances. | ||
| + | |||
'''cPanel: Key Generation Failed: (XID xxxxxx) You do not have the feature “sslmanager”.''' | '''cPanel: Key Generation Failed: (XID xxxxxx) You do not have the feature “sslmanager”.''' | ||
| − | + | ||
This error message may indicate that the cPanel hosting account does not have the required ''SSL/TLS'' feature enabled. This feature is required for automatic SSL CSR generation and installation. You '''must''' enable the ''SSL/TLS'' feature in WHM for all cPanel packages that will use SSL automation. After adding the necessary feature to your cPanel packages, you can retry the automated provisioning again by setting the SSL certificate product back to ''Pending'' and clicking the '''Resend Configuration Data''' module command button, which should be available when you view the SSL product in WHMCS. | This error message may indicate that the cPanel hosting account does not have the required ''SSL/TLS'' feature enabled. This feature is required for automatic SSL CSR generation and installation. You '''must''' enable the ''SSL/TLS'' feature in WHM for all cPanel packages that will use SSL automation. After adding the necessary feature to your cPanel packages, you can retry the automated provisioning again by setting the SSL certificate product back to ''Pending'' and clicking the '''Resend Configuration Data''' module command button, which should be available when you view the SSL product in WHMCS. | ||
Revision as of 16:27, 20 April 2022
SSL Certificates | SpamExperts | SiteLock | SiteLock VPN | CodeGuard | marketgoo
OX App Suite | Web.com Site Builder | Weebly | NordVPN | XOVI NOW | 360 Monitoring
WHMCS MarketConnect allows you to resell SSL Certificates from DigiCert, RapidSSL and GeoTrust with fully automated end-to-end provisioning and deployment.
Contents
Control Panels For Automatic SSL Installation
For some control panels, WHMCS can fully automate the SSL procurement process by generating a CSR, submitting it to the certificate authority, and installating the certificate. This is supported for the following control panels:
- cPanel & WHM
- Plesk
- DirectAdmin
For other control panels, SSL certificates must be configured manually. Manual configuration requires the user to submit a CSR via the WHMCS Client Area.
Landing Pages
WHMCS MarketConnect includes SSL landing pages to send your new and existing customers to in order to learn about SSL and the SSL options you offer:
- Overview (pictured below)
- Standard SSL DV Certificates
- Organizational OV Certificates
- Extended Validation EV Certificates
- Wildcard Certificates
These can be enabled when you start selling SSL certificates via MarketConnect. They can also be enabled or disabled via the Management panel for SSL certificate sales at Configuration () > System Settings > MarketConnect or, prior to WHMCS 8.0, Setup > MarketConnect.
Setup and Configuration
To activate and begin reselling SSL certificates via WHMCS MarketConnect, navigate to Configuration () > System Settings > MarketConnect or, prior to WHMCS 8.0, Setup > MarketConnect within your WHMCS admin area and click the Activate button under the SSL Certificates product offering.
SSL Certificate Automation
When ordering an SSL certificate for a cPanel & WHM, Plesk, or DirectAdmin hosting account, WHMCS and MarketConnect fully automate the SSL provisioning process. The following actions will be performed without any manual user interaction:
- CSR generation
- Certificate configuration
- Domain Ownership Verification setup
- Retrieval of the issued certificate
- Certificate installation
In some cases, such as orders for OV and EV SSL certificates, additional steps to complete the extended validation may be required. After all of the extended validation requirements have been completed, the SSL certificate will be recognised, retrieved, and installed automatically.
MarketConnect will also automate the necessary reissuances for the duration of a multi-year certificate purchase.
cPanel Requirements
For automated SSL CSR generation and installation, cPanel accounts require you to enable the SSL/TLS feature on the appropriate feature list. You can enable this in WHM at WHM > Packages > [Feature Manager].
Other Control Panels
At this time, fully-automated provisioning is only supported for cPanel & WHM, Plesk, and DirectAdmin.
Ordering an SSL certificate as a standalone product or as an addon to a hosting account on an unsupported control panel will require manual input from clients to complete the process.
After submitting and paying for an SSL certificate order, the certificate will be provisioned and the customer will receive an email with a link to configure the certificate. They will be asked to provide a CSR and select an approver email address as part of the configuration process. The approver email will be used to validate the certificate's domain's owner.
Domain Control Validation Methods
HTTP File Method Support
In accordance with CA/B ballot 3.2.2.4.18, DigiCert has announced the termination of support for file-based wildcard DCV authentication as of November 15th, 2021. We recommend upgrading to WHMCS 8.3 or higher to use DNS validation for full automation of DV wildcard certificates.
WHMCS's automation for MarketConnect SSL certificate purchases includes several options for DCV:
- DNS validation is available in WHMCS 8.3 and later.
- Email and HTTP file validation are available in all supported WHMCS versions.
In WHMCS 8.3 and later, clients and admins can select a validation method during the Validation step of the manual configuration process for DigiCert certificates.
For more information about selling DigiCert SSL certificates via WHMCS MarketConnect, see the WHMCS MarketConnect Knowledgebase.
Supported Client Actions
Retrieve Certificate
Clients can retrieve and download certificates that have been issued at any time from the WHMCS client area.
Update Approver Email
Clients can update the approver email for a pending certificate at any time via the WHMCS client area.
Reissues
Clients can self-service reissue SSL certificates at any time via the WHMCS client area.
Supported Admin Actions
Many actions are available once a certificate order has been created.
Check Status
Click here to view the order status. The order information will appear in the displayed output, displaying the Marketplace and remote order statuses. This allows you to see the validation status of the certificate.
Check Status will appear for any certificate status other than Cancelled.
Resend Configuration Email
Resend Configuration Email appears when the certificate's remote status is Awaiting Configuration.
Retrieve Certificate
After the certificate has been issued, you can click Retrieve Certificate to view the full certificate to be installed. Use this if the client did not receive the certificate via email.
Install Certificate
If the certificate is associated with a hosting plan on a supported control panel, clicking Install Certificate will allow you to install or reinstall the certificate.
Configure Certificate
Click Configure Certificate to manually configure a pending SSL certificate by uploading a CSR and providing administrator contact information.
- In WHMCS 8.2 and earlier, this supports both email and file DCV.
- In WHMCS 8.3 and later, this supports email, file, and DNS DCV.
Troubleshooting
The following are some common problems and solutions.
Reissuances
In WHMCS 8.5 and later, the module log at Configuration () > System Logs lists SSL certificate reissuances.
cPanel: Key Generation Failed: (XID xxxxxx) You do not have the feature “sslmanager”.
This error message may indicate that the cPanel hosting account does not have the required SSL/TLS feature enabled. This feature is required for automatic SSL CSR generation and installation. You must enable the SSL/TLS feature in WHM for all cPanel packages that will use SSL automation. After adding the necessary feature to your cPanel packages, you can retry the automated provisioning again by setting the SSL certificate product back to Pending and clicking the Resend Configuration Data module command button, which should be available when you view the SSL product in WHMCS.