Difference between revisions of "SSL Certificates via WHMCS MarketConnect"

From WHMCS Documentation
Line 1: Line 1:
 
{{MarketConnect}}
 
{{MarketConnect}}
 +
 
WHMCS MarketConnect allows you to resell SSL Certificates from DigiCert, RapidSSL and GeoTrust with fully automated end-to-end provisioning and deployment.
 
WHMCS MarketConnect allows you to resell SSL Certificates from DigiCert, RapidSSL and GeoTrust with fully automated end-to-end provisioning and deployment.
  
==Control Panels supported for automatic SSL installation==
+
== Control Panels For Automatic SSL Installation ==
  
With certain control panels, WHMCS can fully automate the SSL procurement process, generating a CSR, submitting it to the certificate authority and installation the certificate upon issue. This is supported for the following control panels:
+
For some control panels, WHMCS can fully automate the SSL procurement process by generating a CSR, submitting it to the certificate authority, and installating the certificate. This is supported for the following control panels:
  
* cPanel
+
* cPanel & WHM
 
* Plesk
 
* Plesk
 
* DirectAdmin
 
* DirectAdmin
  
For any other control panels, SSL certificates can be purchased and configured manually. Manual configuration requires the user to submit a CSR themselves and can be done self-service via the WHMCS client area.
+
For other control panels, SSL certificates must be configured manually. Manual configuration requires the user to submit a CSR via the WHMCS Client Area.
  
==Landing Pages==
+
== Landing Pages ==
  
The WHMCS MarketConnect SSL Integration includes landing pages that are designed to give you a ready made destination to send your new and existing customers to to learn about SSL and the SSL options you offer. There are 5 pages:
+
WHMCS MarketConnect includes SSL landing pages to send your new and existing customers to in order to learn about SSL and the SSL options you offer:
  
 
* Overview (pictured below)
 
* Overview (pictured below)
Line 22: Line 23:
 
* Wildcard Certificates
 
* Wildcard Certificates
  
These can be enabled as part of the activation process to begin selling SSL via MarketConnect. There can also be enabled/disabled at a later time via the Management panel for SSL in '''Configuration (<i class="fa fa-wrench" aria-hidden="true"></i>) > System Settings > MarketConnect''' or, prior to WHMCS 8.0, '''Setup > MarketConnect'''.
+
These can be enabled when you start selling SSL certificates via MarketConnect. They can also be enabled or disabled via the '''Management''' panel for SSL certificate sales at '''Configuration (<i class="fa fa-wrench" aria-hidden="true"></i>) > System Settings > MarketConnect''' or, prior to WHMCS 8.0, '''Setup > MarketConnect'''.
  
[[File:Ssl-landing-page.png|750px]]
+
== Setup and Configuration ==
  
==Setup and Configuration==
+
To activate and begin reselling SSL certificates via WHMCS MarketConnect, navigate to '''Configuration (<i class="fa fa-wrench" aria-hidden="true"></i>) > System Settings > MarketConnect''' or, prior to WHMCS 8.0, '''Setup > MarketConnect''' within your WHMCS admin area and click the '''Activate''' button under the SSL Certificates product offering.
  
To activate and begin reselling SSL Certificates via WHMCS MarketConnect, simply navigate to ''Setup > MarketConnect'' within your WHMCS admin area and click the '''Activate''' button under the SSL Certificates product offering.
+
== SSL Certificate Automation ==
  
==SSL Certificate Automation==
+
When ordering an SSL certificate for a cPanel & WHM, Plesk, or DirectAdmin hosting account, WHMCS and MarketConnect fully automate the SSL provisioning process. The following actions will be performed without any manual user interaction:
  
===cPanel===
+
* CSR generation
 +
* Certificate configuration
 +
* Domain Ownership Verification setup
 +
* Retrieval of the issued certificate
 +
* Certificate installation
  
When ordering an SSL Certificate for a cPanel Hosting Account, WHMCS and MarketConnect fully automates the SSL provisioning process. The following actions will be performed without any manual user interaction:
+
In some cases, such as orders for OV and EV SSL certificates, additional steps to complete the extended validation may be required. After all of the extended validation requirements have been completed, the SSL certificate will be recognised, retrieved, and installed automatically.
  
* SSL Purchase
 
* CSR Generation
 
* CSR Submission
 
* Domain Ownership Verification
 
* Retrieval of Issued Certificate
 
* Installation
 
  
In some cases, such as orders for OV and EV SSL Certificates, additional steps to complete the extended validation may be required.  Once all the extended validation requirements have been completed, the SSL Certificate will be recognised and installed/provisioned automatically.
+
=== cPanel Requirements ===
  
====Required Permissions====
+
For automated SSL CSR generation and installation, cPanel accounts require you to enable the ''SSL/TLS'' feature on the appropriate feature list. You can enable this in WHM at '''WHM > Packages > [[https://docs.cpanel.net/whm/packages/feature-manager/ Feature Manager]]'''.
  
For automated SSL CSR generation and installation to be possible, cPanel hosting accounts require the 'sslmanager' permission. This is a package feature list permission that has to be enabled inside WHM for all cPanel packages you wish to be able to work with SSL automation.
 
  
===Plesk===
+
=== Other Control Panels ===
When ordering an SSL Certificate for a Plesk Hosting Account,, WHMCS and MarketConnect fully automates the SSL provisioning process. The following actions will be performed without any manual user interaction:
 
  
* SSL Purchase
+
At this time, fully-automated provisioning is only supported for cPanel & WHM, Plesk, and DirectAdmin.
* CSR Generation
 
* CSR Submission
 
* Domain Ownership Verification
 
* Retrieval of Issued Certificate
 
* Installation
 
  
In some cases, such as orders for OV and EV SSL Certificates, additional steps to complete the extended validation may be required. Once all the extended validation requirements have been completed, the SSL Certificate will be recognised and installed/provisioned automatically.
+
Ordering an SSL certificate as a standalone product or as an addon to a hosting account on an unsupported control panel will require manual input from clients to complete the process.
  
===DirectAdmin===
+
After submitting and paying for an SSL certificate order, the certificate will be provisioned and the customer will receive an email with a link to configure the certificate. They will be asked to provide a CSR and select an approver email address as part of the configuration process. The approver email will be used to validate the certificate's domain's owner.
When ordering an SSL Certificate for a DirectAdmin Hosting Account,, WHMCS and MarketConnect fully automates the SSL provisioning process. The following actions will be performed without any manual user interaction:
 
  
* SSL Purchase
 
* CSR Generation
 
* CSR Submission
 
* Domain Ownership Verification
 
* Retrieval of Issued Certificate
 
* Installation
 
  
In some cases, such as orders for OV and EV SSL Certificates, additional steps to complete the extended validation may be required. Once all the extended validation requirements have been completed, the SSL Certificate will be recognised and installed/provisioned automatically.
+
=== Domain Control Validation Methods ===
  
===Any Other Control Panel===
+
<div class="docs-alert-success">
 +
<span class="title">HTTP File Method Support</span><br />
 +
In accordance with CA/B ballot 3.2.2.4.18, DigiCert has [[https://knowledge.digicert.com/alerts/domain-authentication-changes-in-2021.html announced the termination of support for file-based wildcard DCV authentication as of November 15th, 2021]]. We recommend upgrading to WHMCS 8.3 or higher to use DNS validation for full automation of DV wildcard certificates.
 +
</div>
  
At this time fully automated provisioning is only supported for cPanel, Plesk and DirectAdmin.
+
WHMCS's automation for MarketConnect SSL certificate purchases includes several options for DCV:
  
Ordering an SSL Certificate as a standalone product or as an add-on to anything other a cPanel Hosting Account will require manual input from clients to complete the provisioning process.
+
* DNS validation is available in WHMCS 8.3 and later.
 +
* Email and HTTP file validation are available in all supported WHMCS versions.
 +
 
 +
In WHMCS 8.3 and later, clients and admins can select a validation method during the '''Validation''' step of the manual configuration process for DigiCert certificates.
 +
 
 +
For more information about selling DigiCert SSL certificates via WHMCS MarketConnect, see [[https://marketplace.whmcs.com/help/connect/kb/digicert_ssl_certificates the WHMCS MarketConnect Knowledgebase]].
  
Upon submission and payment for an SSL Certificate order, the certificate will be provisioned and the customer will receive an email with a link to configure the certificate. They will be asked to provide a CSR and select an approver email address as part of the configuration process. The approver email will be used to validate the certificate request and the certificate issuance.
 
  
 
==Supported Client Actions==
 
==Supported Client Actions==
Line 86: Line 78:
  
 
Clients can retrieve and download certificates that have been issued at any time from the WHMCS client area.
 
Clients can retrieve and download certificates that have been issued at any time from the WHMCS client area.
 
[[File:Screenshot_2017-05-10_14.34.48.png|750px]]
 
  
 
===Update Approver Email===
 
===Update Approver Email===
  
 
Clients can update the approver email for a pending certificate at any time via the WHMCS client area.
 
Clients can update the approver email for a pending certificate at any time via the WHMCS client area.
 
[[File:Screenshot_2017-05-10_12.09.51.png|750px]]
 
  
 
===Reissues===
 
===Reissues===
Line 99: Line 87:
 
Clients can self-service reissue SSL certificates at any time via the WHMCS client area.
 
Clients can self-service reissue SSL certificates at any time via the WHMCS client area.
  
[[File:Screenshot 2017-05-10 15.48.52.png|750px]]
 
  
==Supported Admin Actions==
+
== Supported Admin Actions ==
  
 
Many actions are available once a certificate order has been created.
 
Many actions are available once a certificate order has been created.
  
====Check Status====
+
==== Check Status ====
  
The order status can be obtained by clicking this button. The order information will be provided in the InfoBox output. It will display the order status within MarketPlace and also the remote order status, so it is possible to see the validation status of the certificate.
+
Click here to view the order status. The order information will appear in the displayed output, displaying the Marketplace and remote order statuses. This allows you to see the validation status of the certificate.
  
The check status button will appear when the certificate status is anything but Cancelled.
+
'''Check Status''' will appear for any certificate status other than '''Cancelled'''.
  
====Resend Configuration Email====
+
==== Resend Configuration Email ====
  
The resend configuration email button will appear when the certificate remote status is Awaiting Configuration.
+
'''Resend Configuration Email''' appears when the certificate's remote status is '''Awaiting Configuration'''.
  
====Retrieve Certificate====
+
==== Retrieve Certificate ====
  
When the certificate has been issued, the Retrieve Certificate option can be used to obtain the full certificate to be installed. This option can be used should the client not receive the certificate via email
+
After the certificate has been issued, you can click '''Retrieve Certificate''' to view the full certificate to be installed. Use this if the client did not receive the certificate via email.
  
====Install Certificate====
+
==== Install Certificate ====
  
If the certificate has been ordered as an Addon product with a cPanel module, and has been issued, the Install Certificate option will be available. This option can be used to install or reinstall the certificate within the cPanel account.
+
If the certificate is associated with a hosting plan on a supported control panel, clicking '''Install Certificate''' will allow you to install or reinstall the certificate.
  
====Configure Certificate====
+
==== Configure Certificate ====
  
Manually configure a pending SSL certificate by uploading a CSR and providing admin contact information for the certificate. Supports both Email and File based authentication.
+
Click '''Configure Certificate''' to manually configure a pending SSL certificate by uploading a CSR and providing administrator contact information.  
  
==Symantec Certificate Discontinuation April 2020==
+
* In WHMCS 8.2 and earlier, this supports both email and file DCV.
In April 2020, DigiCert discontinued the sale of Symantec branded SSL Certificates. New DigiCert SSL Certificates have been launched that are a direct replacement for the previous Symantec SSL Certificates. As a result, on upgrade to WHMCS 7.10, for users who have Symantec certificate selling enabled, all Symantec certificates will be replaced with their new DigiCert equivalents. Product names for the certificates and pricing will be updated to match the new default and recommended values. You may review and edit pricing after the upgrade by navigating to '''Configuration (<i class="fa fa-wrench" aria-hidden="true"></i>) > System Settings > MarketConnect > DigiCert > Manage > Pricing''' or, prior to WHMCS 8.0, '''Setup''' > '''MarketConnect''' > '''DigiCert''' > '''Manage''' > '''Pricing'''.
+
* In WHMCS 8.3 and later, this supports email, file, and DNS DCV.
  
==Troubleshooting==
+
== Troubleshooting ==
  
 
The following are some common problems and solutions.
 
The following are some common problems and solutions.
Line 136: Line 123:
 
'''cPanel: Key Generation Failed: (XID xxxxxx) You do not have the feature “sslmanager”.'''
 
'''cPanel: Key Generation Failed: (XID xxxxxx) You do not have the feature “sslmanager”.'''
  
This error message suggests that the cPanel hosting account that the SSL certificate is attempting to be provisioned for does not have the required 'SSL Manager' permission. This permission is a required permission for automatic SSL CSR generation and installation to be possible for WHMCS. The SSL Manager permission is a package feature list permission that has to be enabled inside WHM for all cPanel packages you wish to be able to work with SSL automation. After adding the necessary feature to your cPanel packages, you can retry the automated provisioning again by setting the SSL Certificate product back to Pending and clicking the "Resend Configuration Data" module command button which should be available when viewing the SSL product within your WHMCS installation.
+
This error message may indicate that the cPanel hosting account does not have the required ''SSL/TLS'' feature enabled. This feature is required for automatic SSL CSR generation and installation. You '''must''' enable the ''SSL/TLS'' feature in WHM for all cPanel packages that will use SSL automation. After adding the necessary feature to your cPanel packages, you can retry the automated provisioning again by setting the SSL certificate product back to ''Pending'' and clicking the '''Resend Configuration Data''' module command button, which should be available when you view the SSL product in WHMCS.

Revision as of 18:04, 13 September 2021


WHMCS MarketConnect allows you to resell SSL Certificates from DigiCert, RapidSSL and GeoTrust with fully automated end-to-end provisioning and deployment.

Control Panels For Automatic SSL Installation

For some control panels, WHMCS can fully automate the SSL procurement process by generating a CSR, submitting it to the certificate authority, and installating the certificate. This is supported for the following control panels:

  • cPanel & WHM
  • Plesk
  • DirectAdmin

For other control panels, SSL certificates must be configured manually. Manual configuration requires the user to submit a CSR via the WHMCS Client Area.

Landing Pages

WHMCS MarketConnect includes SSL landing pages to send your new and existing customers to in order to learn about SSL and the SSL options you offer:

  • Overview (pictured below)
  • Standard SSL DV Certificates
  • Organizational OV Certificates
  • Extended Validation EV Certificates
  • Wildcard Certificates

These can be enabled when you start selling SSL certificates via MarketConnect. They can also be enabled or disabled via the Management panel for SSL certificate sales at Configuration () > System Settings > MarketConnect or, prior to WHMCS 8.0, Setup > MarketConnect.

Setup and Configuration

To activate and begin reselling SSL certificates via WHMCS MarketConnect, navigate to Configuration () > System Settings > MarketConnect or, prior to WHMCS 8.0, Setup > MarketConnect within your WHMCS admin area and click the Activate button under the SSL Certificates product offering.

SSL Certificate Automation

When ordering an SSL certificate for a cPanel & WHM, Plesk, or DirectAdmin hosting account, WHMCS and MarketConnect fully automate the SSL provisioning process. The following actions will be performed without any manual user interaction:

  • CSR generation
  • Certificate configuration
  • Domain Ownership Verification setup
  • Retrieval of the issued certificate
  • Certificate installation

In some cases, such as orders for OV and EV SSL certificates, additional steps to complete the extended validation may be required. After all of the extended validation requirements have been completed, the SSL certificate will be recognised, retrieved, and installed automatically.


cPanel Requirements

For automated SSL CSR generation and installation, cPanel accounts require you to enable the SSL/TLS feature on the appropriate feature list. You can enable this in WHM at WHM > Packages > [Feature Manager].


Other Control Panels

At this time, fully-automated provisioning is only supported for cPanel & WHM, Plesk, and DirectAdmin.

Ordering an SSL certificate as a standalone product or as an addon to a hosting account on an unsupported control panel will require manual input from clients to complete the process.

After submitting and paying for an SSL certificate order, the certificate will be provisioned and the customer will receive an email with a link to configure the certificate. They will be asked to provide a CSR and select an approver email address as part of the configuration process. The approver email will be used to validate the certificate's domain's owner.


Domain Control Validation Methods

HTTP File Method Support
In accordance with CA/B ballot 3.2.2.4.18, DigiCert has [announced the termination of support for file-based wildcard DCV authentication as of November 15th, 2021]. We recommend upgrading to WHMCS 8.3 or higher to use DNS validation for full automation of DV wildcard certificates.

WHMCS's automation for MarketConnect SSL certificate purchases includes several options for DCV:

  • DNS validation is available in WHMCS 8.3 and later.
  • Email and HTTP file validation are available in all supported WHMCS versions.

In WHMCS 8.3 and later, clients and admins can select a validation method during the Validation step of the manual configuration process for DigiCert certificates.

For more information about selling DigiCert SSL certificates via WHMCS MarketConnect, see [the WHMCS MarketConnect Knowledgebase].


Supported Client Actions

Retrieve Certificate

Clients can retrieve and download certificates that have been issued at any time from the WHMCS client area.

Update Approver Email

Clients can update the approver email for a pending certificate at any time via the WHMCS client area.

Reissues

Clients can self-service reissue SSL certificates at any time via the WHMCS client area.


Supported Admin Actions

Many actions are available once a certificate order has been created.

Check Status

Click here to view the order status. The order information will appear in the displayed output, displaying the Marketplace and remote order statuses. This allows you to see the validation status of the certificate.

Check Status will appear for any certificate status other than Cancelled.

Resend Configuration Email

Resend Configuration Email appears when the certificate's remote status is Awaiting Configuration.

Retrieve Certificate

After the certificate has been issued, you can click Retrieve Certificate to view the full certificate to be installed. Use this if the client did not receive the certificate via email.

Install Certificate

If the certificate is associated with a hosting plan on a supported control panel, clicking Install Certificate will allow you to install or reinstall the certificate.

Configure Certificate

Click Configure Certificate to manually configure a pending SSL certificate by uploading a CSR and providing administrator contact information.

  • In WHMCS 8.2 and earlier, this supports both email and file DCV.
  • In WHMCS 8.3 and later, this supports email, file, and DNS DCV.

Troubleshooting

The following are some common problems and solutions.

cPanel: Key Generation Failed: (XID xxxxxx) You do not have the feature “sslmanager”.

This error message may indicate that the cPanel hosting account does not have the required SSL/TLS feature enabled. This feature is required for automatic SSL CSR generation and installation. You must enable the SSL/TLS feature in WHM for all cPanel packages that will use SSL automation. After adding the necessary feature to your cPanel packages, you can retry the automated provisioning again by setting the SSL certificate product back to Pending and clicking the Resend Configuration Data module command button, which should be available when you view the SSL product in WHMCS.

Retrieved from "http://3.17.75.209/index.php?title=SSL_Certificates_via_WHMCS_MarketConnect&oldid=30697"