Valid for versions 92 through the latest version
Last modified: July 31, 2023
This interface lets you view, upgrade, or renew your domains’ Secure Sockets Layer (SSL) certificates. You can also view a domain’s certificate details.
cPanel & WHM supports Transport Layer Security (TLS) protocol version 1.2 and Transport Layer Security (TLS) protocol version 1.3:
- cPanel & WHM only supports TLSv1.2 or later. The system enables TLSv1.2 by default.
- Not all clients will support TLSv1.3, which requires OpenSSL 1.1.1 or higher.
For more information about how SSL/TLS verifies server identities to protect your websites, read our Guide to SSL.
CAA records in zone files
Certificate Authority Authentication (CAA) records in a domain’s zone file restrict which Certificate Authorities (CA) may issue certificates for that domain.
If no CAA records exist for a domain, all CAs can issue certificates for that domain.
If conflicting CAA records exist, remove the existing CAA records or add one for the desired CA.
You can manage your CAA records in the Zone Editor interface (cPanel » Home » Domains » Zone Editor). For more information about a CA’s requirements, read their documentation.
Purchase certificates banner
The banner at the top of the interface lets you to perform the following actions:
Purchase Certificates — When you select this setting, the system directs you to the SSL/TLS Wizard interface (cPanel » Home » Security » SSL/TLS Wizard).
Show Unsecured Domains — The system filters the list of domains in the Domains table to only display unsecured domains.Warning:
We strongly recommend that you secure all of the domains that your visitors may view.
Search and filter
The Search text box lets you filter the Domains table by a domain name.
- Enter all or part of a domain name to update the table.
- Click the filter icon () to display all available filter settings.
You can select from the following filters:
- All — Display all domains, regardless of type. This is the default search filter.
- Main — Display main domains. For example:
- Subdomain — Display subdomains. For example:
- Addon Domains — Display addon domains. For example:
- Parked Domains — Display parked domains. For example:
- www and mail domain — Display
- Service subdomains — Display service subdomains. For example:
- DDNS Domains — Display dynamic DNS domains. For example:
- All — Display all domains, regardless of the certificate type. This is the default search filter.
- Unsecured — Display domains do not have a certificate.
- Self-Signed — Display domains that you have secured with a self-signed certificate. No CAs secure self-signed certificates.
- AutoSSL DV Certificate — Display domains that you have secured with an AutoSSL-issued Domain-Validated (DV) certificate.
- DV Certificate — Display domains that you have secured with a DV certificate.
- OV Certificate — Display domains that you have secured with an Organizational Validation (OV) certificate.
- EV Certificate — Display domains that you have secured with an Extended Validation (EV) certificate.
- All — Display all domains, regardless of certificate status. This is the default search filter.
- Active — Display domains that you have secured by active certificates.
- Expired — Display domains with an expired certificate.
- Expiring Soon — Display domains whose certificates will expire soon.
- Unsecured — Display domains that do not have a certificate.
- Has AutoSSL Problems — Display domains with AutoSSL problems. For example, display a domain that does not resolve to an IPv4 address on the internet.
- All — Display all domains, regardless of AutoSSL status. This is the default search filter.
- Included — Display domains that AutoSSL includes when it runs.
- Excluded — Display domains that AutoSSL does not include when it runs.
To control whether AutoSSL includes an individual domain, select one of the following settings:
- Include during AutoSSL — Select the checkbox of each domain to include when AutoSSL runs, then click Include during AutoSSL.
- Exclude during AutoSSL — Select the checkbox of each domain to exclude when AutoSSL runs, then click Exclude during AutoSSL.
- Run AutoSSL — Force the system to perform an immediate AutoSSL run. The system will display the AutoSSL is in progress … message for the duration of the run. The SSL/TLS Status interface will reload when AutoSSL completes its run.
You may see the AutoSSL is in progress … message if you load this interface and an AutoSSL run is currently in progress.
The Domains table
The Domains table lists your domains and their certificates. You can use the table to view or upgrade a domain’s certificate. This table displays the following information:
This column displays a complete or filtered list of all domains on the cPanel account. The column will also display an icon that represents the following certificates:
— AutoSSL DV certficiate
— DV certificate
— OV certificate
— EV certificate
This column displays a domain’s certificate information. If an error exists for the domain in the
/var/cpanel/logs/autossl/ directory, the system displays that error in this column. The column also displays the last time the system ran AutoSSL for the domain. You can also select from the following settings:
- View Certificate — View the domain’s certificate. The system will direct you to the Install and Manage SSL for your site (HTTPS) section of the SSL/TLS interface (cPanel » Home » Security » SSL/TLS).
This setting is only available for domains with a certificate.
- Upgrade Certificate or Purchase Certificate — Upgrade or purchase a certificate for the domain. The system will direct you to the SSL/TLS Wizard interface (cPanel » Home » Security » SSL/TLS Wizard). This interface displays the domain and the available types of certificates.
These settings are only available for applicable domains.
- Include during AutoSSL or Exclude from AutoSSL — Include or exclude AutoSSL from this domain.
If you have installed a non-AutoSSL certificate and haven’t configured AutoSSL to use that certificate, you will not see these settings.