cPanel & WHM Integration
Welcome to Zero Touch SSL by Sectigo. This feature allows you to use WHMCS automation to sell, install, and renew SSL certificates with zero touch points from your web hosting customers. This feature currently works with Sectigo DV Certificates.
What is Zero Touch SSL?
Zero Touch SSL provides you the ability to sell, deploy and renew Domain Validated certificates to cPanel & WHM hosting accounts.
Preparing to Sell Zero Touch SSL
cPanel & WHM provides a features called AutoSSL which provides free SSL and the ability to buy commercial SSL certificates via cPanel. This should be disabled to avoid two sources from provide SSL certificates. You are able to still use AutoSSL on a per account basis, should you have a need to utilize it for a handful of clients.
Step 1: Add Sectigo, PositiveSSL, InstantSSL DV Certificates
If you haven't already added these products, use the Sectigo WHMCS Module to add one or more to your installation. For instructions on how to add products, start here.
Step 2: Associate with Hosting Product (as Addon)
Go to the details of the Addons and add them to the desired cPanel products in the Applicable Products tab.
Step 3: Place Test Order
Once those steps are completed then the SSL Addons should be ready for use. Find the URL to the Hosting product(s) you have associated and place a test order, you should see a new Addon in the Available Addons section, with the ability to select via checkbox.
Zero Touch SSL FAQ
How does Zero Touch SSL work with the built-in SSL Monitoring WHMCS feature?
The WHMCS cron should be configured to run every 5 minutes, that's WHMCS' recommendation and our hook will check on the SSL status on each run.
What happens when ordering a zero touch SSL?
When the addon product is created, typically when the order has been completed, then the Sectigo Addon will communicate with the cPanel server hosting the parent hosting account. It will create a public/private keypair and CSR.
It will submit the CSR to Sectigo and then add a CNAME record to the DNS zone file for the parent domain in cPanel.
This CNAME record is used by Sectigo to verify the domain prior to issuing the SSL certificate. For this verification process to work the DNS servers for the cPanel environment must be the authoritative nameservers for the domain.
Once these steps are completed then the Sectigo Addon will poll Sectigo every time the WHMCS cron automation job runs (standard configuration is for this to happen every 5 minutes) to check the status of the certificate verification. If properly configured the verification process will only take 5-10 minutes, but the Addon will continue to check for up to 16 hours before giving up.
The status of these checks is recorded into the WHMCS Activity Log.
When the Sectigo server responds that the certificate verification is complete and the certificate has been issued the Sectigo Addon will then download the certificate bundle from Sectigo and then install it onto the parent cPanel account.
Zero Touch SSL Troubleshooting Guide
SSL Addon product didn’t get created
If the cPanel parent account isn’t properly set up then the SSL Addon won’t be able to start it’s setup. First ensure that the cPanel account is completed and working. Then it’s possible to manually trigger creating the SSL Addon from the Admin area under the Products/Services section by pressing the Create button under Module Commands
SSL Addon created but won’t validate
First check in the cPanel control panel of the parent hosting account. Check the SSL/TLS section and verify that a private key and CSR have been created. If those are present then look at the DNS Zone Editor section and verify that a CNAME record has been created for domain verification. If that hasn’t happened verify that the access credentials to the cPanel server configured in WHMCS are correct and that the API Access Token is properly set. Once that’s complete manually run the Create action from Module Commands again.
If the Private Key, CSR, and DNS CNAME have all been set, but validation still hasn’t completed then verify that the nameserver configuration for the domain is correct. If the cPanel server’s nameservers aren’t authoritative for the domain then verification can’t be completed. Once the DNS configuration has been resolved check if the certificate is still pending verification in the Sectigo portal. If so, then let the process continue and it should complete verification on its own, unless the 16 hour window has passed. Then the certificate should be cancelled/revoked and the Create action triggered again.
SSL Addon has been validated but the certificate hasn’t been installed
Verify that the cPanel server connection settings in WHMCS are correct and that the API Access Token is properly set. Also verify that the Sectigo API connection credentials are correctly set and working. Either one of these not working should be the only reason a verified certificate can’t be installed.
Updated over 3 years ago