How to turn OFF Hostname SSL Certificate generation

[UH-Matt]

[Moved from: hostname SSL cert replaced with cPanel issued version ]

Still these SSL features CANNOT BE TURNED OFF OR HIDDEN fully on a server.

Is anyone else really concerned that the trust we put in cPanel has been totally disrespected here by the fact they have got involved in our business with our customers and began replacing and installing SSL where they shouldn't be doing so?

SSL is a big revenue stream for some, but more importantly its an extremely important part of many peoples servers and sites. Customers often spend money on these to get proper assurance for their customers - seeing SSL interfered with by free dubious "cPanel SSL's" is really taking the biscuit.

I've tried going through the appropriate channels and working via support and our account manager, but it seems when these new SSL features were designed its impossible to turn them OFF. This is madness, no? Even if you disable in manage2 at account level, the feature is still visible in WHM links and when you click one it will automatically re-enable the SSL store with cPanel as the default provider.

Is anyone else really upset by this? Does anyone have any hacks to get these features properly disabled (something cPanel don't want to do...).

I've had a brilliant relationship with cPanel until now, but this has really spoilt the commercial trust we all place in them as a partner. They are now no better than Parallels in my eyes, which is a huge shame!

 

[UH-Matt]

Hi Guys

Posting here as through support and our NOC partner manager we've not been able to get a result.

We're having real problems with the cPanel AutoSSL/Free SSL certs. We just want to turn the whole feature off (just like you can any other feature on WHM/cPanel) but its impossible. Even if you tick the box in manage2 at licence level, the links are still there and if you click one it turns the feature right back on and enables cPanel as the default provider.

We already have our own automation for SSL certificates for our customers. We don't want cPanel stealing them from us with its own features. Our relationship with our customer is our own and not for cPanel to be pushing in on.

Has anyone successfully figured out how to turn off the SSL marketplace properly, as cPanel are not seamingly willing to do so?

Thanks
Matt

 

[Eminds]

I guess you will need to disable the Auto SSL feature from feature manager for the packages that you have assigned to your web hosting clients.

Login to WHM >> Search for Feature Manager >> Select the package and click on Edit >> unchecked the auto ssl box and save

and it should disable the auto ssl for that particular package.

You will need to repeat the steps for every package you have created.

 

[anushkumar]

Disable AutoSSL via WHM >> SSL/TLS >> Disable Auto SSL Providers

You may also want to make sure you do not have any users already using the AutoSSL facility via Manage Users as well.

 

[UH-Matt]

That doesn't work guys, not that simple.

Links are all still there even when "disabled" As is the cPanel checks in the back ground which automatically find and install SSL's on accounts, sometimes overwriting purchased SSL's from other providers.

 

[cPanelMichael]

Hello @UH-Matt,

If I understand correctly, as a license provider, you'd like to prevent server administrators from issuing free 90-day certificates via the AutoSSL feature. While it's not possible to hide the AutoSSL feature itself in the WHM UI, the following options are available to Partners in the Manage2 interface:

Block servers with your company ID from ordering paid SSL certificates from the cPanel Store.
Block servers with your company ID from getting free hostname certificates from the cPanel Store.
Block servers with your company ID from getting free 90 day certificates from the cPanel Store.

You can complete the following steps to access these options:

1. Log in to your Manage2 account.
2. From the Manage2 dashboard, navigate to the Update Company Information interface (Dashboard >> Company >> Update Company Information).
3. In the cPanel Store Integration section, select the options that suite your preferences.
   
4. Click Save at the end of the interface.

Could you verify if AutoSSL certificates are still generated after enabling the options quoted above?

Thank you.

 

[UH-Matt]

Correct but those options do not work. Please speak to Eric Ellis who has worked on this back in December with me (but is now ignoring me).

Even with those options all ticked, the links still show in the WHM list of features. Then if you click on one of the links it says "no SSL provider is set so setting cPanel as your default provider") and hey presto all the free SSL functionality is back in WHM, even with the licence set not to allow it.

The ability to turn all this off is currently not available nor working properly. So it requires a "fix" , but so far via my account manager nor support ticket has anyone been able to actually acknowledge this.

Feel free to test it!

The wording on the page even says:

"If the account does not currently have the necessary features to order SSL certificates, the system will automatically enable those features."

And sure enough it does enable and begin to issue SSL's even on a licence with everything turned off in manage2.

On a seperate note, cPanel also now starts to "check" SSL's across sites, and if it doesn't like what it sees it will auto install a free cPanel SSL. So we've had instances where customers who have paid lots of money for expensive SSL's (such as wildcards and EV's) suddenly contact us and ask why their site is showing a free cPanel SSL.

It's not cPanels job to do these checks, and this is again on Licences with all the options in manage2 set to OFF.

It's causing us huge issues supporting our customers ,and ultimately also costing us revenue as cPanel is trying to have a relationship directly with our customers. Something you should not be doing, but presumably for commercial reasons are doing anyway - ala Parallels! It's a sad day!

 

[cPanelMichael]

Hello @UH-Matt,

Could you provide a ticket number for the support ticket that's open or was previously opened?

Thank you.