Notifications for expired or expiring SSL certificates?

sneader

• January 01, 2017 12:49

Is there a way to receive notifications from WHM/cPanel when an SSL certificate is either expired, or maybe expiring within XX days? We are using the Let's Encrypt plugin, which attempts to renew certificates within 29 days, I believe (or less if the existing certificate is non-LE). Let's say I want to know if an SSL certificate is within 3 days of expiring... or at least if the cert has expired... is there such a mechanism? - Scott

• 

  PaulK

  • January 02, 2017 04:37

  Don't know about LE but most of third-party resellers send expiry reminders, I have certs from two different vendors both are good at this stage. I know few third-party sites (listed below) where you can signup for expiry notification on email, I haven't use them but they seem to be legit at first glance. certificatemonitor.org trackssl.com Hope this will help.

  0
• 

  Infopro

  • January 02, 2017 09:13

  The Contacts Manager has alerts for this.

  0
• 

  sneader

  • January 02, 2017 12:01

  Thanks, InfoPro! I double checked and I have both of those options enabled and alerts set. However, they did not fire. I am thinking these alerts are ONLY for the hostname SSL certificate, and not for individual customer SSL certificates? The Documentation site simply says that these alerts will fire when "A domain's SSL certificate expires soon" and "A domain's SSL certificate has expired" Are you able to confirm whether these alerts should fire for all SSL certs on the server, or only for the hostname cert? - Scott

  0
• 

  Infopro

  • January 02, 2017 15:13

  I'm not. I don't use the Lets Encrypt plugin. I did find this post though: Expiration notices for certificates that don't expire yet As of March 17th, the system won't send any expiration notifications for new certificates if they are renewed in time. You will continue to receive notifications for certificates issued before that date, either until they all expire or until someone gets around to backfilling some of the data used by the expiration mailer to fix this for older certificates too.
  Not sure if this is has anything to do with the cPanel plugin though, sorry.

  0
• 

  sneader

  • January 02, 2017 18:29

  Thanks, InfoPro! I was hoping that cPanel had a way to alert the server admin of any SSL certificates on the server that are about to expire, and again when the certificate is expired. The data is available... You can log into WHM, click Manage SSL Hosts, and sort that list by expiration date... but that is pretty time intensive when there are many servers and especially since Let's Encrypt uses 3 month certificates. I think I will open a ticket, just to confirm that the two notification options in Notification Manager are really only for the server's hostname certificate, and not for the rest of the installed customer certs... and, if that is the case, will start a Feature Request to expand the notifications. I'll report back with what I find (and link to feature request, if opened). - Scott

  0
• 

  sneader

  • January 03, 2017 00:40

  I received feedback from cPanel support (Tickets ID# 8102289) that the two notification options in Contact Manager for SSL Expiration notifications are ONLY for the server's hostname SSL certificate... not for any customer SSL certificates that are installed. I have created a Feature Request for cPanel to consider adding a feature to alert sysadmins of pending SSL certificate expirations, and again to alert after an SSL certificate has expired. The Feature Request is here: Notify sysadmin when customer SSL Certificate near expiration, and again after expiration (as of this writing, the request was pending moderation, so if you don't see it, check it out later) - Scott

  0
• 

  8p-design

  • August 23, 2022 16:08

  I encourage you to support this Feature request: Notification when SSL is expired

  0

Please sign in to leave a comment.