SSL_TLS Status - Illevante Cloud

title: SSL/TLS Status created at: Tue Oct 22 2024 10:47:55 GMT+0000 (Coordinated Universal Time) updated at: Sat Feb 08 2025 14:22:02 GMT+0000 (Coordinated Universal Time) --- # SSL/TLS Status # Overview This interface lets you view, upgrade, or renew your domains’ Secure Sockets Layer (SSL) certificates. You can also view a domain’s certificate details. !! Warning !! cPanel & WHM supports [Transport Layer Security (TLS) protocol version 1.2](https://tools.ietf.org/html/rfc5246) and [Transport Layer Security (TLS) protocol version 1.3](https://tools.ietf.org/html/rfc8446) : !! cPanel & WHM only supports TLSv1.2 or later. The system enables TLSv1.2 by default. !! Not all clients will support TLSv1.3, which requires OpenSSL 1.1.1 or higher. !! If you are using [AutoSSL](https://docs.cpanel.net/knowledge-base/security/guide-to-ssl/) or [SSL certificates purchased via your cPanel account](https://docs.cpanel.net/cpanel/security/ssl-tls-wizard/) to secure a [linked mail node](https://docs.cpanel.net/knowledge-base/general-systems-administration/cpanel-linked-nodes-guide/) , your cPanel & WHM nodes **must** be able to manage the authoritative DNS server. For more information about how SSL/TLS verifies server identities to protect your websites, read our [Guide to SSL](https://docs.cpanel.net/knowledge-base/security/guide-to-ssl) . ## CAA records in zone files Certificate Authority Authentication (CAA) records in a domain’s zone file restrict which Certificate Authorities (CA) may issue certificates for that domain. * If no CAA records exist for a domain, **all** CAs can issue certificates for that domain. * If conflicting CAA records exist, remove the existing CAA records or add one for the desired CA. You can manage your CAA records in the [*Zone Editor*](https://docs.cpanel.net/cpanel/domains/zone-editor) interface (*cPanel » Home » Domains » Zone Editor*). For more information about a CA’s requirements, read their documentation. # Purchase certificates banner The banner at the top of the interface lets you to perform the following actions: * *Purchase Certificates* — When you select this setting, the system directs you to the [*SSL/TLS Wizard*](https://docs.cpanel.net/cpanel/security/ssl-tls-wizard) interface (*cPanel » Home » Security » SSL/TLS Wizard*). * *Show Unsecured Domains* — The system filters the list of domains in the [*Domains* table](https://docs.cpanel.net/cpanel/security/ssl-tls-status/#the-domains-table) to only display unsecured domains. !! Warning\ We **strongly** recommend that you secure all of the domains that your visitors may view. # Search and filter The *Search* text box lets you filter the [*Domains* table](https://docs.cpanel.net/cpanel/security/ssl-tls-status/#the-domains-table) by a domain name. * Enter all or part of a domain name to update the table. * Click the filter icon () to display all available filter settings. You can select from the following filters: ## Domain Types * *All* — Display all domains, regardless of type. This is the default search filter. * *Main* — Display main domains. For example: * `example.com` * `www.example.com` * *Subdomain* — Display subdomains. For example: * `store.example.com` * `www.store.example.com` * *Addon Domains* — Display addon domains. For example: * `addon.com` * `www.addon.com` * *Parked Domains* — Display parked domains. For example: * `parked.com` * `www.parked.com` * *www and mail domain* — Display `www` and `mail` subdomains. For example: * `www.example.com` * `mail.example.com` * *Service subdomains* — Display [service subdomains](https://docs.cpanel.net/knowledge-base/general-systems-administration/service-and-proxy-subdomains) . For example: * `cpanel.example.com` * `whm.example.com` * `webmail.example.com` * `webdisk.example.com` * *DDNS Domains* — Display [dynamic DNS domains](https://docs.cpanel.net/cpanel/domains/dynamic-dns) . For example: * `home.example.com` * `office.example.com` ## SSL Types * *All* — Display all domains, regardless of the certificate type. This is the default search filter. * *Unsecured* — Display domains do not have a certificate. * *Self-Signed* — Display domains that you have secured with a self-signed certificate. **No** CAs secure self-signed certificates. * *AutoSSL DV Certificate* — Display domains that you have secured with an [AutoSSL](https://docs.cpanel.net/knowledge-base/security/guide-to-ssl/#autossl) -issued [Domain-Validated (DV) certificate](https://en.wikipedia.org/wiki/Domain-validated_certificate) . * *DV Certificate* — Display domains that you have secured with a DV certificate. * *OV Certificate* — Display domains that you have secured with an [Organizational Validation (OV) certificate](https://en.wikipedia.org/wiki/Public_key_certificate#Organization_validation) . * *EV Certificate* — Display domains that you have secured with an [Extended Validation (EV)](https://en.wikipedia.org/wiki/Extended_Validation_Certificate) certificate. ## SSL Statuses * *All* — Display all domains, regardless of certificate status. This is the default search filter. * *Active* — Display domains that you have secured by active certificates. * *Expired* — Display domains with an expired certificate. * *Expiring Soon* — Display domains whose certificates will expire soon. * *Unsecured* — Display domains that do not have a certificate. * *Has AutoSSL Problems* — Display domains with AutoSSL problems. For example, display a domain that does not resolve to an IPv4 address on the internet. ## AutoSSL Statuses * *All* — Display all domains, regardless of AutoSSL status. This is the default search filter. * *Included* — Display domains that AutoSSL includes when it runs. * *Excluded* — Display domains that AutoSSL does not include when it runs. # AutoSSL selection To control whether AutoSSL includes an individual domain, select one of the following settings: * *Include during AutoSSL* — Select the checkbox of each domain to include when AutoSSL runs, then click *Include during AutoSSL*. * *Exclude during AutoSSL* — Select the checkbox of each domain to exclude when AutoSSL runs, then click *Exclude during AutoSSL*. * *Run AutoSSL* — Force the system to perform an immediate AutoSSL run. The system will display the *AutoSSL is in progress …* message for the duration of the run. The *SSL/TLS Status* interface will reload when AutoSSL completes its run. !! Note\ You may see the *AutoSSL is in progress …* message if you load this interface and an AutoSSL run is currently in progress. # The Domains table The *Domains* table lists your domains and their certificates. You can use the table to view or upgrade a domain’s certificate. This table displays the following information: ## Domain This column displays a complete or filtered list of all domains on the cPanel account. The column will also display an icon that represents the following certificates: ![Unsecured](media_SSL_TLS%20Status/mZOZ6gL3rltRpo-cert-unsecure.png) ![Self-Signed](media_SSL_TLS%20Status/wBeXIUhiCUie5K-cert-ss.png) ![AutoSSL DV certficiate](media_SSL_TLS%20Status/dOOMS64HREjEwN-cert-adv.png) ![DV certificate](media_SSL_TLS%20Status/Iq7LHQs0c26oDJ-cert-dv.png) ![OV certificate](media_SSL_TLS%20Status/wL5JkdfQ-BwRlL-cert-ov.png) ![EV certificate](media_SSL_TLS%20Status/cLNZ2B1C5YeMdx-cert-ev.png) ## Certificate Status This column displays a domain’s certificate information. If an error exists for the domain in the `/var/cpanel/logs/autossl/` directory, the system displays that error in this column. The column also displays the last time the system ran AutoSSL for the domain. You can also select from the following settings: * *View Certificate* — View the domain’s certificate. The system will direct you to the *Install and Manage SSL for your site (HTTPS)* section of the [*SSL/TLS*](https://docs.cpanel.net/cpanel/security/ssl-tls) interface (*cPanel » Home » Security » SSL/TLS*). !! Note\ This setting is only available for domains with a certificate. * *Upgrade Certificate* or *Purchase Certificate* — Upgrade or purchase a certificate for the domain. The system will direct you to the [*SSL/TLS Wizard*](https://docs.cpanel.net/cpanel/security/ssl-tls-wizard) interface (*cPanel » Home » Security » SSL/TLS Wizard*). This interface displays the domain and the available types of certificates. !! Note\ These settings are only available for applicable domains. * *Include during AutoSSL* or *Exclude from AutoSSL* — Include or exclude [AutoSSL](https://docs.cpanel.net/whm/ssl-tls/manage-autossl) from this domain. !! Note\ If you have installed a non-AutoSSL certificate and haven’t configured AutoSSL to use that certificate, you will not see these settings.