WHMCS MarketConnect allows you to resell SSL Certificates from DigiCert, RapidSSL, and GeoTrust with fully automated end-to-end provisioning and deployment.

For more information, see our DigiCert SSL Certificates Knowledgebase.

Control Panels For Automatic SSL Installation

For some control panels, WHMCS can fully automate the SSL procurement process by generating a CSR, submitting it to the certificate authority, and installing the certificate. This is supported for the following control panels:

• cPanel & WHM
• Plesk
• DirectAdmin

For other control panels, SSL certificates must be configured manually. Manual configuration requires the user to submit a CSR via the WHMCS Client Area.

Landing Pages

WHMCS MarketConnect includes SSL landing pages to send your new and existing customers to in order to learn about SSL and the SSL options you offer:

• Overview (pictured below)
• Standard SSL DV Certificates
• Organizational OV Certificates
• Extended Validation EV Certificates
• Wildcard Certificates

These can be enabled when you start selling SSL certificates via MarketConnect. They can also be enabled or disabled via the Management panel for SSL certificate sales at Configuration () > System Settings > MarketConnect or, prior to WHMCS 8.0, Setup > MarketConnect.

Setup and Configuration

To activate and begin reselling SSL certificates via WHMCS MarketConnect, navigate to Configuration () > System Settings > MarketConnect or, prior to WHMCS 8.0, Setup > MarketConnect within your WHMCS admin area and click Activate under the SSL certificates product offering.

SSL Certificate Automation

When ordering an SSL certificate for a cPanel & WHM, Plesk, or DirectAdmin hosting account, WHMCS and MarketConnect fully automate the SSL provisioning process. The following actions will be performed without any manual user interaction:

• CSR generation
• Certificate configuration
• Domain Ownership Verification setup
• Retrieval of the issued certificate
• Certificate installation

In some cases, such as orders for OV and EV SSL certificates, additional steps to complete the extended validation may be required. After all of the extended validation requirements have been completed, the SSL certificate will be recognised, retrieved, and installed automatically.

MarketConnect will also automate the necessary reissuances for the duration of a multi-year certificate purchase. For more information, see below.

Instant Issuance

In WHMCS 8.7 and later, MarketConnect supports Instant Issuance for DV-based DigiCert SSL certificates. With Instant Issuance, WHMCS, as a DigiCert partner, can run the DV check and receive a signed CSR immediately at the time of order. This reduces the risk of failure and other issues while providing instantaneous SSL protection.

Instant Issuance functions through the use of pre-generated cryptographic content for file-based and DNS authorization checks (Domain Control Validation or DCV).

For more information about Instant Issuance in WHMCS, see SSL Certificate Instant Issuance and the Troubleshooting section below.

Requirements

Instant Issuance requires that:

• The system has access to create the necessary files.
• The Domain Control Validation (DCV) for the order is file-based or, in some circumstances, DNS-based.

If the purchase meets these conditions, the system will always attempt Instant Issuance.

Instant Issuance Activity

You can view Instant Issuance activity in the Activity Log section at Configuration () > System Logs.

cPanel Requirements

For automated SSL CSR generation and installation, cPanel accounts require you to enable the SSL/TLS feature on the appropriate feature list. You can enable this in WHM at WHM > Packages > Feature Manager.

Other Control Panels

At this time, fully-automated provisioning is only supported for cPanel & WHM, Plesk, and DirectAdmin.

Ordering an SSL certificate as a standalone product or as an addon to a hosting account on an unsupported control panel will require manual input from clients to complete the process.

After submitting and paying for an SSL certificate order, the certificate will be provisioned and the customer will receive an email with a link to configure the certificate. They will be asked to provide a CSR and select an approver email address as part of the configuration process. The approver email will be used to validate the certificate's domain's owner.

Domain Control Validation Methods

WHMCS's automation for MarketConnect SSL certificate purchases includes several options for DCV:

• DNS validation is available in WHMCS 8.3 and later.
• Email and HTTP file validation are available in all supported WHMCS versions.

In WHMCS 8.3 and later, clients and admins can select a validation method during the Validation step of the manual configuration process for DigiCert certificates.

For more information about selling DigiCert SSL certificates via WHMCS MarketConnect, see the WHMCS MarketConnect Knowledgebase.

Multi-Year SSL Certificates

In WHMCS 8.5 and later, MarketConnect allows you to sell two-year and three-year DigiCert SSL certificates. WHMCS will automatically handle reissuance and reinstallation throughout the order period, including automated emails and renewals.

Reissuance and Installation

Multi-year certificates will require reissuance throughout the life of the certificate. The cron checks for certificates that require reissuance and reissues them. It will also attempt to install automatic and manual reissues automatically (see below).

• Clients and admins can reissue and install certificates at any time via the Client Area.
• Admins can reissue and install certificates via the Products/Services tab of the client's profile in the Admin Area.

After WHMCS automatically or manually reissues a certificate, it will automatically attempt to install it. In WHMCS 8.4 and earlier, installation failures for one-year certificates were silent and did not send notification emails.

In WHMCS 8.5 and later, the system will send the following email templates in the following scenarios:

• SSL Certificate Issued — The system could not automatically install the certificate after reissuance and it requires manual installation. This template is only for reissuance, not for new SSL orders.
• SSL Certificate Installed — The system successfully automatically installed the certificate after automatic or manual issuance.
• SSL Certificate Multi-Year Reissue Due — The system could not automatically reissue the certificate or a reissuance attempt failed.
• SSL Certificate Validation Manual Intervention — The system could not automatically configure the certificate reissuance because of problems writing to the file or DNS record.

Updating to WHMCS 8.5 or Later

Upgrading to WHMCS 8.5 or later will add the new SslReissues cron task to handle automatic reissuance for two-year and three-year certificates and set its schedule.

The upgrade process will use the annual price to set the two-year and three-year prices.

• The system will multiply the one-year price by 1.9 to set the two-year price and by 2.8 (or 2.75 for DigiCert-branded certificates) for the three-year price.
• The Client Area will display all prices as a per-year price.
• You can update these prices at Configuration () > System Settings > MarketConnect when you click Manage under SSL Certificates from DigiCert.
• WHMCS installations on WHMCS 8.4 or earlier should not have existing pricing for multi-year certificates. However, if your installation already specifies custom prices for them, the update process may overwrite them.

Supported Client Actions

Retrieve Certificate

Clients can retrieve and download certificates that have been issued at any time from the WHMCS client area.

Update Approver Email

Clients can update the approver email for a pending certificate at any time via the WHMCS client area.

Reissues

Clients can reissue SSL certificates at any time with self service in the WHMCS Client Area.

Supported Admin Actions

Many actions are available once a certificate order has been created.

Check Status

Click here to view the order status. The order information will appear in the displayed output, displaying the Marketplace and remote order statuses. This allows you to see the validation status of the certificate.

Check Status will appear for any certificate status other than Cancelled.

Resend Configuration Email

Resend Configuration Email appears when the certificate's remote status is Awaiting Configuration.

Retrieve Certificate

After the certificate has been issued, you can click Retrieve Certificate to view the full certificate to be installed. Use this if the client did not receive the certificate via email.

Install Certificate

If the certificate is associated with a hosting plan on a supported control panel, clicking Install Certificate will allow you to install or reinstall the certificate.

Configure Certificate

Click Configure Certificate to manually configure a pending SSL certificate by uploading a CSR and providing administrator contact information.

• In WHMCS 8.2 and earlier, this supports both email and file DCV.
• In WHMCS 8.3 and later, this supports email, file, and DNS DCV.

Troubleshooting

cPanel: Key Generation Failed: (XID xxxxxx) You do not have the feature “sslmanager”.

This error message may indicate that the cPanel hosting account does not have the required SSL/TLS feature enabled. This feature is required for automatic SSL CSR generation and installation. You must enable the SSL/TLS feature in WHM for all cPanel packages that will use SSL automation. After adding the necessary feature to your cPanel packages, you can retry the automated provisioning again by setting the SSL certificate product back to Pending and clicking the Resend Configuration Data module command button, which should be available when you view the SSL product in WHMCS.

Instant Issuance Failures

Instant Issuance reduces the overall likelihood of issuance failure. However, if an error occurs, it will display when you click View Order for the associated order in the Products/Services tab in the client's profile:

• Standard DCV Polling - The Instant Issuance token is not deployable indicates that the system received the instant issuance token from MarketConnect but the hosting control panel could not deploy it.
• Standard DCV Polling - The Instant Issuance token could not be acquired indicates that MarketConnect failed to provide the instant issuance token.
• Standard DCV Polling - DigiCert could not validate the Instant Issuance token indicates that DigiCert cannot resolve the domain, cannot find the required file, or the file does not include the expected contents.
• Standard DCV Polling indicates that another type of error occurred.

All of the above errors also indicate that the system fell back to standard DCV polling to complete the process.