SSL Certificates

WHMCS MarketConnect allows you to resell SSL certificates from DigiCert®, RapidSSL, and GeoTrust® with fully automated end-to-end provisioning and deployment.

Activating the service provider in MarketConnect.

For more information, see our DigiCert SSL Certificates Knowledgebase.

Included Features

Premade Landing PagePremade PromotionsPremade UpsellsFree or Trial Plan
✖️
Account CreationAccessAutomated RenewalsAutomated Upgrades
N/AN/A

Setup and Configuration

Activating the service provider in MarketConnect.

To activate and begin reselling SSL certificates:

  1. Go to Configuration () > System Settings > MarketConnect.
  2. Find the service provider in the list.
  3. Click Start Selling.
  4. Click Activate Now.

Automation

When ordering an SSL certificate for a cPanel & WHM, Plesk, or DirectAdmin hosting account, WHMCS and MarketConnect fully automate the SSL provisioning process. The system can perform the following actions with no manual intervention from your staff:

  • CSR generation
  • Certificate configuration
  • Domain Ownership Verification setup
  • Retrieval of the issued certificate
  • Certificate installation

In some cases, such as orders for OV and EV SSL certificates, additional steps to complete the extended validation may be required. After all of the extended validation requirements have been completed, the SSL certificate will be recognized, retrieved, and installed automatically.

MarketConnect will also automate the necessary reissuances for the duration of a multi-year certificate purchase.

For more information, see Reissuance and Installation below.

Control Panels

For cPanel & WHM, Plesk, and DirectAdmin only, WHMCS can automate SSL procurement by generating a CSR, submitting it to the certificate authority, and installing the certificate.

cPanel Requirements

For automated SSL CSR generation and installation, cPanel accounts require you to enable the SSL/TLS feature on the appropriate feature list. You can enable this in WHM at WHM > Packages > Feature Manager.

For help resolving related Key Generation Failed errors, see Key Generation Failed Errors.

Unsupported Control Panel Requirements

For other control panels, you must configure SSL certificates manually. Manual configuration requires the user to submit a CSR in the Client Area.

After submitting and paying for an SSL certificate order, the certificate will be provisioned and the customer will receive an email with a link to configure the certificate. They will be asked to provide a CSR and select an approver email address as part of the configuration process. The approver email will be used to validate the certificate’s domain’s owner.

Instant Issuance

In WHMCS 8.7 and later, MarketConnect supports Instant Issuance, an advanced method for DV-based DigiCert SSL certificates that makes selling and deploying SSL certificates even faster and more reliable.

Instant Issuance is only available through DigiCert partners like WHMCS MarketConnect.

With Instant Issuance, the system runs the DV check and receives a signed SSL certificate (CSR) immediately at the time of order. This provides instantaneous SSL protection with no wait time and no confusing errors or warnings when clients access the new website. This can mean reduced technical support needs, increased SSL certificate orders, and better overall customer satisfaction. Instant Issuance also reduces the risk of failure and other issues that customers may experience with SSL issuance via standard Domain Control Validation (DCV) polling.

Instant Issuance uses pre-generated cryptographic content for file-based and DNS authorization checks (DCV). This facilitates immediate deployment and instantaneous protection for customers’ websites.

Requirements

  • MarketConnect uses Instant Issuance by default on all DV SSL certificate orders via DigiCert and MarketConnect on WHMCS 8.7 and higher.
  • Before WHMCS 8.7, issuance via standard DCV polling was the only method available for SSL certificate issuance, and the system will continue to use it for orders for which Instant Issuance is not possible.

Instant Issuance requires that:

  • The system has access to create the necessary files.
  • The Domain Control Validation (DCV) for the order is file-based or, in some circumstances, DNS-based.

If the purchase meets these conditions, the system will always attempt Instant Issuance.

The Instant Issuance Process

Instant Issuance uses the following process:

1. A customer places an SSL certificate order.

Customers can purchase SSL certificates through the Client Area, or admins can place orders through the Admin Area. If the purchase meets the requirements for Instant Issuance, the system will always attempt Instant Issuance.

2. The system generates cryptographic files.

The system automatically generates the required cryptographic files within the associated hosting account.

3. MarketConnect sends the order information to DigiCert.

When MarketConnect sends the order to DigiCert, it will include the generated cryptographic content. This speeds up the process by removing several time-consuming steps that slow down the standard DCV polling process.

4. DigiCert replies.

DigiCert will immediately reply with the new certificate’s data.

5. The system automatically installs the certificate.

After WHMCS has the certificate data, installation occurs immediately.

If Instant Issuance fails, the system will attempt to issue the certificate using standard DCV polling.

For help resolving Instant Issuance errors and related error messages, see Instant Issuance Failures.
You can view Instant Issuance activity in the Activity Log section at Configuration () > System Logs.

Domain Control Validation Methods

We recommend upgrading to WHMCS 8.3 or higher to use DNS validation for full automation of DV wildcard certificates.

WHMCS’s automation for MarketConnect SSL certificate purchases includes several options for DCV:

  • DNS validation is available in WHMCS 8.3 and later.
  • Email and HTTP file validation are available in all supported WHMCS versions.

In WHMCS 8.3 and later, clients and admins can select a validation method during the Validation step of the manual configuration process for DigiCert certificates.

For more information, see our DigiCert SSL Certificates Knowledgebase.

Multi-Year SSL Certificates

In WHMCS 8.5 and later, MarketConnect allows you to sell two-year and three-year DigiCert SSL certificates. WHMCS will automatically handle reissuance and reinstallation throughout the order period, including automated emails and renewals.

Reissuance and Installation

Multi-year certificates will require reissuance throughout the life of the certificate. The cron checks for certificates that require reissuance and reissues them. It will also attempt to install automatic and manual reissues automatically (see below).

  • Clients and admins can reissue and install certificates at any time via the Client Area.
  • Admins can reissue and install certificates via the Products/Services tab of the client’s profile in the Admin Area.

After WHMCS automatically or manually reissues a certificate, it will automatically attempt to install it. In WHMCS 8.4 and earlier, installation failures for one-year certificates were silent and did not send notification emails.

In WHMCS 8.5 and later, the system will send the following email templates in the following scenarios:

  • SSL Certificate Issued — The system could not automatically install the certificate after reissuance and it requires manual installation. This template is only for reissuance, not for new SSL orders.
  • SSL Certificate Installed — The system successfully automatically installed the certificate after automatic or manual issuance.
  • SSL Certificate Multi-Year Reissue Due — The system could not automatically reissue the certificate or a reissuance attempt failed.
  • SSL Certificate Validation Manual Intervention — The system could not automatically configure the certificate reissuance because of problems writing to the file or DNS record.

Updating to WHMCS 8.5 or Later

Upgrading to WHMCS 8.5 or later will add the new SslReissues cron task to handle automatic reissuance for two-year and three-year certificates and set its schedule.

The upgrade process will use the annual price to set the two-year and three-year prices.

  • The system will multiply the one-year price by 1.9 to set the two-year price and by 2.8 (or 2.75 for DigiCert-branded certificates) for the three-year price.
  • The Client Area will display all prices as a per-year price.
  • You can update these prices at Configuration () > System Settings > MarketConnect when you click Manage under SSL Certificates.
  • WHMCS installations on WHMCS 8.4 or earlier should not have existing pricing for multi-year certificates. However, if your installation already specifies custom prices for them, the update process may overwrite them.

Supported Client Actions

Clients can perform the following actions at any time in the Client Area:

  • Retrieve and download issued certificates.
  • Update the approver email for a pending certificate.
  • Reissue SSL certificates.

Supported Admin Actions

Admins can perform the following actions:

  • Click Check Status to view the order status. The order information will appear in the displayed output, displaying the Marketplace and remote order statuses.
    • This allows you to see the validation status of the certificate.
    • Check Status will appear for any certificate status other than Cancelled.
  • Click Resend Configuration Email to send a configuration email again. This action appears when the certificate’s remote status is Awaiting Configuration.
  • Click Retrieve Certificate after certificate issuance to view the full certificate to install. Use this if the client did not receive the certificate via email.
  • Click Install Certificate to install or reinstall the certificate on a supported control panel.
  • Click Configure Certificate to manually configure a pending SSL certificate by uploading a CSR and providing administrator contact information.
    • In WHMCS 8.2 and earlier, this supports both email and file DCV.
    • In WHMCS 8.3 and later, this supports email, file, and DNS DCV.

Client Area Promotions

A promotion in the Client Area

MarketConnect supports displaying SSL certificate promotions in the Client Area homepage, the shopping cart, and when managing a hosting product that does not already include an SSL certificate. These promotions will appear when you enable SSL certificates in WHMCS MarketConnect in the Admin Area.

Customers who have already purchased a SSL certificate plan will see upsell promotions with options to upgrade their SSL certificate when they check out.

An upsell promotion in the Client Area

For more information, see MarketConnect Promotions.

Buying in the Client Area

New and existing customers can purchase an SSL certificate as a standalone product using the SSL certificate landing page at Website & Security > SSL Certificates. Existing customers can also purchase SSL certificates by clicking on a Client Area promotion.

The SSL certificate landing page in the Client Area

The landing page includes all of the necessary information about available plans, pricing, and features.

Last modified: October 29, 2024