How can we improve WHMCS?

Share, discuss and vote for what you would like to see added to WHMCS

Control SSL Status Monitoring per Product

  • Frank Feingold shared this idea 5 years ago
  • Client Area

Starting with WHMCS 7.7.0 SSL monitoring has been introduced. It currently appears to check for a valid SSL certificate for All products/services that are:

  • Hosting Account
  • Reseller Account
  • Dedicated/VPS server

We'd like to see an option on the specific service to override/disable the SSL check.

In our case, we have a particular type of VPS that we sell that comes with a software firewall. The client configures the firewall so they have access to the VPS and the VPS has a valid SSL. WHMCS on the other hand, does not have access to their VPS so the SSL check shows an invalid SSL.

This causes two issues:
  • WHMCS shows an invalid SSL when there really is one (WHMCS just can't check it)
  • The VPS firewall logs the fact that WHMCS tried to connect to the VPS (to check the SSL status)

Both of these are are causing a number of un-necessary support tickets.

It would just be a lot more flexible if the SSL check could be turned off on a per product/service level.


Login to post a comment.

What is the reason that WHMCS refuses to allow their clients to disable this feature if they simply don't want it?
Really you should add the choice to disable it completely and optionally re-eanable it per product.
You know I've "Let's encrypt" enabled on my servers and I do not mind if a name has or not SSL enabled.
Many domains are just parked, no SSL at all.
That's just confusing customers!

Please let hosters chose if it is useful for profit or not.

Oto Tortorella
Hi all,
Thanks for creating this request and your comments, we're always interested to receive feedback on new features.

In version 7.8 we've included maintenance updates to the SSL checker feature. This will make it more reliable with certain versions of cURL and ensure greater success for the SSLSync task in the daily automation task.
If the domain has been pre-checked by automation task, then the result can be displayed faster as no test is required after page load. If a check is required, these are performed after the page has loaded, so should not impact page load time.

Please give the 7.8 beta a try and let us know whether it resolved cases where SSL status was mis-detected in 7.7:
We'd still really (really) like the option to disable this on a per product basis or have a hook where we can check the product and skip the check. As I said in the original request we have 1000's of services that will never get a valid SSL (that WHMCS can check) because of software firewalls. This slows down the nightly cron, every time you access the server in the admin side etc.
i second this.
Per my comments above, this is not something that WHMCS can ever 'fix'. One one of our services, they are behind a software/hardware firewall and WHMCS will NEVER be able to check the cert. We really need the ability to turn off the check on a per-product basis or a hook that we can use to simply skip the check on a per-check basis.
We will remain on 7.6 until this is made optional or we are forced to update because of security reasons.
Totally agree with commentators above. We need ability to disable this "feature"
Oh dear i just noticed this in a clients admin interface and it shows for only domain registrations too! thats just silly! if its just a domain they dont do their ssl with me!

this needs to have an option to just disable completely. really disappointed to see yet another feature added that was never even asked for and no way to turn it off! there are lots of other more important feature requests that seem to just fall on deaf ears that would actually be useful.
Hi John,
I'm interested to understand why this would prevent the domain owner from buying an SSL certificate through you?

Our thinking is that, the domain owner is made aware they don't have an SSL certificate on the domain, buys the certificate (earning profit for you) which can then be installed at their hosting provider.
why would you force something onto people A) that has issues and B) perhaps I don't want to deal with all the work involved in helping install a certificate on someone elses server if its even possible with their access level and most of my domain only clients use shopify or squarespace or wix for their sites, plus most hosts should really be supporting letsencrypt these days too, which is basically free. please just add an option to disable the feature... why not??
@WHMCS John, I think you're glossing over the reason this request was created.

Not all "domains" are websites; some are just unique identifiers / descriptors for non-website products.

These do not and will not ever have SSL.

Therefore the check is wasting resources unnecessarily.
Hi Nate,
For those products, please choose the "Other" product type. The SSL status and check will not be displayed for this product type.
Thanks for sharing your use-case John, that's most helpful.
I'm sorry, but that is really not a viable solution. If it's a VPS (for example) and it has a provisioning module it needs to be a VPS/Dedicated type or it's just not going to work properly.

Yes, we get the fact that things should be SSL. In our case, they are, but they are behind a firewall (software or hardware) and WHMCS can't get through the firewall.

The reason I'd like is that it slows productivity. Sometimes (note: not all the time) it takes between 5-10 seconds for the SSL check to complete, which essentially makes it impossible to load other pages whilst the check is going on.

I'd like either a global control to disable it, or per product.
Personally I'd rather see the option to disable it all together from the admin side. For now, we've removed all code on the customer side.
I expected WHMCS to, at a minimum: 1) Not enable this "feature" automatically
2) Check for compatibility before showing SSL status
3) Show an ERROR that the cert couldn't be checked instead of NOT SECURE!
You should definitely be able to enable or disable this on a per product basis. Not everything is about SSL certificates.