cPanel SSL Certificate Monitoring

Server Scout's cPanel plugin includes comprehensive SSL certificate monitoring capabilities that help you track certificate expiry dates and prevent unexpected outages. This guide explains how to leverage the SSL monitoring features to maintain certificate health across your cPanel server.

How SSL Certificate Monitoring Works

The Server Scout cPanel plugin uses the cpanelcollectssl() function to automatically inventory all SSL certificates on your server. This function runs during each monitoring cycle and gathers detailed information about every certificate, including:

  • Domain name and certificate details
  • Issuer information
  • Expiry date and days remaining
  • Auto-SSL management status
  • Certificate validation state

The plugin scans all cPanel accounts and their associated domains, providing a comprehensive view of your server's SSL certificate landscape.

Understanding SSL Certificate Data

When viewing SSL certificate information in the Server Scout dashboard, you'll see several key pieces of data for each certificate:

Per-Domain Details: Each domain shows its current certificate status, including the exact expiry date and a countdown of days remaining until expiration. This allows you to quickly identify which certificates require attention.

Issuer Information: The plugin displays the certificate authority that issued each certificate, helping you identify whether certificates are from Let's Encrypt, commercial CAs, or self-signed sources.

Auto-SSL Detection: Server Scout automatically detects whether cPanel's Auto-SSL feature is managing certificate renewal. This is crucial for understanding which certificates should renew automatically and which require manual intervention.

Summary Counts: The dashboard provides summary statistics showing the total number of expired certificates and those approaching expiry within your defined timeframes.

Viewing SSL Status in Server Scout

To access your SSL certificate monitoring data:

  1. Log into your Server Scout dashboard at serverscout.ie
  2. Navigate to your server's overview page
  3. Click on the "Plugins" section in the left sidebar
  4. Select "cPanel SSL Certificates" from the available plugins

The SSL monitoring interface displays certificates organised by status - active, expiring soon, and expired. Use the filtering options to focus on specific timeframes or certificate types.

Setting Up SSL Certificate Alerts

Proactive alerting prevents certificate expiration surprises. Server Scout allows you to configure alerts for different expiry timeframes:

14-Day Expiry Alerts: Configure alerts for certificates expiring within two weeks. This provides sufficient time for manual certificate renewal or troubleshooting Auto-SSL issues.

To set up 14-day alerts:

  1. Navigate to Server Settings > Alerts
  2. Find "SSL Certificate Expiry" in the alert types
  3. Set the threshold to 14 days
  4. Configure your preferred notification method (email, Slack, webhook)

30-Day Expiry Alerts: For organisations requiring longer lead times or multiple approval stages, set up 30-day advance warnings.

Custom Thresholds: You can also configure custom alert thresholds based on your organisation's certificate management workflows.

Preventing Certificate Expiration Issues

The SSL monitoring data helps prevent outages through several approaches:

Regular Monitoring: Review the SSL certificate dashboard weekly to identify upcoming expirations and Auto-SSL failures.

Auto-SSL Verification: Pay particular attention to certificates not managed by Auto-SSL, as these require manual renewal. The plugin clearly identifies which certificates lack automatic renewal.

Trend Analysis: Monitor certificate renewal patterns to identify domains that frequently experience Auto-SSL issues, which may indicate DNS or validation problems.

Troubleshooting SSL Certificate Issues

When the monitoring reveals certificate problems:

  1. Check Auto-SSL Status: For domains showing Auto-SSL management but approaching expiry, investigate Auto-SSL logs in cPanel
  2. Verify Domain Validation: Ensure domains can be validated via HTTP or DNS challenge methods
  3. Review Certificate Chains: Check that intermediate certificates are properly installed
  4. Monitor Rate Limits: Be aware of Let's Encrypt rate limits that might prevent renewal

Best Practices

  • Review SSL certificate status during regular maintenance windows
  • Maintain an inventory of certificates not managed by Auto-SSL
  • Test certificate renewal processes in staging environments
  • Document any domains requiring special certificate handling procedures

By leveraging Server Scout's cPanel SSL certificate monitoring, you can maintain robust certificate management practices and prevent the service disruptions that come with unexpected certificate expirations.

Frequently Asked Questions

How do I set up SSL certificate monitoring in ServerScout cPanel plugin?

Log into your ServerScout dashboard at serverscout.ie, navigate to your server's overview page, click on 'Plugins' in the left sidebar, then select 'cPanel SSL Certificates'. The plugin automatically monitors certificates using the cpanel_collect_ssl() function during each monitoring cycle.

How does cPanel SSL certificate monitoring work in ServerScout?

ServerScout's cPanel plugin automatically scans all cPanel accounts and their associated domains using the cpanel_collect_ssl() function. It gathers domain names, certificate details, issuer information, expiry dates, Auto-SSL management status, and certificate validation state during each monitoring cycle.

How do I configure SSL certificate expiry alerts?

Navigate to Server Settings > Alerts, find 'SSL Certificate Expiry' in the alert types, set your preferred threshold (14-day or 30-day alerts), and configure your notification method (email, Slack, or webhook). You can also set up custom thresholds based on your organization's needs.

What SSL certificate information does ServerScout display?

ServerScout shows per-domain certificate status with exact expiry dates and days remaining, issuer information from certificate authorities, Auto-SSL management detection, and summary counts of expired certificates. Certificates are organized by status - active, expiring soon, and expired.

Why are my SSL certificates not renewing automatically?

Check if the certificates are managed by Auto-SSL - certificates not under Auto-SSL management require manual renewal. If Auto-SSL is enabled but certificates aren't renewing, investigate Auto-SSL logs in cPanel, verify domain validation via HTTP or DNS challenges, and check for Let's Encrypt rate limits.

Can ServerScout detect self-signed certificates?

Yes, ServerScout identifies the certificate authority that issued each certificate, helping you distinguish between Let's Encrypt certificates, commercial CAs, and self-signed sources. This information is displayed in the issuer information section of each certificate.

What are the best practices for SSL certificate monitoring?

Review SSL certificate status during regular maintenance windows, maintain an inventory of certificates not managed by Auto-SSL, test certificate renewal processes in staging environments, and document domains requiring special certificate handling procedures.

Was this article helpful?

Related Articles