bear

Maybe not many are using Yubi, so it didn't come up enough? It's a bit inconvenient to use, but addon security generally is. If you're listening, WHMCS, anything that will no longer work without updating to the new version should be worth mentioning within the release notes at the least. We can't be expected to simply know what you know and base decisions on that.

He was very involved, and we used to communicate via the community fairly often. Following the Cpanel involvement, I don't believe I'd ever spoken (written form) with him again. All of my interactions from then on were mainly folks either from Cpanel (Infopro, from Cpanel, was placed in charge of this community for a time, but seems to have moved on in that regard) or those hired after the "partnership". To hear Cpanel tell it, this was merely an investment and not a direct partnership, but it's clear that was either untrue or evolved since then. The direction and sales-y direction feels more like Cpanel than Matt. Though Matt may be involved in signing off on versions and changes, I don't believe he's driving the boat, so to speak. Dragged this pretty far off topic, so I'll bow out here. Miss you, Matt. :)

This was the entry: MODULE-6923 - Update Yubikey API for v2 https://docs.whmcs.com/Changelog:WHMCS_V7.7.0_RC_1 Without knowing v1 was being removed/disabled by Yubi, that wasn't helpful. 😉

This. I wouldn't call him a stooge at all, but I think his 51% is on paper, and it's not him fully driving the direction (maybe the CP folks are being persuasive or convincing him profit needs to be increased by any means...oh and here's a few things we can do that we've already rolled in). He has a controlling interest, but only just. He's not engaged here personally, and to me that feels like he's far less involved overall now. Love to be wrong, and it's just an opinion.

Just as a followup, support stated it was explained in the change log and gave me a link. The link was to a changelog for a 7.7.0 beta, and only mentioned there was a new one. Nothing about the existing one failing totally. Up to us to ask questions and research everything that's rolled into WHMCS, I suppose. Personally, I"m not an early adopter, and would appreciate a heads up on things that will be failing if not updated quickly.

Heard from support, and it would appear that the Yubico module in versions prior to 7.7.1. was using an API call to Yubi that's been disabled in favor of something new. They finally shut it off a short while ago, but I hadn't needed to re-auth until today, and failed because of the old protocol. WHMCS support states the new version (on 7.7.1+) works. Now I'll need to update everything to a new version just to get that working again. Hadn't planned on the time and effort that will take, and don't want the hassle of that SSL checking nonsense (not all registered names even have hosting), but what can you do?

Not that I've been made aware of, no. Maybe I was the only one complaining, and that's not nearly enough. I know to look for it now, but something like that would likely be far simpler to use the system date/zone setting the system is set to than to add that into various functions separately. Set a constant, call it as needed in whatever encoded files and so on. As for Matt, I got the impression when Cpanel got involved he stepped back from the direction the script takes. As time passes, the changes are more and more Cpanel-like, as with their propensity to add in things for sale like SSL certs, Kernelcare and so on. I can't blame a company for attempting to increase the bottom line, but we're paying for this product; we should have a say in what gets sold through it (more than just not using that marketplace, but not installing it). Make things like that an addon module, for those that want to sell what's in it. /rant over

I'm still waiting on the UK vs US date on domain sync fix, so I doubt this will get any traction either. 😉 If I were going to "have a word in person" with these folks, it would be to respectfully request things not be added/implemented without offering opting in or out explicitly (I'm looking at you, Marketplace and SSL checking). User choice is good. We get less as time goes on.

I don't recall off hand, but when it comes to something like this, it would be preferable as a user setting. Default to 3, sure, but allow change.

Happened today to me on two separate installations, same errors and steps. Failed to log in using key, reset via backup code, disabled then enabled in admin account and now can't enable it again. Version 7.6.1 on both. Module log offers "BAD RESPONSE SIGNATURE". Any luck resolving this?

Chris, why is this not one of the settings we can manage?

Absolutely, and not for the first time. This should be *optional*, and not enabled by default.

You need to keep unencrypted copies, not encrypt the only one you have. I haven't used the encoder, but if it was the online one, you upload the files to be encoded, which doesn't delete your local copy (unless you copy them back and overwrite the originals).

Cool, glad that helped. :)

You've probably looked here already, but: https://docs.whmcs.com/Invoicing_Issues#Items_Not_Invoicing