SSL Check under /clientarea.php?action=services

[wp4all]

Hi,

I have seen that under the Six template is now an SSL Check :

But we sell all Services with a free SSL Let's Encrypt Cert so all Domains are SSL encrypted

If the symbol only indicates to the customer that he has not ordered a certificate for his product, this is quite confusing.

It should therefore be possible to hide this symbol.

Greetings Christian

 

Edited January 16, 2019 by wp4all

[WHMCS John]

Hi @wp4all,

This feature is a live detection of the SSL status to the domain entered into the "Domain" field on the service, it is not based upon what products the client has in their account.

The SSL Monitoring test performs a curl call to https://yourdomain.com  with the ssl_verify_peer option enabled.

A red status indicates that cURL on your WHMCS server was able to connect to the domain, but unable to validate the certificate. Any error code returned by cURL will result in a red certificate icon.

 

To troubleshoot, connect to the command-line of your WHMCS server and run:

curl -v https://yourdomain.com

Replace yourdomain.com with the value from the Domains field in WHMCS.

 

An error response might look like:

[root@john ~]# curl -v https://v75.test.whmcs.rocks
* About to connect() to v75.test.whmcs.rocks port 443 (#0)
*   Trying 104.20.20.8... connected
* Connected to v75.test.whmcs.rocks (104.20.20.8) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSL: certificate subject name '*.whmcs.com' does not match target host name 'v75.test.whmcs.rocks'
* NSS error -12276
* Closing connection #0
curl: (51) SSL: certificate subject name '*.whmcs.com' does not match target host name 'v75.test.whmcs.rocks'

In this case, curl error 51 is returned, so the SSL Status for the v75.test.whmcs.rocks hosting account in WHMCS would be red.

Please work with your server admin/hosting provider to resolve the cURL connection error between your WHMCS server and the hosting server.

 

To remove the SSL certificate status from your custom template, edit the following files:

• clientareaproductdetails.tpl
• clientareaproducts.tpl

 

[wp4all]

Hi John,

Server wich own the WHMCS test environment v7.7  --> cURL command --> destination URL

curl -v https://whmcs.com
* Trying 2606:4700:10::6814:1408...
* TCP_NODELAY set
* Connected to whmcs.com (2606:4700:10::6814:1408) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: none
* CApath: none
* loaded libnssckbi.so
* ALPN, server accepted to use h2
* SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate:
*       subject: CN=*.whmcs.com,OU=IT,O=WHMCS Limited,L=Milton Keynes,C=GB
*       start date: Feb 05 00:00:00 2018 GMT
*       expire date: Feb 05 12:00:00 2019 GMT
*       common name: *.whmcs.com
*       issuer: CN=GeoTrust RSA CA 2018,OU=www.digicert.com,O=DigiCert Inc,C=US
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x89de30)
> GET / HTTP/2
> Host: whmcs.com
> User-Agent: curl/7.63.0
> Accept: */*

 So I'm sure that cURL works fine 

the shown Domain in the first post 

 curl -v https://digitheme.de
* Trying 173.249.22.99...
* TCP_NODELAY set
* Connected to digitheme.de (173.249.22.99) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: none
* CApath: none
* loaded libnssckbi.so
* ALPN/NPN, server did not agree to a protocol
* SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate:
*       subject: CN=digitheme.de
*       start date: Nov 21 08:07:11 2018 GMT
*       expire date: Feb 19 08:07:11 2019 GMT
*       common name: digitheme.de
*       issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US
> GET / HTTP/1.1
> Host: digitheme.de
> User-Agent: curl/7.63.0
> Accept: */*
>
< HTTP/1.1 200 OK

Greetings Christian

Edited January 16, 2019 by wp4all

[WHMCS John]

Hi @wp4all,

Could you share the rest of the output please? Especially the last few lines.

You can skip the HTML in-between though.

[wp4all]

Hi @WHMCS John,

here is the output without HTML

# curl -v https://digitheme.de
* Trying 173.249.22.99...
* TCP_NODELAY set
* Connected to digitheme.de (173.249.22.99) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: none
* CApath: none
* loaded libnssckbi.so
* ALPN/NPN, server did not agree to a protocol
* SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate:
*       subject: CN=digitheme.de
*       start date: Nov 21 08:07:11 2018 GMT
*       expire date: Feb 19 08:07:11 2019 GMT
*       common name: digitheme.de
*       issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US
> GET / HTTP/1.1
> Host: digitheme.de
> User-Agent: curl/7.63.0
> Accept: */*
>
< HTTP/1.1 200 OK
< X-Powered-By: PHP/7.2.14
< Content-Type: text/html; charset=UTF-8
< Link: <https://digitheme.de/wp-json/>; rel="https://api.w.org/"
< Transfer-Encoding: chunked
< Date: Thu, 17 Jan 2019 05:36:00 GMT
< Server: LiteSpeed
< X-Powered-By: PleskLin
< Alt-Svc: quic=":443"; ma=2592000; v="35,39,43,44"
< Connection: Keep-Alive
<
<
<!DOCTYPE html>


</html>
* Connection #0 to host digitheme.de left intact
#
#
#

Greetings Christian

[Cloudix]

I'm having an issue with the SSL Detection, saying that SSL was not detected for awphoto.uk. I tested the curl -v https:/awphoto.uk and the following was returned:

* About to connect() to awphoto.uk port 443 (#0)
*   Trying 185.151.30.130... connected
* Connected to awphoto.uk (185.151.30.130) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate:
* 	subject: CN=*.awphoto.uk
* 	start date: Dec 11 14:03:15 2018 GMT
* 	expire date: Mar 11 14:03:15 2019 GMT
* 	common name: *.awphoto.uk
* 	issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US
> GET / HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.27.1 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: awphoto.uk
> Accept: */*
> 
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0< HTTP/1.1 200 OK
< Date: Mon, 28 Jan 2019 10:00:12 GMT
< Content-Type: text/html; charset=UTF-8
< Transfer-Encoding: chunked
< Server: Apache
< X-Powered-By: PHP/7.0.33
< Cache-Control: public, s-maxage=2419200
< Link: <https://awphoto.uk/wp-json/>; rel="https://api.w.org/", <https://awphoto.uk/>; rel=shortlink
< Vary: Accept-Encoding
< X-Cache-Status: HIT
< X-Backend-Server: wordpress_backend/wp33.hosting.stackcp.net
< 
{ [data not shown]

100 35228    0 35228    0     0   319k      0 --:--:-- --:--:-- --:--:-- 5733k* Connection #0 to host awphoto.uk left intact

* Closing connection #0

When I test curl -v https://$awphoto.uk I get:

curl -v https://$awphoto.uk

* getaddrinfo(3) failed for .uk:443
* Couldn't resolve host '.uk'
* Closing connection #0

curl: (6) Couldn't resolve host '.uk'

The attached is the screenshot from the client area. How can I rectify this? Thanks.

[N8Solutions]

On 1/16/2019 at 3:42 PM, WHMCS John said:

To remove the SSL certificate status from your custom template, edit the following files:

• clientareaproductdetails.tpl
• clientareaproducts.tpl

@WHMCS John Would you please be a bit more specific with how exactly those 2 files should be modified in order to turn off the SSL check?

Even better would be if you or someone else from WHCMS uploaded the modified files here so the rest of us do not have to go through the hassle of modifying them ourselves.

[WHMCS John]

Hi @wp4all,

We have determined that the case of certificate data key values returned via curl can vary. As such we have opened case CORE-13120 to normalize the data before use.

This will mean that the data is always in the expected format, so will be reported correctly in the UI.

[Mark]

@WHMCS John could you let us know which topic @ https://requests.whmcs.com corresponds to this new feature?

[wp4all]

Hi @WHMCS John,

This is one of the reasons why I don't want to waste my limited time on beta testing anymore. 

You start reporting bugs, get the answer of a misconfiguration of the customer's server and then publish them with bugs. 

Only when several customers scream, you start to investigate it and fix the bug in a release candidate. Very nice!

In another post you ask hoppla what is your problem with this nice fancy feature ? Even before you can answer the post is blocked and an answer is not possible.

Why this SSL check is unnecessary ? Who the hell sells his customers still products without encryption ? ( Let's encrypt and co is greeting you ). 

But no problem then I just query hundreds of domains in the background if I know anyway that they are encrypted

So switch off this thing or at least gives us the possibility to switch off .

Greetings Christian

 

[WHMCS John]

Hi @wp4all,

Thanks for your help during the pre-release testing.

Unfortunately we didn't receive enough data during the pre-release testing period to identify the cause of this behaviour. However we've now been able to review the commonalities between the environments of different users reporting the problem. This enabled us to identify the link between them all, and propose a solution for the maintenance update.

[brian!]

16 minutes ago, WHMCS John said:

Unfortunately we didn't receive enough data during the pre-release testing period to identify the cause of this behaviour.

do you think the timing of launching a beta testing period one week before Christmas might have had something to do with that? 🙄

[gei]

This SSL check is definitely an unwanted nuisance.. can't think of any good it actually does.

Easy solution is to just use the template files for 

• clientareaproductdetails.tpl
• clientareaproducts.tpl
• clientareadomains.tpl
• clientareadomaindetails.tpl

From the latest 7.6 branch of WHMCS.

[wp4all]

This solution is known since Beta.

But you will have still the check up in the Background for nothing.

This feature needs to be deactivated .

Greetings Christian

[pRieStaKos]

19 hours ago, wp4all said:

This solution is known since Beta.

But you will have still the check up in the Background for nothing.

This feature needs to be deactivated .

Greetings Christian

Until this is resolved, you can just add the following flag to cron job, as @WHMCS John suggested and remove the related lines from template files.

skip --SslSync

Edited January 31, 2019 by pRieStaKos

[N8Solutions]

On 1/30/2019 at 10:28 PM, gei said:

This SSL check is definitely an unwanted nuisance.. can't think of any good it actually does.

Easy solution is to just use the template files for 

• clientareaproductdetails.tpl
• clientareaproducts.tpl
• clientareadomains.tpl
• clientareadomaindetails.tpl

From the latest 7.6 branch of WHMCS.

@gei Not to second guess you, but are you 100% absolutely sure that this will solve the problem without creating any other issues?

Can anyone else verify that this will work?

@WHMCS John As I asked before, please elaborate on this. I believe WHMCS owes it to it's customer base to provide a way to remove the SSL certificate status since this feature is clearly problematic. We shouldn't have to fend for ourselves here.

On 1/16/2019 at 3:42 PM, WHMCS John said:

To remove the SSL certificate status from your custom template, edit the following files:

• clientareaproductdetails.tpl
• clientareaproducts.tpl

 

[brian!]

4 hours ago, N8Solutions said:

We shouldn't have to fend for ourselves here.

but yet we need to. 🙄

couple of other options with this... for the services / domains tables, you should be able to remove the SSL padlocks with some css inside the css/custom.css file...

#tableServicesList [data-type="service"],
#tableServicesList .sorting_disabled,
#tableDomainsList [data-type="domain"],
#tableDomainsList .sorting_disabled:nth-child(2)
{display: none;}

on the Domain Details page, you could use a hook to null the $sslStatus variable to remove the SSL info being shown...

<?php
add_hook('ClientAreaPageDomainDetails', 1, function($vars) {
    return array("sslStatus" => null);
});

I daresay you could use a ClientAreaPageProductDetails hook to do the same on the Product Details page - i'm not seeing it outputted on the services page locally, but it's using the same variable so it should work.

[gei]

5 hours ago, N8Solutions said:

@gei Not to second guess you, but are you 100% absolutely sure that this will solve the problem without creating any other issues?

Yes - I am doing it now without any issues.

You can look yourself at the DIFF they published between the latest 7.6.x branch and 7.7.0 - the only things changed in these files were the additions of the SSL column, so using the old files will not break anything.

 

 

[N8Solutions]

Thank you both very much for your replies!

@brian! I tried your suggestion but even after implementing it the padlock was still visible and it still had a line for the SSL Status saying "No SSL Detected".

 

@gei Your suggestion of using the files from the v7.6 template worked flawlessly. I logged in as a client and was not able to see anything indicative of SSL Status. It is still visible in the admin section but that's fine. As long as the customer can't see it this works!

[brian!]

3 minutes ago, N8Solutions said:

@brian! I tried your suggestion but even after implementing it the padlock was still visible and it still had a line for the SSL Status saying "No SSL Detected".

I maybe should have added that I only tried it on the "Six" template... and it worked fine and effectively removed the column from the tables... if you're using a custom template, then it may need tweaking for your site.

... but if uploading the old templates has worked, then that may be unnecessary... I just wanted to give a solution that would be future proof in case WHMCS don't make this feature optional.

[N8Solutions]

@brian! Thank you for the explanation. Yes, I am using a custom template. When I have more time, hopefully this weekend, I will review this more closely to compare your suggestions to see how I might be able to modify them for my template. In the meantime I will be sure to keep an eye on this topic.

Thank you again for your help!

 

[Vox]

On 1/30/2019 at 12:57 PM, wp4all said:

This is one of the reasons why I don't want to waste my limited time on beta testing anymore. 

That is why I wait for the WHMCS "live customer testing" period to advance for a month or so until things stabilise at which point they have either produced a maintenance release or a bunch of hot fixes.

 

On 1/30/2019 at 12:57 PM, wp4all said:

Why this SSL check is unnecessary ? Who the hell sells his customers still products without encryption ? ( Let's encrypt and co is greeting you ).

I agree entirely! But they want you to use their Market Connect to resell their SSL's. The more they can force users to channel their business through them the better.....

[malfunction]

1 hour ago, Vox said:

I agree entirely! But they want you to use their Market Connect to resell their SSL's. The more they can force users to channel their business through them the better.....

Exactly this ^^^

A cURL call with verifypeer and display the response isn't exactly a cutting edge feature (although WHMCS still manage to foul it up with inadequate testing), just a thinly disguised attempt to drive more MarketConnect SSL business to them in cases where users are silly enough to use it.

Of course if it actually did something useful, like look for SSLs that are present in client accounts and sync the renewal dates like they do for domains, then it would be different.  After all, evidently they did name it "SslSync" so the unwitting might even be led to believe that's what it does.   But as of now it's just worthless fluff that apparently doesn't work properly, can't readily be switched off and is generally opaque 😐

 

[brian!]

20 hours ago, Vox said:

I agree entirely! But they want you to use their Market Connect to resell their SSL's. The more they can force users to channel their business through them the better.....

let us not forget that they are effectively adding banner adverts in the admin area on 'normal' pages - e.g., on the products page, there is a banner link to CodeGuard if selling the service isn't enabled in MarketConnect... in fact, the only way I can see to remove that banner (other than using an adblocker) is to activate CodeGuard in MarketConnect... the more people using CodeGuard, the more $$$ WHMCS earn.

I am growing so tired of seeing features that haven't been asked for, enabled by default with no option to turn them off.. this SSL feature is just one of many similar issues.... I could give a list, but we all know what they are.

[Vox]

3 hours ago, brian! said:

let us not forget that they are effectively adding banner adverts in the admin area on 'normal' pages - e.g., on the products page, there is a banner link to CodeGuard if selling the service isn't enabled in MarketConnect... in fact, the only way I can see to remove that banner (other than using an adblocker) is to activate CodeGuard in MarketConnect... the more people using CodeGuard, the more $$$ WHMCS earn.

They cannot be serious!!! WHMCS has every right to make money from offering value add services. But OFFER the service to users who want to take them but please do not try to FORCE it onto me or my customers......

3 hours ago, brian! said:

I am growing so tired of seeing features that haven't been asked for, enabled by default with no option to turn them off.. this SSL feature is just one of many similar issues.... I could give a list, but we all know what they are.

I could not agree more!

I have used WHMCS for quite some time now and have overlooked the odd frustration, as it performs an essential part of automating the process of managing a business and on the whole does that fairly well. However, directly interacting with my customers for their financial gain and talking that control out of my hands may be a step too far.

I do not use Market Connect as (I guess like a lot of other users here) I either include or offer these products (or their equivalent) in my services already. If I have to make interventions (or maybe I cannot) to remove any confusion or "clutter" for my customers, that is creating a whole chunk of work that I do not need or want to do.

Is the  WHMCS strategy to really back users into a corner? Do your business through us or go elsewhere and use another software solution? Because that what is looks like to me.....

So, I either just accept it (.... no), do not upgrade to the next version (.... not really sustainable in the long term) or use another solution. Let me think 🤔

Edited February 2, 2019 by Vox