Jump to content
wp4all

SSL Check under /clientarea.php?action=services

Recommended Posts

I know this post is old but what is the final approach to remove this from the client area products page? Hide it with CSS, hooks or both? Its over half a year and WHMCS did nothing to fix this mess.

Share this post


Link to post
Share on other sites
12 hours ago, yggdrasil said:

I know this post is old but what is the final approach to remove this from the client area products page? Hide it with CSS, hooks or both? Its over half a year and WHMCS did nothing to fix this mess.

I think the heirachy should be:

  1. If you already have a custom template / duplicate of the six template that's your active template, simply remove this code from the template
  2. If you can use hooks, definitely do that
  3. Hide with CSS

Share this post


Link to post
Share on other sites

Is WHMCS ever going to reply to the massive demand there is to remove this annoying "feature"?

Share this post


Link to post
Share on other sites
56 minutes ago, gei said:

Is WHMCS ever going to reply to the massive demand there is to remove this annoying "feature"?

If they haven't by now (they haven't), it's extremely unlikely, I'd suggest. 

Share this post


Link to post
Share on other sites

Our solution was to remove the code from our template and then add the following to the end of our cron job:

skip --SslSync

It still shows on the admin side but it's not a big deal being there. If you use Github, you won't have to remove the code again each time a new release is made.

Share this post


Link to post
Share on other sites

If "skip --SslSync" works, shouldn't it actually skip that and not be showing anywhere, or did you mean it's just showing none as valid because it's not actually checking?

Share this post


Link to post
Share on other sites
11 minutes ago, bear said:

If "skip --SslSync" works, shouldn't it actually skip that and not be showing anywhere, or did you mean it's just showing none as valid because it's not actually checking?

If you only disable the cron, it will still show the icon on the customer side and on the admin side with whatever data is already stored in the DB table. If you only remove the code from your template, the cron will still run daily and update the database and admin output. You have to remove the code and disable the cron task to put a stop to it. Even after you disable the cron, it will show the latest data it has stored in the DB table on the admin side. We don't care about that part.

Share this post


Link to post
Share on other sites
On 2/18/2020 at 5:28 PM, EvolveWebHosting said:

Our solution was to remove the code from our template and then add the following to the end of our cron job:

skip --SslSync

It still shows on the admin side but it's not a big deal being there. If you use Github, you won't have to remove the code again each time a new release is made.

Thanks for the info.

We were one of the early complainers about this new "feature" and are still running v7.6.2 to avoid having it forced upon us. We hadn't come across a way to actually stop the sync from running so this is very useful to know 👍

Share this post


Link to post
Share on other sites
23 minutes ago, D9Hosting said:

Thanks for the info.

We were one of the early complainers about this new "feature" and are still running v7.6.2 to avoid having it forced upon us. We hadn't come across a way to actually stop the sync from running so this is very useful to know 👍

You're welcome and it seems to be working well so far. Of course, make sure you thoroughly test it within your environment.

Share this post


Link to post
Share on other sites
On 3/15/2019 at 9:05 AM, wp4all said:

Hi,

also under curl 7.29 a proper query is possible:


[root@vps02 ~]# cat /etc/centos-release
CentOS Linux release 7.6.1810 (Core) 
  
[root@vps02 ~]# curl --version
curl 7.29.0 (x86_64-redhat-linux-gnu) libcurl/7.29.0 NSS/3.36 zlib/1.2.7 libidn/1.28 libssh2/1.4.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smtp smtps telnet tftp 
Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz unix-sockets 
  
[root@vps02 ~]#  curl --insecure -v https://whmcs.com 2>&1 | awk 'BEGIN { cert=0 } /^\* SSL connection/ { cert=1 } /^\*/ { if (cert) print }'
* SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate:
* 	subject: CN=*.whmcs.com
* 	start date: Jun 25 00:00:00 2018 GMT
* 	expire date: Jun 25 12:00:00 2019 GMT
* 	common name: *.whmcs.com
* 	issuer: CN=RapidSSL RSA CA 2018,OU=www.digicert.com,O=DigiCert Inc,C=US
* Connection #0 to host whmcs.com left intact
[root@vps02 ~]# 
  

Curl is not mandatory use openssl php comands to pars the URL: openssl-x509


    <?php
    $url = "https://whmcs.com";
    $orignal_parse = parse_url($url, PHP_URL_HOST);
    $get = stream_context_create(array("ssl" => array("capture_peer_cert" => TRUE)));
    $read = stream_socket_client("ssl://".$orignal_parse.":443", $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $get);
    $cert = stream_context_get_params($read);
    $certinfo = openssl_x509_parse($cert['options']['ssl']['peer_certificate']);

    echo     print_r($certinfo);

and you get :


[root@vps02 ~]# php ssl
    Array
(
    [name] => /CN=*.whmcs.com
    [subject] => Array
        (
            [CN] => *.whmcs.com
        )

    [hash] => 87529681
    [issuer] => Array
        (
            [C] => US
            [O] => DigiCert Inc
            [OU] => www.digicert.com
            [CN] => RapidSSL RSA CA 2018
        )

    [version] => 2
    [serialNumber] => 4341417971671710519045517846942791534
    [validFrom] => 180625000000Z
    [validTo] => 190625120000Z
    [validFrom_time_t] => 1529884800
    [validTo_time_t] => 1561464000
    [signatureTypeSN] => RSA-SHA256
    [signatureTypeLN] => sha256WithRSAEncryption
    [signatureTypeNID] => 668
    [purposes] => Array
        (
            [1] => Array
                (
                    [0] => 1
                    [1] => 
                    [2] => sslclient
                )

            [2] => Array
                (
                    [0] => 1
                    [1] => 
                    [2] => sslserver
                )

            [3] => Array
                (
                    [0] => 1
                    [1] => 
                    [2] => nssslserver
                )

            [4] => Array
                (
                    [0] => 
                    [1] => 
                    [2] => smimesign
                )

            [5] => Array
                (
                    [0] => 
                    [1] => 
                    [2] => smimeencrypt
                )

            [6] => Array
                (
                    [0] => 
                    [1] => 
                    [2] => crlsign
                )

            [7] => Array
                (
                    [0] => 1
                    [1] => 1
                    [2] => any
                )

            [8] => Array
                (
                    [0] => 1
                    [1] => 
                    [2] => ocsphelper
                )

            [9] => Array
                (
                    [0] => 
                    [1] => 
                    [2] => timestampsign
                )

        )

    [extensions] => Array
        (
            [authorityKeyIdentifier] => keyid:53:CA:17:59:FC:6B:C0:03:21:2F:1A:AE:E4:AA:A8:1C:82:56:DA:75

            [subjectKeyIdentifier] => 69:F7:99:E1:73:D7:23:5B:33:7F:13:EC:38:89:6E:6E:08:A9:FA:58
            [subjectAltName] => DNS:*.whmcs.com, DNS:whmcs.com
            [keyUsage] => Digital Signature, Key Encipherment
            [extendedKeyUsage] => TLS Web Server Authentication, TLS Web Client Authentication
            [crlDistributionPoints] => 
Full Name:
  URI:http://cdp.rapidssl.com/RapidSSLRSACA2018.crl

            [certificatePolicies] => Policy: 2.16.840.1.114412.1.2
  CPS: https://www.digicert.com/CPS
Policy: 2.23.140.1.2.1

            [authorityInfoAccess] => OCSP - URI:http://status.rapidssl.com
CA Issuers - URI:http://cacerts.rapidssl.com/RapidSSLRSACA2018.crt

            [basicConstraints] => CA:FALSE
            [ct_precert_scts] => Signed Certificate Timestamp:
    Version   : v1(0)
    Log ID    : A4:B9:09:90:B4:18:58:14:87:BB:13:A2:CC:67:70:0A:
                3C:35:98:04:F9:1B:DF:B8:E3:77:CD:0E:C8:0D:DC:10
    Timestamp : Jun 25 14:17:07.633 2018 GMT
    Extensions: none
    Signature : ecdsa-with-SHA256
                30:45:02:21:00:D7:A8:52:B2:E4:45:A4:97:E0:A2:10:
                BF:54:AF:42:D5:67:23:B8:52:A0:AC:C6:05:E5:F0:BA:
                2A:F4:02:75:F8:02:20:56:F3:B2:D4:DB:39:FF:C1:F8:
                33:CC:94:E6:8A:77:F5:5A:CF:44:75:4B:55:AD:E7:5F:
                FA:CB:37:5E:D5:70:AC
Signed Certificate Timestamp:
    Version   : v1(0)
    Log ID    : 87:75:BF:E7:59:7C:F8:8C:43:99:5F:BD:F3:6E:FF:56:
                8D:47:56:36:FF:4A:B5:60:C1:B4:EA:FF:5E:A0:83:0F
    Timestamp : Jun 25 14:17:07.823 2018 GMT
    Extensions: none
    Signature : ecdsa-with-SHA256
                30:45:02:21:00:C4:B5:D7:D3:10:2D:3E:D6:56:0B:96:
                0B:EF:66:A2:45:24:3D:02:00:D5:EB:EB:70:77:68:3C:
                4C:E4:4E:8E:B8:02:20:1F:5B:0B:60:DC:48:B2:BD:E0:
                59:ED:D1:1C:A9:35:1D:29:91:2C:B5:05:67:BC:49:B9:
                B2:9C:F6:1E:D6:BC:D1
        )

)
1[root@vps02 ~]# 

Many roads lead to Rome

But this doesn't change the fact that hundreds to thousands of queries may be made in the background for a query that make it superfluous with services like Let's encrypt.
Fact is we have this feature only to push the whmcs market .

But I guess your main product is WHMCS as Software and not this 10ct profit from selling an ssl certificate.

Greetings Christian

 

So from what i Can see, a simple in PHP solution has been provided, that would actually solidly check the SSL cert info, without using Curl.  when are WHMCS going to make this change?

Its now been over a year since this was raised, there is no "simple" way to turn this off.  There is no easy path for us to upgrade Curl on  Centos 7 based servers.....  I am reluctant to update my systems to use the City-Fan repos - even for just Curl (as it completely breaks the Package Manager...

As an interim, has anyone tried compiling Curl from source?  I haven't tried this method yet, but concerned that it might break stuff in plesk too ....

 

So @WHMCS John - do we have any updates on when this is going to be addressed? even a hotfix that hide it simply, without us having to modify templates, and make hacks?

 

and just to reiterate the same info that others are already reporting:

Operating System    : CloudLinux 7.7 (Valery Bykovsky)
CPE OS Name         : cpe:/o:cloudlinux:cloudlinux:7.7:GA:server
Kernel              : Linux 3.10.0-962.3.2.lve1.5.25.8.el7.x86_64
Architecture        : x86-64
PHP version         :  5.4.16 - yeah, this is what Centos still supplies as the OS installed PHP
output from test    : empty array

 


 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated