Jump to content

SSL Check under /clientarea.php?action=services

wp4all
 Share

Recommended Posts

  • Replies 91
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

brian!
brian!

do you think the timing of launching a beta testing period one week before Christmas might have had something to do with that? 🙄

brian!
brian!

but yet we need to. 🙄 couple of other options with this... for the services / domains tables, you should be able to remove the SSL padlocks with some css inside the css/custom.css file... #ta

malfunction
malfunction

What, you mean the community thread where the guy from Plesk says "don't do this"?

Posted Images

websavers Senior Member

websavers

Posted
Posted
12 hours ago, yggdrasil said:

I know this post is old but what is the final approach to remove this from the client area products page? Hide it with CSS, hooks or both? Its over half a year and WHMCS did nothing to fix this mess.

I think the heirachy should be:

  1. If you already have a custom template / duplicate of the six template that's your active template, simply remove this code from the template
  2. If you can use hooks, definitely do that
  3. Hide with CSS
0
Link to comment
Share on other sites
  • 3 months later...
Evolve Web Hosting Senior Member

Evolve Web Hosting

Posted
Posted
11 minutes ago, bear said:

If "skip --SslSync" works, shouldn't it actually skip that and not be showing anywhere, or did you mean it's just showing none as valid because it's not actually checking?

If you only disable the cron, it will still show the icon on the customer side and on the admin side with whatever data is already stored in the DB table. If you only remove the code from your template, the cron will still run daily and update the database and admin output. You have to remove the code and disable the cron task to put a stop to it. Even after you disable the cron, it will show the latest data it has stored in the DB table on the admin side. We don't care about that part.

0
Link to comment
Share on other sites
D9Hosting Senior Member

D9Hosting

Posted
Posted
On 2/18/2020 at 5:28 PM, EvolveWebHosting said:

Our solution was to remove the code from our template and then add the following to the end of our cron job:

skip --SslSync

It still shows on the admin side but it's not a big deal being there. If you use Github, you won't have to remove the code again each time a new release is made.

Thanks for the info.

We were one of the early complainers about this new "feature" and are still running v7.6.2 to avoid having it forced upon us. We hadn't come across a way to actually stop the sync from running so this is very useful to know 👍

0
Link to comment
Share on other sites
Evolve Web Hosting Senior Member

Evolve Web Hosting

Posted
Posted
23 minutes ago, D9Hosting said:

Thanks for the info.

We were one of the early complainers about this new "feature" and are still running v7.6.2 to avoid having it forced upon us. We hadn't come across a way to actually stop the sync from running so this is very useful to know 👍

You're welcome and it seems to be working well so far. Of course, make sure you thoroughly test it within your environment.

1
Link to comment
Share on other sites
Maddie Junior Member

Maddie

Posted
Posted
On 3/15/2019 at 9:05 AM, wp4all said:

Hi,

also under curl 7.29 a proper query is possible: 


[root@vps02 ~]# cat /etc/centos-release
CentOS Linux release 7.6.1810 (Core) 
  
[root@vps02 ~]# curl --version
curl 7.29.0 (x86_64-redhat-linux-gnu) libcurl/7.29.0 NSS/3.36 zlib/1.2.7 libidn/1.28 libssh2/1.4.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smtp smtps telnet tftp 
Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz unix-sockets 
  
[root@vps02 ~]#  curl --insecure -v https://whmcs.com 2>&1 | awk 'BEGIN { cert=0 } /^\* SSL connection/ { cert=1 } /^\*/ { if (cert) print }'
* SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate:
* 	subject: CN=*.whmcs.com
* 	start date: Jun 25 00:00:00 2018 GMT
* 	expire date: Jun 25 12:00:00 2019 GMT
* 	common name: *.whmcs.com
* 	issuer: CN=RapidSSL RSA CA 2018,OU=www.digicert.com,O=DigiCert Inc,C=US
* Connection #0 to host whmcs.com left intact
[root@vps02 ~]#

Curl is not mandatory use openssl php comands to pars the URL: openssl-x509 


    <?php
    $url = "https://whmcs.com";
    $orignal_parse = parse_url($url, PHP_URL_HOST);
    $get = stream_context_create(array("ssl" => array("capture_peer_cert" => TRUE)));
    $read = stream_socket_client("ssl://".$orignal_parse.":443", $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $get);
    $cert = stream_context_get_params($read);
    $certinfo = openssl_x509_parse($cert['options']['ssl']['peer_certificate']);

    echo     print_r($certinfo);

and you get : 


[root@vps02 ~]# php ssl
    Array
(
    [name] => /CN=*.whmcs.com
    [subject] => Array
        (
            [CN] => *.whmcs.com
        )

    [hash] => 87529681
    [issuer] => Array
        (
            [C] => US
            [O] => DigiCert Inc
            [OU] => www.digicert.com
            [CN] => RapidSSL RSA CA 2018
        )

    [version] => 2
    [serialNumber] => 4341417971671710519045517846942791534
    [validFrom] => 180625000000Z
    [validTo] => 190625120000Z
    [validFrom_time_t] => 1529884800
    [validTo_time_t] => 1561464000
    [signatureTypeSN] => RSA-SHA256
    [signatureTypeLN] => sha256WithRSAEncryption
    [signatureTypeNID] => 668
    [purposes] => Array
        (
            [1] => Array
                (
                    [0] => 1
                    [1] => 
                    [2] => sslclient
                )

            [2] => Array
                (
                    [0] => 1
                    [1] => 
                    [2] => sslserver
                )

            [3] => Array
                (
                    [0] => 1
                    [1] => 
                    [2] => nssslserver
                )

            [4] => Array
                (
                    [0] => 
                    [1] => 
                    [2] => smimesign
                )

            [5] => Array
                (
                    [0] => 
                    [1] => 
                    [2] => smimeencrypt
                )

            [6] => Array
                (
                    [0] => 
                    [1] => 
                    [2] => crlsign
                )

            [7] => Array
                (
                    [0] => 1
                    [1] => 1
                    [2] => any
                )

            [8] => Array
                (
                    [0] => 1
                    [1] => 
                    [2] => ocsphelper
                )

            [9] => Array
                (
                    [0] => 
                    [1] => 
                    [2] => timestampsign
                )

        )

    [extensions] => Array
        (
            [authorityKeyIdentifier] => keyid:53:CA:17:59:FC:6B:C0:03:21:2F:1A:AE:E4:AA:A8:1C:82:56:DA:75

            [subjectKeyIdentifier] => 69:F7:99:E1:73:D7:23:5B:33:7F:13:EC:38:89:6E:6E:08:A9:FA:58
            [subjectAltName] => DNS:*.whmcs.com, DNS:whmcs.com
            [keyUsage] => Digital Signature, Key Encipherment
            [extendedKeyUsage] => TLS Web Server Authentication, TLS Web Client Authentication
            [crlDistributionPoints] => 
Full Name:
  URI:http://cdp.rapidssl.com/RapidSSLRSACA2018.crl

            [certificatePolicies] => Policy: 2.16.840.1.114412.1.2
  CPS: https://www.digicert.com/CPS
Policy: 2.23.140.1.2.1

            [authorityInfoAccess] => OCSP - URI:http://status.rapidssl.com
CA Issuers - URI:http://cacerts.rapidssl.com/RapidSSLRSACA2018.crt

            [basicConstraints] => CA:FALSE
            [ct_precert_scts] => Signed Certificate Timestamp:
    Version   : v1(0)
    Log ID    : A4:B9:09:90:B4:18:58:14:87:BB:13:A2:CC:67:70:0A:
                3C:35:98:04:F9:1B:DF:B8:E3:77:CD:0E:C8:0D:DC:10
    Timestamp : Jun 25 14:17:07.633 2018 GMT
    Extensions: none
    Signature : ecdsa-with-SHA256
                30:45:02:21:00:D7:A8:52:B2:E4:45:A4:97:E0:A2:10:
                BF:54:AF:42:D5:67:23:B8:52:A0:AC:C6:05:E5:F0:BA:
                2A:F4:02:75:F8:02:20:56:F3:B2:D4:DB:39:FF:C1:F8:
                33:CC:94:E6:8A:77:F5:5A:CF:44:75:4B:55:AD:E7:5F:
                FA:CB:37:5E:D5:70:AC
Signed Certificate Timestamp:
    Version   : v1(0)
    Log ID    : 87:75:BF:E7:59:7C:F8:8C:43:99:5F:BD:F3:6E:FF:56:
                8D:47:56:36:FF:4A:B5:60:C1:B4:EA:FF:5E:A0:83:0F
    Timestamp : Jun 25 14:17:07.823 2018 GMT
    Extensions: none
    Signature : ecdsa-with-SHA256
                30:45:02:21:00:C4:B5:D7:D3:10:2D:3E:D6:56:0B:96:
                0B:EF:66:A2:45:24:3D:02:00:D5:EB:EB:70:77:68:3C:
                4C:E4:4E:8E:B8:02:20:1F:5B:0B:60:DC:48:B2:BD:E0:
                59:ED:D1:1C:A9:35:1D:29:91:2C:B5:05:67:BC:49:B9:
                B2:9C:F6:1E:D6:BC:D1
        )

)
1[root@vps02 ~]#

Many roads lead to Rome

But this doesn't change the fact that hundreds to thousands of queries may be made in the background for a query that make it superfluous with services like Let's encrypt.
Fact is we have this feature only to push the whmcs market .

But I guess your main product is WHMCS as Software and not this 10ct profit from selling an ssl certificate.

Greetings Christian

 

So from what i Can see, a simple in PHP solution has been provided, that would actually solidly check the SSL cert info, without using Curl.  when are WHMCS going to make this change?

Its now been over a year since this was raised, there is no "simple" way to turn this off.  There is no easy path for us to upgrade Curl on  Centos 7 based servers.....  I am reluctant to update my systems to use the City-Fan repos - even for just Curl (as it completely breaks the Package Manager...

As an interim, has anyone tried compiling Curl from source?  I haven't tried this method yet, but concerned that it might break stuff in plesk too ....

 

So @WHMCS John - do we have any updates on when this is going to be addressed? even a hotfix that hide it simply, without us having to modify templates, and make hacks?

 

and just to reiterate the same info that others are already reporting: 

Operating System    : CloudLinux 7.7 (Valery Bykovsky)
CPE OS Name         : cpe:/o:cloudlinux:cloudlinux:7.7:GA:server
Kernel              : Linux 3.10.0-962.3.2.lve1.5.25.8.el7.x86_64
Architecture        : x86-64
PHP version         :  5.4.16 - yeah, this is what Centos still supplies as the OS installed PHP
output from test    : empty array

 


 

0
Link to comment
Share on other sites
  • 7 months later...
  • 5 months later...
whattheserver Junior Member

whattheserver

Posted
Posted

For clientareaproductdetails.tpl

Delete this part 

{if $domain && $sslStatus}
                                    <div class="row">
                                        <div class="col-sm-5 text-right">
                                            <strong>{lang key='sslState.sslStatus'}</strong>
                                        </div>
                                        <div class="col-sm-7 text-left{if $sslStatus->isInactive()} ssl-inactive{/if}">
                                            <img src="{$sslStatus->getImagePath()}" width="12" data-type="service" data-domain="{$domain}" data-showlabel="1" class="{$sslStatus->getClass()}"/>
                                            <span id="statusDisplayLabel">
                                                {if !$sslStatus->needsResync()}
                                                    {$sslStatus->getStatusDisplayLabel()}
                                                {else}
                                                    {lang key='loading'}
                                                {/if}
                                            </span>
                                        </div>
                                    </div>
                                    {if $sslStatus->isActive() || $sslStatus->needsResync()}
                                        <div class="row">
                                            <div class="col-sm-5 text-right">
                                                <strong>{lang key='sslState.startDate'}</strong>
                                            </div>
                                            <div class="col-sm-7 text-left" id="ssl-startdate">
                                                {if !$sslStatus->needsResync() || $sslStatus->startDate}
                                                    {$sslStatus->startDate->toClientDateFormat()}
                                                {else}
                                                    {lang key='loading'}
                                                {/if}
                                            </div>
                                        </div>
                                        <div class="row">
                                            <div class="col-sm-5 text-right">
                                                <strong>{lang key='sslState.expiryDate'}</strong>
                                            </div>
                                            <div class="col-sm-7 text-left" id="ssl-expirydate">
                                                {if !$sslStatus->needsResync() || $sslStatus->expiryDate}
                                                    {$sslStatus->expiryDate->toClientDateFormat()}
                                                {else}
                                                    {lang key='loading'}
                                                {/if}
                                            </div>
                                        </div>
                                        <div class="row">
                                            <div class="col-sm-5 text-right">
                                                <strong>{lang key='sslState.issuerName'}</strong>
                                            </div>
                                            <div class="col-sm-7 text-left" id="ssl-issuer">
                                                {if !$sslStatus->needsResync() || $sslStatus->issuerName}
                                                    {$sslStatus->issuerName}
                                                {else}
                                                    {lang key='loading'}
                                                {/if}
                                            </div>
                                        </div>
                                    {/if}
                                {/if}

And then this part

  

{if $sslStatus}
                            <div class="tab-pane fade text-center" role="tabpanel" id="ssl-info">
                                {if $sslStatus->isActive()}
                                    <div class="alert alert-success" role="alert">
                                        {lang key='sslActive' expiry=$sslStatus->expiryDate->toClientDateFormat()}
                                    </div>
                                {else}
                                    <div class="alert alert-warning ssl-required" role="alert">
                                        {lang key='sslInactive'}
                                    </div>
                                {/if}
                            </div>
                        {/if}


On this:
clientareaproducts.tpl

Change:
  

{foreach $services as $service}
<td class="py-0 text-center{if $service.sslStatus} ssl-info{/if}" data-element-id="{$service.id}" data-type="service"{if $service.domain} data-domain="{$service.domain}"{/if}>
                        {if $service.sslStatus}
                            <img src="{$service.sslStatus->getImagePath()}" data-toggle="tooltip" title="{$service.sslStatus->getTooltipContent()}" class="{$service.sslStatus->getClass()}" width="25">
                        {elseif !$service.isActive}
                            <img src="{$BASE_PATH_IMG}/ssl/ssl-inactive-domain.png" data-toggle="tooltip" title="{lang key='sslState.sslInactiveService'}" width="25">
                        {/if}
                    </td>
                </tr>
            {/foreach}

 

To: 

{foreach $services as $service}
                <tr onclick="clickableSafeRedirect(event, 'clientarea.php?action=productdetails&id={$service.id}', false)">
                    <td class="py-0 text-center" data-element-id="{$service.id}" data-type="service"{if $service.domain} data-domain="{$service.domain}"{/if}></td>
                    <td><strong>{$service.product}</strong>{if $service.domain}<br /><a href="http://{$service.domain}" target="_blank">{$service.domain}</a>{else}<br />-{/if}</td>
                    <td class="text-center" data-order="{$service.amountnum}">{$service.amount} <small class="text-muted">{$service.billingcycle}</small></td>
                    <td class="text-center"><span class="w-hidden">{$service.normalisedNextDueDate}</span>{$service.nextduedate}</td>
                    <td class="text-center"><span class="label status status-{$service.status|strtolower}">{$service.statustext}</span></td>
                </tr>
            {/foreach}

 


for :
clientareadomains.tpl
  

{if $domain.sslStatus}
                                    <img src="{$domain.sslStatus->getImagePath()}" width="25" data-toggle="tooltip" title="{$domain.sslStatus->getTooltipContent()}" class="{$domain.sslStatus->getClass()}" width="25">
                                {elseif !$domain.isActive}
                                    <img src="{$BASE_PATH_IMG}/ssl/ssl-inactive-domain.png" width="25" data-toggle="tooltip" title="{lang key='sslState.sslInactiveDomain'}" width="25">
                                {/if}


There is some almost intentional sabotage in how they nested stuff so it would break if not performing html surgery so im including the original twenty-one unedited and then edited without SSL in this convenient child theme for twenty-one based off
https://developers.whmcs.com/themes/child-themes/

You should be able to upload and extract this into your templates folder and then preview it like outlined in: https://developers.whmcs.com/themes/testing/ > http://www.yourdomain.com/whmcs/?systpl=mythemewithoutsslmycustomthemewithoutSSL_dirlisting.png.c6fc0f269c1dd649d4347e2063edc126.png

mythemewithoutssl.zip

1
Link to comment
Share on other sites
  • 6 months later...
bear Senior Member

bear

Posted
Posted
21 minutes ago, Virtual Partners said:

Just a 'switch on/off' button in the configurationsettings will do 🙂

That and not forcing it on all of us by default, and making it check EVERY domain in the system all the time. Yeah, that would have been nice. 

0
Link to comment
Share on other sites
  • 2 years later...
  • 7 months later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated

  I accept