SSL Check under /clientarea.php?action=services

[yggdrasil 78]

I know this post is old but what is the final approach to remove this from the client area products page? Hide it with CSS, hooks or both? Its over half a year and WHMCS did nothing to fix this mess.

[websavers 3]

12 hours ago, yggdrasil said:

I know this post is old but what is the final approach to remove this from the client area products page? Hide it with CSS, hooks or both? Its over half a year and WHMCS did nothing to fix this mess.

I think the heirachy should be:

1. If you already have a custom template / duplicate of the six template that's your active template, simply remove this code from the template
2. If you can use hooks, definitely do that
3. Hide with CSS

[gei 4]

Is WHMCS ever going to reply to the massive demand there is to remove this annoying "feature"?

[bear 92]

56 minutes ago, gei said:

Is WHMCS ever going to reply to the massive demand there is to remove this annoying "feature"?

If they haven't by now (they haven't), it's extremely unlikely, I'd suggest. 

[evolve hosting 13]

Our solution was to remove the code from our template and then add the following to the end of our cron job:

skip --SslSync

It still shows on the admin side but it's not a big deal being there. If you use Github, you won't have to remove the code again each time a new release is made.

[bear 92]

If "skip --SslSync" works, shouldn't it actually skip that and not be showing anywhere, or did you mean it's just showing none as valid because it's not actually checking?

[evolve hosting 13]

11 minutes ago, bear said:

If "skip --SslSync" works, shouldn't it actually skip that and not be showing anywhere, or did you mean it's just showing none as valid because it's not actually checking?

If you only disable the cron, it will still show the icon on the customer side and on the admin side with whatever data is already stored in the DB table. If you only remove the code from your template, the cron will still run daily and update the database and admin output. You have to remove the code and disable the cron task to put a stop to it. Even after you disable the cron, it will show the latest data it has stored in the DB table on the admin side. We don't care about that part.

[D9Hosting 3]

On 2/18/2020 at 5:28 PM, EvolveWebHosting said:

Our solution was to remove the code from our template and then add the following to the end of our cron job:

skip --SslSync

It still shows on the admin side but it's not a big deal being there. If you use Github, you won't have to remove the code again each time a new release is made.

Thanks for the info.

We were one of the early complainers about this new "feature" and are still running v7.6.2 to avoid having it forced upon us. We hadn't come across a way to actually stop the sync from running so this is very useful to know 👍

[evolve hosting 13]

23 minutes ago, D9Hosting said:

Thanks for the info.

We were one of the early complainers about this new "feature" and are still running v7.6.2 to avoid having it forced upon us. We hadn't come across a way to actually stop the sync from running so this is very useful to know 👍

You're welcome and it seems to be working well so far. Of course, make sure you thoroughly test it within your environment.

[Bhondawe30 1]

Thanks for the community answer, It will be helpful for me.

[Maddie 0]

On 3/15/2019 at 9:05 AM, wp4all said:

Hi,

also under curl 7.29 a proper query is possible:

[root@vps02 ~]# cat /etc/centos-release
CentOS Linux release 7.6.1810 (Core) 
  
[root@vps02 ~]# curl --version
curl 7.29.0 (x86_64-redhat-linux-gnu) libcurl/7.29.0 NSS/3.36 zlib/1.2.7 libidn/1.28 libssh2/1.4.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smtp smtps telnet tftp 
Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz unix-sockets 
  
[root@vps02 ~]#  curl --insecure -v https://whmcs.com 2>&1 | awk 'BEGIN { cert=0 } /^\* SSL connection/ { cert=1 } /^\*/ { if (cert) print }'
* SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate:
* 	subject: CN=*.whmcs.com
* 	start date: Jun 25 00:00:00 2018 GMT
* 	expire date: Jun 25 12:00:00 2019 GMT
* 	common name: *.whmcs.com
* 	issuer: CN=RapidSSL RSA CA 2018,OU=www.digicert.com,O=DigiCert Inc,C=US
* Connection #0 to host whmcs.com left intact
[root@vps02 ~]# 
  

Curl is not mandatory use openssl php comands to pars the URL: openssl-x509

    <?php
    $url = "https://whmcs.com";
    $orignal_parse = parse_url($url, PHP_URL_HOST);
    $get = stream_context_create(array("ssl" => array("capture_peer_cert" => TRUE)));
    $read = stream_socket_client("ssl://".$orignal_parse.":443", $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $get);
    $cert = stream_context_get_params($read);
    $certinfo = openssl_x509_parse($cert['options']['ssl']['peer_certificate']);

    echo     print_r($certinfo);

and you get :

[root@vps02 ~]# php ssl
    Array
(
    [name] => /CN=*.whmcs.com
    [subject] => Array
        (
            [CN] => *.whmcs.com
        )

    [hash] => 87529681
    [issuer] => Array
        (
            [C] => US
            [O] => DigiCert Inc
            [OU] => www.digicert.com
            [CN] => RapidSSL RSA CA 2018
        )

    [version] => 2
    [serialNumber] => 4341417971671710519045517846942791534
    [validFrom] => 180625000000Z
    [validTo] => 190625120000Z
    [validFrom_time_t] => 1529884800
    [validTo_time_t] => 1561464000
    [signatureTypeSN] => RSA-SHA256
    [signatureTypeLN] => sha256WithRSAEncryption
    [signatureTypeNID] => 668
    [purposes] => Array
        (
            [1] => Array
                (
                    [0] => 1
                    [1] => 
                    [2] => sslclient
                )

            [2] => Array
                (
                    [0] => 1
                    [1] => 
                    [2] => sslserver
                )

            [3] => Array
                (
                    [0] => 1
                    [1] => 
                    [2] => nssslserver
                )

            [4] => Array
                (
                    [0] => 
                    [1] => 
                    [2] => smimesign
                )

            [5] => Array
                (
                    [0] => 
                    [1] => 
                    [2] => smimeencrypt
                )

            [6] => Array
                (
                    [0] => 
                    [1] => 
                    [2] => crlsign
                )

            [7] => Array
                (
                    [0] => 1
                    [1] => 1
                    [2] => any
                )

            [8] => Array
                (
                    [0] => 1
                    [1] => 
                    [2] => ocsphelper
                )

            [9] => Array
                (
                    [0] => 
                    [1] => 
                    [2] => timestampsign
                )

        )

    [extensions] => Array
        (
            [authorityKeyIdentifier] => keyid:53:CA:17:59:FC:6B:C0:03:21:2F:1A:AE:E4:AA:A8:1C:82:56:DA:75

            [subjectKeyIdentifier] => 69:F7:99:E1:73:D7:23:5B:33:7F:13:EC:38:89:6E:6E:08:A9:FA:58
            [subjectAltName] => DNS:*.whmcs.com, DNS:whmcs.com
            [keyUsage] => Digital Signature, Key Encipherment
            [extendedKeyUsage] => TLS Web Server Authentication, TLS Web Client Authentication
            [crlDistributionPoints] => 
Full Name:
  URI:http://cdp.rapidssl.com/RapidSSLRSACA2018.crl

            [certificatePolicies] => Policy: 2.16.840.1.114412.1.2
  CPS: https://www.digicert.com/CPS
Policy: 2.23.140.1.2.1

            [authorityInfoAccess] => OCSP - URI:http://status.rapidssl.com
CA Issuers - URI:http://cacerts.rapidssl.com/RapidSSLRSACA2018.crt

            [basicConstraints] => CA:FALSE
            [ct_precert_scts] => Signed Certificate Timestamp:
    Version   : v1(0)
    Log ID    : A4:B9:09:90:B4:18:58:14:87:BB:13:A2:CC:67:70:0A:
                3C:35:98:04:F9:1B:DF:B8:E3:77:CD:0E:C8:0D:DC:10
    Timestamp : Jun 25 14:17:07.633 2018 GMT
    Extensions: none
    Signature : ecdsa-with-SHA256
                30:45:02:21:00:D7:A8:52:B2:E4:45:A4:97:E0:A2:10:
                BF:54:AF:42:D5:67:23:B8:52:A0:AC:C6:05:E5:F0:BA:
                2A:F4:02:75:F8:02:20:56:F3:B2:D4:DB:39:FF:C1:F8:
                33:CC:94:E6:8A:77:F5:5A:CF:44:75:4B:55:AD:E7:5F:
                FA:CB:37:5E:D5:70:AC
Signed Certificate Timestamp:
    Version   : v1(0)
    Log ID    : 87:75:BF:E7:59:7C:F8:8C:43:99:5F:BD:F3:6E:FF:56:
                8D:47:56:36:FF:4A:B5:60:C1:B4:EA:FF:5E:A0:83:0F
    Timestamp : Jun 25 14:17:07.823 2018 GMT
    Extensions: none
    Signature : ecdsa-with-SHA256
                30:45:02:21:00:C4:B5:D7:D3:10:2D:3E:D6:56:0B:96:
                0B:EF:66:A2:45:24:3D:02:00:D5:EB:EB:70:77:68:3C:
                4C:E4:4E:8E:B8:02:20:1F:5B:0B:60:DC:48:B2:BD:E0:
                59:ED:D1:1C:A9:35:1D:29:91:2C:B5:05:67:BC:49:B9:
                B2:9C:F6:1E:D6:BC:D1
        )

)
1[root@vps02 ~]# 

Many roads lead to Rome

But this doesn't change the fact that hundreds to thousands of queries may be made in the background for a query that make it superfluous with services like Let's encrypt.
Fact is we have this feature only to push the whmcs market .

But I guess your main product is WHMCS as Software and not this 10ct profit from selling an ssl certificate.

Greetings Christian

 

So from what i Can see, a simple in PHP solution has been provided, that would actually solidly check the SSL cert info, without using Curl.  when are WHMCS going to make this change?

Its now been over a year since this was raised, there is no "simple" way to turn this off.  There is no easy path for us to upgrade Curl on  Centos 7 based servers.....  I am reluctant to update my systems to use the City-Fan repos - even for just Curl (as it completely breaks the Package Manager...

As an interim, has anyone tried compiling Curl from source?  I haven't tried this method yet, but concerned that it might break stuff in plesk too ....

 

So @WHMCS John - do we have any updates on when this is going to be addressed? even a hotfix that hide it simply, without us having to modify templates, and make hacks?

 

and just to reiterate the same info that others are already reporting:

Operating System    : CloudLinux 7.7 (Valery Bykovsky)
CPE OS Name         : cpe:/o:cloudlinux:cloudlinux:7.7:GA:server
Kernel              : Linux 3.10.0-962.3.2.lve1.5.25.8.el7.x86_64
Architecture        : x86-64
PHP version         :  5.4.16 - yeah, this is what Centos still supplies as the OS installed PHP
output from test    : empty array

 

 

[souzadavi 9]

On 2/1/2019 at 1:28 PM, brian! said:

<?php add_hook('ClientAreaPageDomainDetails', 1, function($vars) { return array("sslStatus" => null); });

This is not working on version 8