Trustico® CaaS cPanel Installation

The Trustico® CaaS cPanel plugin brings automated SSL Certificate management directly into the cPanel control panel. This page provides server administrators with everything needed to download, install, and manage the plugin. Learn About The Trustico® CaaS cPanel Plugin 🔗

curl -sLO https://cdn.trustico.com/caas/cpanel/install.sh && sudo bash install.sh

Plugin Overview

The Trustico® CaaS cPanel plugin automates the entire SSL Certificate lifecycle for every cPanel user on your server. A single installation makes the plugin available to all users, appearing under the "Security" section in their cPanel dashboard.

Website owners can retrieve, install, and automatically reissue commercial SSL Certificates without requiring any action from the server administrator after the initial setup.

The plugin supports both Trustico® branded and Sectigo branded SSL Certificates, including Domain Validation (DV) and Organization Validation (OV) products. Single site and Wildcard SSL Certificates are both supported.

The plugin runs entirely with cPanel user permissions and requires no root access during normal operation. Learn About Certificate as a Service (CaaS) 🔗

Server Requirements

Before installing the plugin, verify that your server meets the following requirements.

Operating System Requirements

The plugin has been fully tested on Ubuntu 24.04 LTS with cPanel 134.0 and PHP 8.4 using the Jupiter theme. The plugin works on any operating system supported by cPanel and is compatible with both shared hosting and dedicated server environments.

The installer defaults to the Jupiter theme and supports alternative themes using the --theme flag. Depending on individual server customization, functionality may differ across platforms and require minor adjustments.

Bug fixes and enhancement suggestions are welcome and can be submitted through the Trustico® website.

PHP Version

PHP 7.4 or later is required. No additional PHP installation or configuration is needed beyond the default PHP provided by cPanel. The plugin does not require any additional PHP extensions.

System Utilities

The installer requires curl and bash, which are standard on all cPanel servers.

Domain Name System (DNS) validation for Wildcard SSL Certificates requires Perl with the JSON::PP and MIME::Base64 modules. These are included in the default cPanel Perl installation.

Automatic reissue scheduling requires crontab access for cPanel users. This is enabled by default on standard cPanel configurations.

Network Access

The server must have outbound HTTPS access to reach the Automatic Certificate Management Environment (ACME) validation servers.

For DNS validation (required for Wildcard SSL Certificates), the server must manage the Domain Name System (DNS) zone for the domains being secured.

Secure Shell Access

Secure Shell (SSH) root access is required for the initial installation only. The plugin itself runs with cPanel user permissions and does not require root access during normal operation.

Installation Guide

Installation is a one-time operation performed via Secure Shell (SSH) as root. The process takes approximately one minute and makes the plugin immediately available to every cPanel user on the server.

Download

Download the installation script from the Trustico® content delivery network. The script is a single file that handles the entire installation process, including downloading the plugin package and the ACME client.

curl -sLO https://cdn.trustico.com/caas/cpanel/install.sh

Run the installer as root. The script downloads the latest plugin package, verifies the ACME client integrity using SHA-256 checksum verification, copies all plugin files into the cPanel theme directory, registers the plugin, and rebuilds the icon sprites.

sudo bash install.sh

Installer Operations

The installation script performs the following operations automatically. It downloads the plugin package from the Trustico® content delivery network and downloads the ACME client with SHA-256 checksum verification.

It copies the plugin files into the cPanel theme directory and registers the plugin with the cPanel Feature Manager so it appears in the cPanel dashboard. It rebuilds the icon sprites so the plugin icon displays correctly.

Once complete, every cPanel user on the server sees "Trustico® SSL Certificates" in their Security section. The plugin supports the Jupiter theme by default and can be installed to alternative themes using the --theme flag.

Installation Verification

After installation, log in to any cPanel account on the server and navigate to the "Security" section. The "Trustico® SSL Certificates" plugin should appear in the list.

Click on it to verify that the plugin page loads correctly and displays the "Select Your Virtual Host" dropdown.

SSL Certificate Management

The Trustico® CaaS plugin manages SSL Certificates through a combination of automated retrieval, installation, and reissue. Understanding how these components work together helps server administrators and website owners manage their SSL Certificate lifecycle effectively.

SSL Certificate Installation

When the plugin retrieves and installs an SSL Certificate, it becomes the active SSL Certificate on the virtual host. Any previously active SSL Certificate on that virtual host is replaced.

cPanel AutoSSL is a built-in cPanel feature that automatically installs free SSL Certificates. It is not part of the Trustico® plugin. cPanel AutoSSL will not overwrite a Trustico® SSL Certificate because cPanel AutoSSL does not replace SSL Certificates that it did not issue.

The ACME client is installed once in the plugin directory and shared by all cPanel users on the server. Each cPanel user's SSL Certificate management data is stored in a dedicated .trustico directory under their home directory. This includes the SSL Certificate files (Private Key, SSL Certificate, and Certificate Authority (CA) bundle), account keys, configuration, and a renewal hook script.

Automatic Reissue

After installing an SSL Certificate, the plugin configures automatic reissue management. A daily scheduled task checks whether the SSL Certificate is approaching its expiry date.

When reissue is needed, the ACME client reissues the SSL Certificate using the original credentials and validation method, then reinstalls it into cPanel automatically.

External Account Binding (EAB) credentials are used once during the initial SSL Certificate request. The ACME client stores a registered account key and does not require the EAB credentials again for subsequent reissues. Website owners enter their credentials once through the plugin and never need to re-enter them.

Automatic reissue depends on the shared ACME client in the plugin directory. The scheduled task and renewal hook script reside in the cPanel user's home directory, but the ACME client they reference is the shared copy installed with the plugin. If the plugin is reinstalled or upgraded, all users automatically use the updated ACME client.

SSL Certificate Storage

Each time an SSL Certificate is reissued, the new SSL Certificate is installed as the active SSL Certificate on the virtual host. Previous SSL Certificates are retained in the cPanel SSL Certificate store and can be viewed through the cPanel SSL/TLS interface.

Server administrators who wish to remove expired SSL Certificates from the store can do so through the cPanel SSL/TLS management interface. A simple cleanup script can also be used to remove SSL Certificates that have passed their expiry date.

This is a routine housekeeping task that applies to all SSL Certificate providers and is not specific to the Trustico® CaaS plugin.

Uninstallation

The Trustico® CaaS plugin provides two levels of removal. Server administrators can remove the plugin entirely, or clean up SSL Certificate management data for individual cPanel users.

Plugin Removal

To remove the plugin from cPanel, download the uninstall script from the Trustico® content delivery network and run it as root.

curl -sLO https://cdn.trustico.com/caas/cpanel/uninstall.sh && sudo bash uninstall.sh

The script removes the plugin files and the shared ACME client from the cPanel theme directory, deregisters the plugin from the Feature Manager, and rebuilds the icon sprites.

Per-user SSL Certificate management data is preserved during uninstallation. This includes SSL Certificate files, account keys, the renewal hook script, and the daily reissue schedule. However, automatic reissue will stop because the shared ACME client is removed with the plugin.

Existing SSL Certificates remain installed and continue to protect websites until they reach their expiry date. Reinstalling the plugin restores the shared ACME client and automatic reissue resumes immediately.

Individual User Cleanup

A cleanup utility is available for removing all Trustico® SSL Certificate management data for a specific cPanel user. Download the cleanup script and run it as root with the cPanel username as the argument.

curl -sLO https://cdn.trustico.com/caas/cpanel/cleanup-user.sh && sudo bash cleanup-user.sh <username>

The cleanup utility removes the SSL Certificate files, account keys, the renewal hook script, the reissue configuration, the daily scheduled task, and any error logs from the user's home directory.

After cleanup, the active SSL Certificate remains installed on the virtual host and continues to protect the website until it reaches its expiry date. Once the SSL Certificate expires, the domain will no longer be protected until a new SSL Certificate is installed.

To clean up multiple cPanel users, run the cleanup utility once for each username. Server administrators managing large numbers of accounts can script this process to run cleanup-user.sh for each cPanel user on the server.

Feature Management

The plugin registers with the cPanel Feature Manager during installation. Server administrators can use the Feature Manager to control which cPanel users have access to the plugin.

By default, the plugin is available to all cPanel users on the server. To restrict access, create a custom feature list in the cPanel Feature Manager and disable the "Trustico® SSL Certificates" feature for specific packages or accounts.

Partnership Options

Hosting companies and server administrators interested in offering Trustico® SSL Certificates to their customers through the cPanel plugin can explore the Trustico® partner service for volume pricing and integration support.

The partner service provides preferential pricing and bulk ordering capabilities for those deploying the plugin across their infrastructure. Explore The Trustico® Partner Service 🔗

For help with plugin installation or configuration, refer to our comprehensive guide which includes troubleshooting for common issues. View Our Plugin Guide 🔗