Trustico® CaaS cPanel Plugin

The Trustico® CaaS cPanel plugin brings automated SSL Certificate management directly into the cPanel control panel. Website owners can retrieve, install, and automatically reissue commercial SSL Certificates without leaving the cPanel dashboard - no command line, no SSL Certificate Signing Request (CSR) generation, no manual file uploads, and no expiry anxiety. Learn About Certificate as a Service (CaaS) 🔗

What the Plugin Does

The Trustico® CaaS cPanel plugin automates the entire SSL Certificate lifecycle. It retrieves a signed SSL Certificate from the Certificate Authority (CA), installs the SSL Certificate along with the Private Key and Certificate Authority (CA) bundle into cPanel, and configures automatic reissue so the SSL Certificate is reissued before it ever expires. All of this happens through a simple form inside the cPanel dashboard.

The plugin supports both Trustico® branded and Sectigo branded SSL Certificates, including Domain Validation (DV) and Organization Validation (OV) products. Single site and Wildcard SSL Certificates are both supported, with the plugin handling the appropriate validation method automatically. Explore Traditional SSL Certificates vs Certificate as a Service (CaaS) 🔗

How It Works

The plugin uses the Automatic Certificate Management Environment (ACME) protocol with External Account Binding (EAB) to connect your Trustico® SSL Certificate order to your cPanel hosting environment. When you purchase a CaaS-enabled SSL Certificate from Trustico® you receive two credentials : an EAB Key ID and an EAB HMAC Key. These are the only values you need to enter into the plugin.

Open the plugin from the "Security" section in your cPanel dashboard, select your virtual host, choose which domain names to include on your SSL Certificate, enter your EAB credentials, and click "Retrieve SSL Certificate." The plugin handles domain validation, SSL Certificate retrieval, installation into cPanel, and automatic reissue configuration. You can close the page during processing and return later to check the result. View Our CaaS cPanel Plugin Guide 🔗

What Happens Behind the Scenes

The plugin verifies that your domain's document root is accessible, registers with the Automatic Certificate Management Environment (ACME) server using your EAB credentials, performs domain validation (HTTP-01 for standard domains or DNS-01 for Wildcard SSL Certificates), retrieves the signed SSL Certificate, and installs it into cPanel's SSL management system. Your domain immediately begins serving HTTPS.

Once the SSL Certificate is installed, the plugin configures automatic reissue. When the SSL Certificate approaches its expiry window, it is automatically reissued and reinstalled without any action required on your part. This is particularly important as the industry moves towards shorter SSL Certificate validity periods, with maximum validity decreasing to 200 days from March 2026 and eventually to just 47 days.

SSL Certificate Coverage

The plugin displays your SSL Certificate coverage organized into three sections : the Virtual Host table showing the currently installed SSL Certificate, the Website Domains table showing the domain names your visitors use to access your website, and the Service Domains table showing cPanel service subdomains such as webmail and webdisk. Each domain name is checked against the installed SSL Certificate's Subject Alternative Names (SANs) using the same method cPanel uses on its own SSL/TLS Status page.

Color-coded status labels make it easy to see which domain names are secured at a glance. Domains covered by the installed SSL Certificate show "Active" in green, while domains not covered show "Inactive" in gray. Additional labels indicate when an SSL Certificate is approaching expiry or has already expired. For a detailed explanation of each coverage section and status label, refer to our comprehensive guide. View Our CaaS cPanel Plugin Guide 🔗

Wildcard SSL Certificate Support

Wildcard SSL Certificates allow you to secure all subdomains under a single domain - such as www.example.com, mail.example.com, and shop.example.com - with a single SSL Certificate. It is important to understand that a Wildcard SSL Certificate covers subdomains only. The wildcard pattern *.example.com does not cover the base domain (example.com) itself. To secure the base domain alongside the wildcard, it needs to be included as a separate Subject Alternative Name (SAN) on the same SSL Certificate.

Trustico® generally bundles both together when you purchase a Wildcard SSL Certificate, so your licensed domain names will typically authorize issuance for both *.example.com and example.com. This means you get a single SSL Certificate that protects your base domain and every subdomain.

The plugin fully supports Wildcard SSL Certificates and handles DNS-01 validation automatically. When you select a Wildcard domain name, the validation method switches to DNS-01 and the plugin manages the required Domain Name System (DNS) TXT records through cPanel's Domain Name System (DNS) management. Learn About Wildcard SSL Certificates 🔗

Security Built Into Every Step

The plugin has been designed with security as a priority throughout. EAB credentials are passed via environment variables rather than command-line arguments and are cleared from memory after use. All operations are protected by Cross-Site Request Forgery (CSRF) validation using cPanel session tokens. A five-minute cooldown between operations per domain prevents overuse of Certificate Authority (CA) rate limits.

Logs displayed through the "Show Details" view are sanitized to remove server paths, IP addresses, and credential values. Server-side error logs use Coordinated Universal Time (UTC) timestamps, automatic rotation at one megabyte, and file permissions restricted to the account owner only. The plugin runs entirely with cPanel user permissions - no root access is required or used.

For Hosting Providers

The Trustico® CaaS cPanel plugin is designed for easy deployment across your cPanel server infrastructure. A single installation makes the plugin available to every cPanel user on the server, appearing under the "Security" section in their dashboard. The plugin requires a cPanel server running the Jupiter theme with PHP 7.4 or later and Secure Shell (SSH) root access for the initial installation only.

For detailed installation instructions, server requirements, uninstallation procedures, and feature management options, refer to our installation guide. View Our CaaS cPanel Plugin Installation Guide 🔗

Obtaining Your EAB Credentials

To use the Trustico® CaaS cPanel plugin, you need an active Trustico® SSL Certificate order that supports Certificate as a Service (CaaS). When you purchase a qualifying SSL Certificate, your order includes the EAB Key ID and EAB HMAC Key credentials required by the plugin.

You can find your credentials in your order confirmation e-mail. If you have not yet purchased an SSL Certificate, you can browse the available CaaS-enabled products on the Trustico® website. Discover How to Obtain Your CaaS Credentials 🔗

Getting Started

If you are a website owner, ask your hosting provider whether the Trustico® CaaS cPanel plugin is installed on their server. If it is, simply navigate to "Security" in your cPanel dashboard and click "Trustico® SSL Certificates" to open the plugin. For a detailed step-by-step walkthrough covering every feature, troubleshooting guidance, and frequently asked questions, refer to our comprehensive guide. View Our CaaS cPanel Plugin Guide 🔗

If your hosting provider has not yet installed the plugin, you can direct them to the installation guide. If you manage your own cPanel server, the installation requires only a single script run as root via Secure Shell (SSH). Learn About Certificate as a Service (CaaS) 🔗