cPanel/SSL
cPanel module

SSL

50 functions, invoked through the cpanel_uapi tool.

scope cpanel:uapi
Call any function with cpanel_uapi(service_id, module="SSL", function, params). Live availability depends on the cPanel features JetHost has enabled on your account — call list_cpanel_operations to see what is active.

add_autossl_excluded_domains GET#

Disable AutoSSL for domains

This function disables AutoSSL for the domains that you specify.

Important:

When you disable the Calendars and Contacts, Receive Mail, Web Disk, Webmail, and Web Server roles, the system disables this function.

domainsstringRequired
A comma-separated list of domains for which to disable AutoSSL. Note: For browser-based calls, use a URI encoded comma (%2C).

Response — normalized as { ok, data, errors[], warnings[] }; data contains:

Payload varies by call.

can_ssl_redirect GET#

Return whether domains can redirect to secure URL

This function determines whether the system can automatically redirect domains on a cPanel account to use SSL.

No parameters.

Response — normalized as { ok, data, errors[], warnings[] }; data contains:

Whether the system can automatically redirect the domains to use SSL. 1 - Can redirect. 0 - Cannot redirect.

check_shared_cert GET#

Return whether shared SSL certificate exists

This function checks whether a shared SSL certificate is associated with the account.

No parameters.

Response — normalized as { ok, data, errors[], warnings[] }; data contains:

Whether a shared SSL certificate is associated with the account. 1 - Associated. 0 - Not associated.

delete_cert GET#

Delete SSL certificate

This function deletes an SSL certificate.

Note:

  • When you call this function, you must include the id or the friendly_name

parameter.

  • This function only deletes certificates from SSL storage. To end SSL

coverage for a domain, use the UAPI SSL::delete_ssl function instead.

Important:

When you disable the Calendars and Contacts, Receive Mail, Web Disk, Webmail, and Web Server roles, the system disables this function.

friendly_namestringOptional
The certificate's friendly name.
idstringOptional
The certificate's ID.

Response — normalized as { ok, data, errors[], warnings[] }; data is an array of:

createdinteger
The date the certificate was created.
domainsarray<string>
A list of the domains that the certificate covers.
ecdsa_curve_namestring
The ECDSA curve that the certificate's key uses. prime256v1 secp384r1 * null — The certificate's key is not an ECDSA key.
One of: prime256v1 secp384r1
ecdsa_publicstring
The certificate's key's ECDSA compressed public point, in hexadecimal format. * null — The certificate's key is not an ECDSA key.
friendly_namestring
The certificate's friendly name.
idstring
The certificate's ID.
is_self_signedinteger
Whether the certificate is self-signed. 1 — Self-signed. 0 — Not self-signed.
One of: 1 0
issuer.commonNamestring
The certificate's Common Name.
issuer.organizationNamestring
The certificate's Organization Name.
issuer_textstring
The certificate's issuer information.
key_algorithmstring
The certificate's key's algorithm. rsaEncryption — RSA. id-ecPublicKey — ECDSA.
One of: rsaEncryption id-ecPublicKey
modulusstring
The certificate's key's modulus, in hexadecimal format. * null — The certificate's key is not an RSA key.
modulus_lengthinteger
The length, in bits, of the certificate's key's modulus. * null — The certificate's key is not an RSA key.
not_afterinteger
The date the certificate expired.
not_beforeinteger
The date the certificate started.
serialstring
The certificate's serial number.
signature_algorithmstring
The certificate's OID signature hash algorithm.
subject.commonNamestring
The certificate's Common Name.
subject_textstring
The certificate's subject text information.
validation_typestring
The certificate's validation type. ev — Extended Validation. ov — Organization Validation. dv — Domain Validation. null — The system could not parse and determine the certificate's validation type.
One of: ev ov dv

delete_csr GET#

Delete certificate signing request

This function deletes a certificate signing request (CSR).

Note:

  • When you call this function, you must include the id or the friendly_name

parameter.

  • To delete a private key, use the UAPI SSL::delete_key function instead.

Important:

When you disable the Calendars and Contacts, Receive Mail, Web Disk, Webmail, and Web Server roles, the system disables this function.

friendly_namestringOptional
The CSR's friendly name.
idstringOptional
The CSR's ID.

Response — normalized as { ok, data, errors[], warnings[] }; data is an array of:

commonNamestring
The CSR's Common Name.
createdinteger
The CSR's creation date.
domainsarray<string>
A list of the domains that the CSR covers.
ecdsa_curve_namestring
The ECDSA curve that the CSR's key uses. prime256v1 secp384r1 * null — The CSR's key is not an ECDSA key.
One of: prime256v1 secp384r1
ecdsa_publicstring
The CSR's key's ECDSA compressed public point, in hexadecimal format. * null — The CSR's key is not an ECDSA key.
friendly_namestring
The CSR's friendly name.
idstring
The CSR's ID.
key_algorithmstring
The CSR's key's algorithm. rsaEncryption — RSA. id-ecPublicKey — ECDSA.
One of: rsaEncryption id-ecPublicKey
modulusstring
The CSR's key's modulus, in hexadecimal format. * null — The CSR's key is not an RSA key.

delete_key GET#

Delete private key

This function deletes a private key.

Note:

  • When you call this function, you must include the id or the friendly_name

parameter.

  • To delete a certificate signing request (CSR), use the UAPI SSL::delete_csr

function instead.

Important:

When you disable the Calendars and Contacts, Receive Mail, Web Disk, Webmail, and Web Server roles, the system disables this function.

friendly_namestringOptional
The private key's friendly name.
idstringOptional
The private key's ID.

Response — normalized as { ok, data, errors[], warnings[] }; data is an array of:

createdinteger
The private key's creation date.
ecdsa_curve_namestring
The ECDSA curve that the key uses. prime256v1 secp384r1 * null — The key is not an ECDSA key.
One of: prime256v1 secp384r1
ecdsa_publicstring
The key's ECDSA compressed public point, in hexadecimal format. * null — The key is not an ECDSA key.
friendly_namestring
The private key's friendly name.
key_algorithmstring
The key's algorithm. rsaEncryption — RSA. id-ecPublicKey — ECDSA.
One of: rsaEncryption id-ecPublicKey
modulusstring
The key's modulus, in hexadecimal format. * null — The key is not an RSA key.
modulus_lengthinteger
The length, in bits, of the key's modulus. * null — The key is not an RSA key.

delete_ssl GET#

Remove SSL for domain

This function removes SSL from a domain.

Note:

This function removes domains from the current certificate to end SSL coverage for those domains. To delete certificates from SSL storage, use the UAPI function SSL::delete_cert instead.

Important:

When you disable the Calendars and Contacts, Receive Mail, Web Disk, Webmail, and Web Server roles, the system disables this function.

domainstringRequired
The domain name.

Response — normalized as { ok, data, errors[], warnings[] }; data contains:

Payload varies by call.

disable_mail_sni GET#

Disable SNI mail services for domain

This function disables SNI mail services on the specified domains.

Note:

Mail SNI is always enabled.

  • After you change the SNI status, you must run UAPI's rebuild_mail_sni_config function.
  • Functions that enable Mail SNI succeed with a warning that Mail SNI is always enabled.
  • Functions that disable Mail SNI fail and make no changes.
domainsstringRequired
A pipe-delimited list of the account's domains.

Response — normalized as { ok, data, errors[], warnings[] }; data contains:

failed_domainsobject
An object containing the domains that failed to disable mail SNI.
updated_domainsobject
AN object containing the domains with disabled mail SNI.

enable_mail_sni GET#

Enable SNI mail services for domain

This function enables SNI mail services on the specified domains.

Warning:

Mail SNI is always enabled.

  • Mail SNI is not compatible with Webmail and will not function for any Webmail connection. Webmail connections use the cPanel service SSL certificate.
  • Functions that enable Mail SNI succeed with a warning that Mail SNI is always enabled.
  • Functions that disable Mail SNI fail and make no changes.

Important:

When you disable the Calendars and Contacts, Mail Receive, Web Disk, Webmail, and Web Server roles, the system disables this function.

domainsstringRequired
A pipe-delimited list of the account's domains.

Response — normalized as { ok, data, errors[], warnings[] }; data contains:

failed_domainsobject
An object that contains the domains that did not enable mail SNI.
updated_domainsobject
An object that contains the domains with disabled mail SNI.

fetch_best_for_domain GET#

Request best SSL certificate

This function retrieves the best-available certificate for the domain. The function also retrieves the certificate's associated private key and CA bundle, if available.

Important:

When you disable the Calendars and Contacts, Receive Mail, Web Disk, Webmail, and Web Server roles, the system disables this function.

domainstringRequired
The domain name.

Response — normalized as { ok, data, errors[], warnings[] }; data contains:

cabstring
The CA bundle's contents (if applicable).
crtstring
The certificate's contents.
crt_originstring
The username that generated the certificate.
domainstring
The domain that generated the private key.
ipstring
The IP address.
keystring
The private key.
key_originstring
The username that generated the private key.
searched_usersarray<string>
The cPanel accounts that the system searched for domain information.
statusinteger
Whether the certificate is active. 1 - Active. 0 - Inactive.
One of: 0 1
statusmsgstring
The certificate's status.
userstring
The username that stores the private key.

fetch_cert_info GET#

Return SSL certificate information

This function retrieves all of a certificate's available information.

Important:

  • You must call either the friendly_name or id parameter.
  • When you disable the Calendars and Contacts, Receive Mail, Web Disk, Webmail, and Web Server roles, the system disables this function.
friendly_namestringRequired
The certificate's human readable name.
idstringRequired
The certificate's ID.

Response — normalized as { ok, data, errors[], warnings[] }; data contains:

cabundlestring
The CA bundle's contents (if applicable).
certificatestring
The certificate's contents.
is_self_signedinteger
Whether the certificate is self-signed. 1 - Self-signed. 0 - Not self-signed.
One of: 0 1
keystring
The private key.
subject.commonName_ipstring
The IP address.

fetch_certificates_for_fqdns GET#

Return SSL certificate information for all FQDN

This function retrieves the certificate information for all fully qualified domain names (FQDNs) that the account owns.

domainsstringRequired
A domain or comma-delimited list of domains for which to retrieve information.

Response — normalized as { ok, data, errors[], warnings[] }; data is an array of:

cabstring
The CA bundle's contents.
createdinteger
When the certificate was created.
crtstring
The certificate's contents in Base64 PEM format.
domain_is_configuredinteger
Whether the certificate is installed on the account. 1 — Installed. 0 — Not installed.
One of: 0 1
domainsarray<string>
The domains that the CSR covers.
ecdsa_curve_namestring
The ECDSA curve that the certificate's key uses. prime256v1 secp384r1 * null — The certificate's key is not an ECDSA key.
One of: prime256v1 secp384r1
ecdsa_publicstring
The certificate's key's ECDSA compressed public point, in hexadecimal format. * null — The certificate's key is not an ECDSA key.
friendly_namestring
The certificate's friendly name.
idstring
The certificate's identification.
is_self_signedinteger
Whether the certificate is self-signed. - 1 — Self-signed. - 0 — Not self-signed.
One of: 0 1
issuer.commonNamestring
The name that issued the certificate.
issuer.organizationNamestring
The certificate's organization.
issuer_textstring
The certificate's issuer information.
keystring
The private key in Base64 PEM format.
key_algorithmstring
The certificate's key's algorithm. rsaEncryption — RSA. id-ecPublicKey — ECDSA.
One of: rsaEncryption id-ecPublicKey
modulusstring
The length, in bits, of the certificate's key's modulus. * null — The certificate's key is not an RSA key.
modulus_lengthinteger
The length, in bits, of the certificate's key's modulus. * null — The certificate's key is not an RSA key.
not_afterinteger
When the certificate expired.
not_beforeinteger
When the certificate started.
serialstring
The certificate's serial number.
signature_algorithmstring
The OID of the hash algorithm used to sign the certificate request.
subject.commonNamestring
The certificate's common name.
subject_textstring
The certificate's subject text information.
validation_typestring
The certificate's validation type. ev — Extended Validation. ov — Organization Validated. dv — Domain Validated. null — The system could not parse and determine the certificate's validation type.
verify_errorstring
A message that explains the reason for a verification error.

fetch_key_and_cabundle_for_certificate POST#

Return private key and CA bundle

This function extracts the private key and CA bundle information from a certificate.

Note:

Due to the limited field length of HTTP GET method calls, you must use the HTTP POST method. For this reason, you cannot use a cPanel or Webmail session URL to call this function.

certificatestringOptional
The certificate file.

Response — normalized as { ok, data, errors[], warnings[] }; data contains:

cabstring
The CA bundle's contents (if applicable).
crtstring
The certificate's contents.
crt_originstring
The username that generated the certificate.
domainstring
The domain that generated the private key.
ipstring
The IP address.
keystring
The private key.
key_originstring
The username that generated the private key.
searched_usersarray<string>
The users that the system searched for certificate information.
statusinteger
Whether the certificate is active. 1 - Active. 0 - Inactive.
One of: 0 1
statusmsgstring
The certificate's status.
userstring
The username that stores the private key.

find_certificates_for_key GET#

Return SSL certificate for private key

This function retrieves SSL certificates for a private key.

Note:

When you call this function, you must include either the id or the friendly_name parameter.

friendly_namestringOptional
The key's friendly name.
idstringOptional
The key's ID.

Response — normalized as { ok, data, errors[], warnings[] }; data is an array of:

createdinteger
The date the certificate was created.
domainsarray<string>
A list of the domains that the certificate covers.
ecdsa_curve_namestring
The ECDSA curve that the certificate's key uses. prime256v1 secp384r1 * null — The certificate's key is not an ECDSA key.
One of: prime256v1 secp384r1
ecdsa_publicstring
The certificate's key's ECDSA compressed public point, in hexadecimal format. * null — The certificate's key is not an ECDSA key.
friendly_namestring
The certificate's friendly name.
idstring
The certificate's ID.
is_self_signedinteger
Whether the certificate is self-signed. 1 — Self-signed. 0 — Not self-signed.
One of: 1 0
issuer.commonNamestring
The name that issued the certificate.
issuer.organizationNamestring
The certificate's organization name.
issuer_textstring
The certificate's issuer information.
key_algorithmstring
The certificate's key's algorithm. rsaEncryption — RSA. id-ecPublicKey — ECDSA.
One of: rsaEncryption id-ecPublicKey
modulusstring
The certificate's key's modulus, in hexadecimal format. * null — The certificate's key is not an RSA key.
modulus_lengthinteger
The length, in bits, of the certificate's key's modulus. * null — The certificate's key is not an RSA key.
not_afterinteger
The date the certificate expired.
not_beforeinteger
The date the certificate started.
signature_algorithmstring
The certificate's signature OID hash algorithm.
subject.commonNamestring
The certificate's Common Name.
subject_textstring
The certificate's subject text information.
validation_typestring
The certificate's validation type. ev — Extended Validation. ov — Organization Validation. dv — Domain Validation. null — The system could not parse and determine the certificate's validation type.
One of: ev ov dv

find_csrs_for_key GET#

Return private key's certificate signing requests

This function retrieves certificate signing requests (CSR) for a private key.

Note:

When you call this function, you must include either the id or the friendly_name parameter.

friendly_namestringOptional
The key's friendly name.
idstringOptional
The key's ID.

Response — normalized as { ok, data, errors[], warnings[] }; data is an array of:

commonNamestring
The CSR's common name.
createdinteger
The date the CSR was created.
domainsarray<string>
A list of the domains that the CSR covers.
ecdsa_curve_namestring
The ECDSA curve that the CSR's key uses. prime256v1 secp384r1 * null — The CSR's key is not an ECDSA key.
One of: prime256v1 secp384r1
ecdsa_publicstring
The CSR's key's ECDSA compressed public point, in hexadecimal format. * null — The CSR's key is not an ECDSA key.
friendly_namestring
The CSR's friendly name.
idstring
The CSR's ID.
key_algorithmstring
The CSR's key's algorithm. rsaEncryption — RSA. id-ecPublicKey — ECDSA.
One of: rsaEncryption id-ecPublicKey
modulusstring
The CSR's key's modulus, in hexadecimal format. * null — The CSR's key is not an RSA key.

generate_cert GET#

Create self-signed SSL certificate

This function generates a self-signed SSL certificate.

Important:

When you disable the Calendars and Contacts, Receive Mail, Web Disk, Webmail, and Web Server roles, the system disables this function.

countryNamestringRequired
The two-letter country code.
domainsstringRequired
A comma-separated list of domains for which to generate the certificate.
key_idstringRequired
The key's ID.
localityNamestringRequired
The certificate's city or locality name.
organizationNamestringRequired
The certificate's Organization Name.
stateOrProvinceNamestringRequired
The two-letter state or locality abbreviation.
emailAddressstringOptional
An email address to associate with the certificate.
friendly_namestringOptional
A friendly name for the new certificate. This parameter defaults to the domain's name for which you generated the certificate.
organizationalUnitNamestringOptional
The certificate's organizational unit or department name.

Response — normalized as { ok, data, errors[], warnings[] }; data contains:

createdinteger
The certificate's creation date.
domainsarray<string>
A list of domains that the certificate covers.
ecdsa_curve_namestring
The ECDSA curve that the certificate's key uses. prime256v1 secp384r1 * null — The certificate's key is not an ECDSA key.
One of: prime256v1 secp384r1
ecdsa_publicstring
The certificate's key's ECDSA compressed public point, in hexadecimal format. * null — The certificate's key is not an ECDSA key.
friendly_namestring
The certificate's friendly name.
idstring
The certificate's ID.
is_self_signedinteger
Whether the certificate is self-signed. 1 — Self-signed. 0 — Not self-signed.
One of: 1 0
issuer.commonNamestring
The certificate's Common Name.
issuer.organizationNamestring
The certificate's Organization Name.
key_algorithmstring
The certificate's key's algorithm. rsaEncryption — RSA. id-ecPublicKey — ECDSA.
One of: rsaEncryption id-ecPublicKey
modulusstring
The certificate's key's modulus, in hexadecimal format. * null — The certificate's key is not an RSA key.
modulus_lengthinteger
The length, in bits, of the certificate's key's modulus. * null — The certificate's key is not an RSA key.
not_afterinteger
The date that the certificate expires.
not_beforeinteger
The certificate's start date.
serialstring
The certificate's serial number.
signature_algorithmstring
The certificate's OID hash algorithm signature.
subject.commonNamestring
The domain that issued the certificate.
textstring
The certificate's text.
validation_typestring
The certificate's validation type, if one exists.

generate_csr GET#

Create certificate signing request

This function generates a certificate signing request (CSR).

Note:

This function requires a valid key in the account's ssl directory. You can generate a key with UAPI's SSL::generate_key function.

Important:

When you disable the Calendars and Contacts, Receive Mail, Web Disk, Webmail, and WebServer roles, the system disables this function.

countryNamestringRequired
The two-letter country code.
domainsstringRequired
A comma-separated list of the domains for which to generate the certificate.
key_idstringRequired
The key's ID.
localityNamestringRequired
The certificate's city or locality name.
organizationNamestringRequired
The certificate's organization.
stateOrProvinceNamestringRequired
The certificate's state or locality name.
emailAddressstringOptional
An email address to associate with the certificate.
friendly_namestringOptional
A friendly name for the new certificate. This parameter defaults to the domain name for which you generated the certificate.
organizationalUnitNamestringOptional
The certificate's organizational unit or department name.

Response — normalized as { ok, data, errors[], warnings[] }; data contains:

commonNamestring
The name that issued the CSR.
createdinteger
The date the CSR was created.
domainsarray<string>
The domains that the CSR covers.
ecdsa_curve_namestring
The ECDSA curve that the CSR's key uses. prime256v1 secp384r1 * null — The CSR's key is not an ECDSA key.
One of: prime256v1 secp384r1
ecdsa_publicstring
The CSR's key's ECDSA compressed public point, in hexadecimal format. * null — The CSR's key is not an ECDSA key.
friendly_namestring
The CSR's friendly name.
idstring
The CSR's ID.
key_algorithmstring
The CSR's key's algorithm. rsaEncryption — RSA. id-ecPublicKey — ECDSA.
One of: rsaEncryption id-ecPublicKey
modulusstring
The CSR's key's modulus, in hexadecimal format. * null — The CSR's key is not an RSA key.
textstring
The CSR's text.

generate_key GET#

Create private key

This function generates a private key.

Important:

  • You cannot call both the keytype and keysize parameters in a single call.
  • When you disable the Calendars and Contacts, Receive Mail, Web Disk, Webmail, and

Web Server roles, the system disables this function.

friendly_namestringOptional
A friendly name for the new key. This parameter defaults to the key's type, creation date, and creation time.
keysizeintegerOptional
The key's modulus size. Note: Use the keytype parameter.
keytypestringOptional
The key's type. system — The system's default value. rsa-2048 — 2,408-bit RSA. rsa-4096 — 4,096-bit RSA. ecdsa-prime256v1 — ECDSA prime256v1 ("P-256"). * ecdsa-secp384r1 — ECDSA secp384r1 ("P-384"). This parameter defaults to the user's default SSL/TLS key type. Note: If you do not use this parameter, the system defaults to the keysize parameter's default value.

Response — normalized as { ok, data, errors[], warnings[] }; data contains:

createdinteger
The key's creation date.
ecdsa_curve_namestring
The ECDSA curve that the key uses. prime256v1 secp384r1 * null — The key is not an ECDSA key.
One of: prime256v1 secp384r1
ecdsa_publicstring
The key's ECDSA compressed public point, in hexadecimal format. * null — The key is not an ECDSA key.
friendly_namestring
The key's friendly name.
idstring
The key's ID.
key_algorithmstring
The key's algorithm. rsaEncryption — RSA. id-ecPublicKey — ECDSA.
One of: rsaEncryption id-ecPublicKey
modulusstring
The key's modulus, in hexadecimal format. * null — The key is not an RSA key.
modulus_lengthinteger
The length, in bits, of the key's modulus. * null — The key is not an RSA key.
textstring
The key's contents.

get_autossl_excluded_domains GET#

Return AutoSSL disabled domains

This function lists the domains with AutoSSL disabled.

No parameters.

Response — normalized as { ok, data, errors[], warnings[] }; data is an array of:

excluded_domainstring
A domain that has AutoSSL disabled.

get_autossl_problems GET#

Return domains with AutoSSL problems

This function retrieves a list of domains that possess AutoSSL problems.

Important:

When you disable the Calendars and Contacts, Receive Mail, Web Disk, Webmail, and Web Server roles, the system disables this function.

No parameters.

Response — normalized as { ok, data, errors[], warnings[] }; data is an array of:

domainstring
The certificate's hostname.
problemstring
text description of the problem.
timestring
When the problem occurred.

get_autossl_renewal_status GET#

Return AutoSSL renewal status for a domain

This function returns the AutoSSL renewal status for a domain. It indicates whether AutoSSL is active, the domain is excluded, the domain has DCV problems, and whether the certificate will auto-renew.

domainstringRequired
The fully qualified domain name to check.

Response — normalized as { ok, data, errors[], warnings[] }; data contains:

has_problemsinteger
Whether AutoSSL has DCV failures recorded for this domain. Defaults to 1 if the problems database is unreachable.
One of: 0 1
is_activeinteger
Whether an AutoSSL provider is configured on the server.
One of: 0 1
is_excludedinteger
Whether the domain is on the user's AutoSSL exclusion list.
One of: 0 1
will_renewinteger
Whether AutoSSL will auto-renew the certificate for this domain. Only true when the server has an active AutoSSL provider, the current certificate was issued by that provider, the domain is not excluded, and there are no recorded DCV problems.
One of: 0 1

get_cabundle GET#

Return certificate's CA bundle and hostname

This function retrieves a certificate's Certificate Authority (CA) bundle and hostname.

Important:

When you disable the Calendars and Contacts, Receive Mail, Web Disk, Webmail, and Web Server roles, the system disables this function.

certstringRequired
The certificate's text.

Response — normalized as { ok, data, errors[], warnings[] }; data contains:

bundlestring
The CA bundle's tag.
cabstring
The CA bundle's contents.
domainstring
The certificate's hostname.

get_cn_name GET#

Request best SSL domain for service

This function retrieves the most secure domain for a service.

domainmixedRequired
A domain name, cPanel username, or email address.
servicestringRequired
The service's name. cpanel imap pop3 smtp
add_mail_subdomainintegerOptional
Whether to append mail to the domain value to find the best match. For example, if you specify the domain example.com and call this parameter, the function only searches the mail.example.com service domains. 1 — Append mail to the domain value during the search. 0 — Match on the specified domain value only.

Response — normalized as { ok, data, errors[], warnings[] }; data contains:

cert_match_methodstring
The method that the system used to match the certificate with the mail service. none — No domain matches the certificate. exact — The domain exactly matches the certificate. exact-wildcard — The domain exactly matches the certificate. mail-wildcard — The mail subdomain of the domain matches the domain of the wildcard certificate. www-wildcard — The www subdomain of the domain matches the domain of the wildcard certificate. hostname-wildcard — The hostname's domain matches the domain of the wildcard certificate. hostname — The hostname matches the domain of the certificate. localdomain_on_cert-mail-wildcard — A mail subdomain of a domain on the server that matches the certificate. localdomain_on_cert-www-wildcard — A www subdomain of a domain on the server matches the certificate. localdomain_on_cert — A domain on the server matches the certificate.
One of: none exact exact-wildcard mail-wildcard www-wildcard hostname-wildcard hostname localdomain_on_cert-mail-wildcard localdomain_on_cert-www-wildcard localdomain_on_cert
cert_valid_not_afterinteger
The certificate's expiration date.
is_currently_validinteger
Whether the certificate is currently valid. 1 — Valid. 0 — Invalid. Note: If the certificate is valid, the following statements are true: The certificate is not self-signed (the ssldomain_matches_cert value is 1). The certificate matches the SSL domain (the ssldomain_matches_cert value is 1). * The certificate is within its validity period (the cert_valid_not_after value is less than the current time and date).
One of: 1 0
is_self_signedinteger
Whether the certificate is self-signed. 1 — Self-signed. 0 — Not self-signed. Note: If the cert_match_method value is none, you should ignore this return's value.
One of: 1 0
is_wild_cardinteger
Whether the certificate is a wildcard certificate. 1 — Wildcard. 0 — Not a wildcard.
One of: 1 0
ssldomainstring
The best domain to use to access the service.
ssldomain_matches_certinteger
Whether an SSL-protected domain matches the certificate. 1 — Matches. 0 — Does not match.
One of: 1 0

install_ssl GET#

Install SSL certificate

This function installs an SSL certificate.

Note:

Due to their inherent complexities, SSL-related functions often present problems for third-party developers. For the additional steps required to successfully call this function, read our Call UAPI's SSL::install_ssl Function in Custom Code documentation.

Important:

When you disable the Calendars and Contacts, Receive Mail, Web Disk, Webmail, and Web Server roles, the system disables this function.

certstringRequired
The certificate to install. Note: You must URI-encode this value. You can use a Perl command to URI-encode your SSL certificate for this parameter. For example, you can use the following string, where CERT.FILE is the SSL certificate file: ``$(perl -MURI::Escape -ne 'print uri_escape($_);' CERT.FILE)``
domainstringRequired
The domain name.
keystringRequired
The certificate's key. Note: You must URI-encode this value. You can use a Perl command to URI-encode your SSL certificate for this parameter. For example, you can use the following string, where KEY.FILE is the SSL certificate file: ``$(perl -MURI::Escape -ne 'print uri_escape($_);' KEY.FILE)``
cabundlestringOptional
The Certificate Authority (CA) bundle data, if the certificate requires it. Note: You must URI-encode this value. You can use a Perl command to URI-encode your SSL certificate for this parameter. For example, you can use the following string, where CABUNDLE.FILE is the SSL certificate file: ``$(perl -MURI::Escape -ne 'print uri_escape($_);' CABUNDLE.FILE)``

Response — normalized as { ok, data, errors[], warnings[] }; data contains:

actionstring
The action that the function used to install the certificate.
cert_idstring
The certificate ID.
domainstring
The domain that the certificate covers.
extra_certificate_domainsarray<string>
The domains that require extra certificates for mail and other services.
htmlstring
The results, in HTML format.
ipany
The domain's IP address.
key_idstring
The key ID.
messagestring
The results, in text format.
statusmsgstring
The results.
userstring
The domain's owner.
warning_domainsarray<string>
The domains that the certificate does not cover.
working_domainsarray<string>
The domains that the certificate covers.

installed_host GET#

Return SSL certificate's info for dedicated IP

This function retrieves information about a certificate that is installed on a domain's dedicated IP address.

Important:

  • If you do not possess a dedicated IP address, this function will fail. For non-dedicated IP addresses, use the SSL::installed_hosts function.
  • When you disable the _Calendars and Contacts_, _Receive Mail_, _Web Disk_ , _Webmail_ , and _Web Server_ roles, the system disables this function.
domainstringOptional
The domain name. Note: The parameter defaults to the account's main domain.
verify_certificateintegerOptional
Verify the certificate. 1 — Verify the certificate. 0 — Do not verify the certificate.

Response — normalized as { ok, data, errors[], warnings[] }; data contains:

certificateobject
An object containing the certificate information.
domainsarray<string>
The domains that the certificate covers.
ecdsa_curve_namestring
The ECDSA curve that the certificate's key uses. prime256v1 secp384r1 * null — The certificate's key is not an ECDSA key.
One of: prime256v1 secp384r1
ecdsa_publicstring
The certificate's key's ECDSA compressed public point, in hexadecimal format. * null — The certificate's key is not an ECDSA key.
idstring
The certificate's ID.
is_self_signedinteger
Whether the certificate is self-signed. 1 — Self-signed. 0 — Not self-signed.
One of: 0 1
issuer.commonNamestring
The issuer's Common Name, typically a domain name.
issuer.organizationNamestring
The certificate's organization.
issuer_textstring
The X.509 information about the issuer that contains CSR information.
key_algorithmstring
The certificate's key's algorithm. rsaEncryption — RSA. id-ecPublicKey — ECDSA.
One of: rsaEncryption id-ecPublicKey
modulusstring
The certificate's key's modulus, in hexadecimal format. * null — The certificate's key is not an RSA key.
modulus_lengthinteger
The length, in bits, of the certificate's key's modulus. * null — The certificate's key is not an RSA key.
not_afterinteger
The certificate's expiration time.
not_beforeinteger
The certificate's start time.
signature_algorithmstring
The signature algorithm of the certificate.
subject.commonNamestring
The certificate's Common Name.
subject_textstring
The X.509 information about the certificate's subject that contains CSR information.
validation_typestring
The certificate's validation type. ev — Extended Validation. ov — Organization Validation. dv — Domain Validation. null — The system could not parse and determine the certificate's validation type.
One of: ev ov dv
verify_errorstring
Any errors that exist during the certificate verification process. If there are no errors, this will return an empty string. Note: You must set the verify_certificate parameter to 1 for this return to appear.
hoststring
The issuer's hostname.

installed_hosts GET#

Return domains with SSL certificate information

This function retrieves a list of the account's websites, their domains, and certificate information.

Important:

For a dedicated IP address, use the UAPI SSL::installed_host function.

Important:

When you disable the CalendarContact , MailReceive , WebDisk , Webmail , and WebServer roles, the system disables this function.

No parameters.

Response — normalized as { ok, data, errors[], warnings[] }; data is an array of:

certificateobject
An object that contains information about each certificate.
auto_ssl_providerstring
The AutoSSL provider's name.
auto_ssl_provider_display_namestring
The AutoSSL provider's display name.
domainsarray<string>
The domains that the certificate covers.
ecdsa_curve_namestring
The ECDSA curve that the certificate's key uses. prime256v1 secp384r1 * null — The certificate's key is not an ECDSA key.
One of: prime256v1 secp384r1
ecdsa_publicstring
The certificate's key's ECDSA compressed public point, in hexadecimal format. * null — The certificate's key is not an ECDSA key.
idstring
The certificate's ID.
is_autosslinteger
Whether the AutoSSL service provided the certificate. 1 - Provided by the AutoSSL service. 0 - Not provided by the AutoSSL service.
One of: 0 1
is_self_signedinteger
Whether the certificate is self-signed. 1 - Self-signed. 0 - Not self-signed.
One of: 0 1
issuer.commonNamestring
The name that issued the certificate.
issuer.organizationNamestring
The certificate's organization name.
issuer_textstring
The issuer's X.509 information.
key_algorithmstring
The certificate's key's algorithm. rsaEncryption — RSA. id-ecPublicKey — ECDSA.
One of: rsaEncryption id-ecPublicKey
modulusstring
The certificate's key's modulus, in hexadecimal format. * null — The certificate's key is not an RSA key.
modulus_lengthinteger
The length, in bits, of the certificate's key's modulus. * null — The certificate's key is not an RSA key.
not_afterinteger
When the certificate expired.
not_beforeinteger
When the certificate started.
signature_algorithmstring
The signature algorithm of the certificate.
subject.commonNamestring
The certificate's common name.
subject_textstring
The subject's X.509 information.
validation_typestring
The certificate's validation type. Note: ev - Extended Validation. ov - Organization Validation. dv - Domain Validation. null - The system could not parse and determine the certificate's validation type.
One of: ev ov dv
certificate_textstring
The certificate's text.
docrootstring
The document root of the domain that the certificate covers.
domainsarray<string>
The domains that the certificate covers.
fqdnsarray<string>
An array of every valid fully qualified domain name (FQDN) on the virtual host, which includes service subdomains (proxy subdomains).
ipany
The host's IP address.
is_primary_on_ipinteger
Whether the website is primary on the IP address. 1 - Primary. 0 - Not primary.
One of: 0 1
mail_sni_statusinteger
Whether SNI is active on the domain. 1 - Active. 0 - Inactive.
One of: 0 1
needs_sniinteger
Whether the website requires SNI to function. 1 - Requires SNI. 0 - Does not require SNI.
One of: 0 1
servernamestring
The server's hostname.

is_autossl_check_in_progress GET#

Return whether AutoSSL check in progress

This function verifies whether the autossl_check task is in progress for the current user.

Important:

When you disable the Calendars and Contacts, Receive Mail, Web Disk, Webmail, and Web Server roles, the system disables this function.

No parameters.

Response — normalized as { ok, data, errors[], warnings[] }; data contains:

Whether the autossl_check task is in progress for the current user. 1 - In progress. 0 - Not currently in progress.

is_mail_sni_supported GET#

Return whether mail SNI is enabled

This function checks whether the sslinstall feature is enabled.

Warning:

Mail SNI is always enabled.

  • Mail SNI is not compatible with Webmail and will not function for any Webmail connection. Webmail connections use the cPanel service SSL certificate.
  • Functions that enable Mail SNI succeed with a warning that Mail SNI is always enabled.
  • Functions that disable Mail SNI will fail and make no changes.

Important:

When you disable the Calendars and Contacts, Receive Mail, Web Disk, Webmail, and Web Server roles, the system disables this function.

No parameters.

Response — normalized as { ok, data, errors[], warnings[] }; data contains:

Whether the sslinstall feature is enabled. 1 - Enabled. 0 - Disabled.

is_sni_supported GET#

Return whether Apache web server supports mail SNI

This function checks whether the Apache web server supports SNI.

Important:

When you disable the Calendars and Contacts, Receive Mail, Web Disk, Webmail, and Web Server roles, the system disables this function.

No parameters.

Response — normalized as { ok, data, errors[], warnings[] }; data contains:

Whether the Apache web server supports SNI. 1 - Supported. 0 - Not supported.

list_certs GET#

Return all SSL certificates

This function lists an account's certificates.

Important:

When you disable the Calendars and Contacts, Receive Mail, Web Disk, Webmail, and Web Server roles, the system disables this function.

No parameters.

Response — normalized as { ok, data, errors[], warnings[] }; data is an array of:

createdinteger
The date the certificate was created.
domain_is_configuredinteger
Whether the certificate is installed on the account. 1 — Installed. 0 — Not installed.
One of: 1 0
domainsarray<string>
A list of domains that the certificate covers.
ecdsa_curve_namestring
The ECDSA curve that the certificate's key uses. prime256v1 secp384r1 * null — The certificate's key is not an ECDSA key.
One of: prime256v1 secp384r1
ecdsa_publicstring
The certificate's key's ECDSA compressed public point, in hexadecimal format. * null — The certificate's key is not an ECDSA key.
friendly_namestring
The certificate's friendly name.
idstring
The certificate's ID.
is_self_signedinteger
Whether the certificate is self-signed. 1 — Self-signed. 0 — Not self-signed.
One of: 1 0
issuer.commonNamestring
The issuer's name.
issuer.organizationNamestring
The certificate's organization.
issuer_textstring
The certificate's issuer information.
key_algorithmstring
The certificate's key's algorithm. rsaEncryption — RSA. id-ecPublicKey — ECDSA.
One of: rsaEncryption id-ecPublicKey
modulusstring
The certificate's key's modulus, in hexadecimal format. * null — The certificate's key is not an RSA key.
modulus_lengthinteger
The length, in bits, of the certificate's key's modulus. * null — The certificate's key is not an RSA key.
not_afterinteger
The certificate's expiration date.
not_beforeinteger
The certificate's start date.
serialstring
The certificate's serial number.
signature_algorithmstring
The OID hash algorithm signature of the certificate.
subject.commonNamestring
The certificate's Common Name (CN).
subject_textstring
The certificate's subject text information.
validation_typestring
The certificate's validation type. ev — Extended Validation. ov — Organization Validation. dv — Domain Validation. null — The system could not parse and determine the certificate's validation type.
One of: ev ov dv

list_csrs GET#

Return all certificate signing requests

This function lists an account's certificate signing requests (CSR).

Important:

When you disable the Calendars and Contacts, Receive Mail, Web Disk, Webmail, and Web Server roles, the system disables this function.

No parameters.

Response — normalized as { ok, data, errors[], warnings[] }; data is an array of:

commonNamestring
The CSR's Common Name or Distinguished Name.
createdinteger
The CSR's creation date.
domainsarray<string>
A list of the domains that the CSR covers.
ecdsa_curve_namestring
The ECDSA curve that the CSR's key uses. prime256v1 secp384r1 * null — The CSR's key is not an ECDSA key.
One of: prime256v1 secp384r1
ecdsa_publicstring
The CSR's key's ECDSA compressed public point, in hexadecimal format. * null — The CSR's key is not an ECDSA key.
friendly_namestring
The CSR's friendly name.
idstring
The CSR's ID.
key_algorithmstring
The CSR's key's algorithm. rsaEncryption — RSA. id-ecPublicKey — ECDSA.
One of: rsaEncryption id-ecPublicKey
modulusstring
The CSR's key's modulus, in hexadecimal format. * null — The CSR's key is not an RSA key.

list_keys GET#

Return all private keys

This function lists an account's private keys.

Important:

When you disable the Calendars and Contacts, Receive Mail, Web Disk, Webmail, and Web Server roles, the system disables this function.

No parameters.

Response — normalized as { ok, data, errors[], warnings[] }; data is an array of:

createdinteger
The key's creation date.
ecdsa_curve_namestring
The ECDSA curve that the key uses. prime256v1 secp384r1 * null — The key is not an ECDSA key.
One of: prime256v1 secp384r1
ecdsa_publicstring
The key's ECDSA compressed public point, in hexadecimal format. * null — The key is not an ECDSA key.
friendly_namestring
The key's friendly name.
idstring
The key ID.
key_algorithmstring
The key's algorithm. rsaEncryption — RSA. id-ecPublicKey — ECDSA.
One of: rsaEncryption id-ecPublicKey
modulusstring
The key's modulus, in hexadecimal format. * null — The key is not an RSA key.
modulus_lengthinteger
The length, in bits, of the key's modulus. * null — The key is not an RSA key.

list_ssl_items GET#

Return SSL-related items

This function lists SSL-related items on a domain.

Important:

When you disable the Calendars and Contacts, Receive Mail, Web Disk, Webmail, and Web Server roles, the system disables this function.

domainsstringOptional
The domain name or names.
itemstringOptional
The SSL item type or types. key csr * crt

Response — normalized as { ok, data, errors[], warnings[] }; data is an array of:

hoststring
The hostname.
idstring
The certificate's ID.
typestring
The type of SSL item. key csr * crt
One of: key csr crt

mail_sni_status GET#

Return status of domain's SNI mail services

This function retrieves the status of the domain's SNI mail services.

Warning:

Mail SNI is not compatible with Webmail and will not function for any Webmail connection. Webmail connections use the cPanel service SSL certificate.

Note:

Mail SNI is always enabled.

  • Functions that enable Mail SNI succeed with a warning that Mail SNI is always enabled.
  • Functions that disable Mail SNI fail and make no changes.
domainstringRequired
The account's domain.

Response — normalized as { ok, data, errors[], warnings[] }; data contains:

enabledinteger
Whether SNI for mail is enabled. 1 - SNI is enabled. 0 - SNI is not enabled.
One of: 0 1

rebuild_mail_sni_config GET#

Start SNI configuration files rebuild

This function rebuilds the SNI configuration files.

Note:

  • You must run this function after you change the SNI status through the UAPI's enable_mail_sni or disable_mail_sni functions.
  • Mail SNI is always enabled.
  • Functions that enable Mail SNI succeed with a warning that Mail SNI is always enabled. Functions that disable Mail SNI fail and make no changes.
  • Functions that disable Mail SNI will fail and make no changes.

Important:

When you disable the _Calendars and Contacts_, _Receive Mail_, _Web Disk_, _Webmail_, and _Web Server_ roles, the system disables this function.

reload_dovecotintegerOptional
Whether to reload the Dovecot service after the system rebuilds the configuration files. 1 - Reload Dovecot. 0 - Do not reload Dovecot.

Response — normalized as { ok, data, errors[], warnings[] }; data contains:

successinteger
Whether the system rebuilt the configuration files. 1 - Configuration files rebuilt. 0 - Configuration files not rebuilt.
One of: 0 1

rebuildssldb GET#

Start SSL database rebuild

This function rebuilds the account's SSL database.

No parameters.

Response — normalized as { ok, data, errors[], warnings[] }; data contains:

Payload varies by call.

remove_autossl_excluded_domains GET#

Enable AutoSSL for specifed domains

This function enables AutoSSL for the domains that you specify.

Important:

When you disable the Calendars and Contacts, Receive Mail, Web Disk, Webmail, and Web Server roles, the system disables this function.

domainsstringRequired
Enable AutoSSL for this domain.

Response — normalized as { ok, data, errors[], warnings[] }; data contains:

Payload varies by call.

set_autossl_excluded_domains GET#

Disable AutoSSL for specifed domains

This function disables AutoSSL for every domain that you specify.

Warning:

This function replaces the list of any domains that you previously excluded. To add domains to the list of excluded domains, use the UAPI function SSL::add_autossl_excluded_domains.

Important:

When you disable the the Calendar and Contacts, Receive Mail, Web Disk, Webmail, and Web Server roles, the system disables this function.

domainsstringOptional
A comma-separated list of domains for which to disable AutoSSL. Note: If you do not include this parameter, the function will enable AutoSSL for every domain on the account.

Response — normalized as { ok, data, errors[], warnings[] }; data contains:

Payload varies by call.

set_cert_friendly_name GET#

Update SSL certificate's friendly name

This function changes a certificate's friendly name.

Important:

When you disable the Calendars and Contacts, Receive Mail, Web Disk, Webmail, and Web Server roles, the system disables this function.

friendly_namestringRequired
The certificate's friendly name.
new_friendly_namestringRequired
The certificate's new friendly name.

Response — normalized as { ok, data, errors[], warnings[] }; data contains:

Payload varies by call.

set_csr_friendly_name GET#

Update certificate signing request's friendly name

This function changes a certificate signing request's (CSR) friendly name.

Important:

  • You must call either the friendly_name or id parameter.
  • When you disable the Calendars and Contacts, Receive Mail, Web Disk, Webmail, and Web Server roles, the system disables this function.
friendly_namestringRequired
The CSR's friendly name.
idstringRequired
The CSR's ID. Note: To retrieve a CSR's ID, use the UAPI list_csrs function.
new_friendly_namestringRequired
The CSR's new friendly name.

Response — normalized as { ok, data, errors[], warnings[] }; data contains:

Payload varies by call.

set_default_key_type GET#

Update SSL TLS key type

This function sets a user’s preferred SSL/TLS key type.

typestringRequired
The key type to set. system — Use the system’s ssl_default_key_type value. rsa-2048 — 2,048-bit RSA. rsa-4096 — 4,096-bit RSA. ecdsa-prime256v1 — ECDSA prime256v1 (“P-256”). * ecdsa-secp384r1 — ECDSA secp384r1 (“P-384”).

set_key_friendly_name GET#

Update private key's friendly name

This function changes a key's friendly name.

Important:

  • You must call either the friendly_name or id parameter.
  • When you disable the Calendars and Contacts, Receive Mail, Web Disk, Webmail, and Web Server roles, the system disables this function.
friendly_namestringRequired
The key's friendly name.
idstringRequired
The key's ID.
new_friendly_namestringRequired
The key's new friendly name.

Response — normalized as { ok, data, errors[], warnings[] }; data contains:

Payload varies by call.

set_primary_ssl GET#

Update SSL website for dedicated IP address

This function sets a new primary SSL website for a dedicated IP address.

Important:

When you disable the Calendars and Contacts, Receive Mail, Web Disk, Webmail, and Web Server roles, the system disables this function.

servernamestringRequired
The primary SSL website's servername.

Response — normalized as { ok, data, errors[], warnings[] }; data contains:

Payload varies by call.

show_cert GET#

Export SSL certificate

This function retrieves a certificate.

Note:

When you call this parameter, you must include either the id or the friendly_name parameter.

Important:

When you disable the Calendars and Contacts, Receive Mail, Web Disk, Webmail, and Web Server roles, the system disables this function.

friendly_namestringOptional
The certificate's friendly name.
idstringOptional
The certificate's ID.

Response — normalized as { ok, data, errors[], warnings[] }; data contains:

certstring
The contents of the certificate.
detailsobject
An object containing the certificate's details.
domainsarray<string>
A list of the certificate's domains.
ecdsa_curve_namestring
The ECDSA curve that the certificate's key uses. prime256v1 secp384r1 * null — The certificate's key is not an ECDSA key.
One of: prime256v1 secp384r1
ecdsa_publicstring
The certificate's key's ECDSA compressed public point, in hexadecimal format. * null — The certificate's key is not an ECDSA key.
friendly_namestring
The certificate's friendly name.
idstring
The certificate's ID.
is_self_signedinteger
Whether the certificate is self-signed. 1 — Self-signed. 0 — Not self-signed.
One of: 1 0
issuerobject
A object that contains the issuer's details.
commonNamestring
The issuer's Common Name or Distinguished Name.
countryNamestring
The certificate's two-letter country code.
emailAddressstring
The issuer's email address.
localityNamestring
The issuer's locality or city.
organizationNamestring
The issuer's organization name.
stateOrProvinceNamestring
The issuer's state or province name.
key_algorithmstring
The certificate's key's algorithm. rsaEncryption — RSA. id-ecPublicKey — ECDSA.
One of: rsaEncryption id-ecPublicKey
modulusstring
The certificate's key's modulus, in hexadecimal format. * null — The certificate's key is not an RSA key.
not_afterinteger
The certificate's expiration date.
not_beforeinteger
The certificate's start time.
signature_algorithmstring
The certificate's OID hash algorithm signature.
subjectobject
An object containing the certificate's ownership details.
commonNamestring
The certificate's Common Name or Distinguished Name.
countryNamestring
The certificate's two-letter country code.
emailAddressstring
The certificate's email address.
localityNamestring
The certificate's locality or city.
organizationNamestring
The certificate's organization name.
stateOrProvinceNamestring
The certificate's state or province name.
validation_typestring
The certificate's validation type. ev — Extended Validation. ov — Organization Validation. dv — Domain Validation. null — The system could not parse and determine the certificate's validation type.
One of: ev ov dv
textstring
The parsed information from the OpenSSL command-line tool.

show_csr GET#

Export certificate signing request

This function retrieves a certificate signing request (CSR).

Important:

When you disable the Calendars and Contacts, Receive Mail, Web Disk, Webmail, and Web Server roles, the system disables this function.

Note:

When you call this function, you must include either the id or the friendly_name parameter.

friendly_namestringOptional
The CSR's friendly name.
idstringOptional
The CSR's ID.

Response — normalized as { ok, data, errors[], warnings[] }; data contains:

csrstring
The CSR's text.
detailsobject
An object contaning the CSR's contents.
commonNamestring
The CSR's Common Name or Distinguished Name.
countryNamestring
The CSR's ISO-3166 country code.
createdinteger
The CSR's creation date.
domainsarray<string>
A list of the domains that the CSR covers.
emailAddressstring
The CSR's email address.
friendly_namestring
The CSR's friendly name.
idstring
The CSR's ID.
key_algorithmstring
The key algorithm that encrypts the CSR.
localityNamestring
The certificate's locality or city.
modulusstring
The CSR's modulus.
organizationNamestring
The CSR's organization name.
organizationalUnitNamestring
The CSR's organizational unit name.
stateOrProvinceNamestring
The CSR's state or province name.
textstring
The parsed information from the OpenSSL command-line tool.

show_key GET#

Export private key

This function retrieves a private key.

Important:

When you disable the Calendars and Contacts, Receive Mail, Web Disk, Webmail, and Web Server roles, the system disables this function.

friendly_namestringOptional
The key's friendly name. Note: You must use either the id or the friendly_name parameter.
idstringOptional
The key's ID. Note: You must use either the id or the friendly_name parameter.

Response — normalized as { ok, data, errors[], warnings[] }; data contains:

detailsobject
An object of the key's details.
createdinteger
The key's creation date.
ecdsa_curve_namestring
The ECDSA curve that the key uses. prime256v1 secp384r1 * null — The key is not an ECDSA key.
One of: prime256v1 secp384r1
ecdsa_publicstring
The key's ECDSA compressed public point, in hexadecimal format. * null — The key is not an ECDSA key.
friendly_namestring
The key's friendly name.
idstring
The key's ID.
keystring
The key's contents.
key_algorithmstring
The key's algorithm. rsaEncryption — RSA. id-ecPublicKey — ECDSA.
One of: rsaEncryption id-ecPublicKey
modulusstring
The key's modulus, in hexadecimal format. * null — The key is not an RSA key.
modulus_lengthinteger
The length, in bits, of the key's modulus. * null — The key is not an RSA key.
textstring
The raw information from the OpenSSL command-line tool.

start_autossl_check GET#

Start AutoSSL for current user

This function initiates an AutoSSL check for the user.

Important:

When you disable the Calendars and Contacts, Receive Mail, Web Disk, Webmail, and Web Server roles, the system disables this function.

No parameters.

Response — normalized as { ok, data, errors[], warnings[] }; data contains:

Payload varies by call.

toggle_ssl_redirect_for_domains GET#

Enable or disable secure redirects

This function enables or disables secure redirects (HTTPS) for the cPanel account's domains that you specify.

Important:

To call this function, one of the following conditions must exist:

  • AutoSSL must exist on the domains for which you enable secure redirects.
  • A valid SSL certificate must exist for each domain for which you wish to enable secure redirects.
  • You must own the domains for which you wish to enable secure redirects.
domainsstringRequired
A comma-separated list of the cPanel account's domains for which to enable or disable secure redirects. Important: To enable or disable redirects for addon domains, you must pass the addon domain and its subdomain.
stateintegerRequired
Whether to enable or disable redirects for the specified domains. 1 — Enable. 0 — Disable.

Response — normalized as { ok, data, errors[], warnings[] }; data is an array of:

The domains for which the function enabled or disabled secure redirects.

upload_cert POST#

Import SSL certificate

This function uploads a certificate.

Important:

  • Due to the limited field length of HTTP GET method calls, you must use the HTTP

POST method. For this reason, you cannot use a cPanel or Webmail session URL to call this function.

  • When you disable the Calendar and Contacts, Receive Mail, Web Disk, Webmail, and

Web Server roles, the system disables this function.

crtstringOptional
The certificate file.
friendly_namestringOptional
The certificate's friendly name.

Response — normalized as { ok, data, errors[], warnings[] }; data is an array of:

createdinteger
The certificate's creation date.
domainsarray<string>
A list of the certificate's domains.
ecdsa_curve_namestring
The ECDSA curve that the certificate's key uses. prime256v1 secp384r1 * null — The certificate's key is not an ECDSA key.
One of: prime256v1 secp384r1
ecdsa_publicstring
The certificate's key's ECDSA compressed public point, in hexadecimal format. * null — The certificate's key is not an ECDSA key.
friendly_namestring
The certificate's friendly name.
idstring
The certificate's ID.
is_self_signedinteger
Whether the certificate is self-signed. 1 — Self-signed. 0 — Not self-signed.
One of: 1 0
issuer.commonNamestring
The issuer's Common Name or Distinguished Name.
issuer.organizationNamestring
The issuer's Organization Name.
key_algorithmstring
The certificate's key's algorithm. rsaEncryption — RSA. id-ecPublicKey — ECDSA.
One of: rsaEncryption id-ecPublicKey
modulusstring
The certificate's key's modulus, in hexadecimal format. * null — The certificate's key is not an RSA key.
modulus_lengthinteger
The length, in bits, of the certificate's key's modulus. * null — The certificate's key is not an RSA key.
not_afterinteger
The certificate's expiration date.
not_beforeinteger
The certificate's start date.
signature_algorithmstring
The certificiate's OID hash algorithm signature.
subject.commonNamestring
The issuer's Common Name or Distinguished Name.
validation_typestring
The certificate's validation type. ev — Extended Validation. ov — Organization Validation. dv — Domain Validation. null — The system could not parse and determine the certificate's validation type.
One of: ev ov dv

upload_key POST#

Import private key

This function uploads a private key.

Note:

Due to the limited field length of HTTP GET method calls, you must use the HTTP POST method. For this reason, you cannot use a cPanel or Webmail session URL to call this function.

Important:

When you disable the Calendars and Contacts, Receive Mail, Web Disk, Webmail, and Web Server roles, the system disables this function.

crtstringOptional
The key's contents.
friendly_namestringOptional
The key's friendly name.

Response — normalized as { ok, data, errors[], warnings[] }; data is an array of:

createdinteger
The key's creation date.
ecdsa_curve_namestring
The ECDSA curve that the key uses. prime256v1 secp384r1 * null — The key is not an ECDSA key.
One of: prime256v1 secp384r1
ecdsa_publicstring
The key’s ECDSA compressed public point, in hexadecimal format. * null — The key is not an ECDSA key.
friendly_namestring
The key's friendly name.
idstring
The key's ID.
key_algorithmstring
The key’s algorithm. rsaEncryption — RSA. id-ecPublicKey — ECDSA.
One of: rsaEncryption id-ecPublicKey
modulusstring
The key's modulus, in hexadecimal format. * null — The key is not an RSA key.
modulus_lengthinteger
The length, in bits, of the key's modulus. * null — The key is not an RSA key.