The Trustico® CaaS cPanel plugin brings automated SSL Certificate management directly into the cPanel control panel. Website owners can retrieve, install, and automatically reissue commercial SSL Certificates without leaving the cPanel dashboard - no command line, no manual file uploads, and no expiry anxiety.
Free SSL Certificates provide basic encryption, but commercial SSL Certificates from Trustico® deliver the trust signals, validation, and warranty protection that businesses rely on. Discover Commercial SSL Certificate Advantages 🔗
Ready to Install? Server administrators can download and install the plugin on their servers. View Our Installation Guide 🔗
Plugin Features
The Trustico® CaaS cPanel plugin automates the entire SSL Certificate lifecycle. It retrieves a signed SSL Certificate from the Certificate Authority (CA), installs it along with the Private Key and Certificate Authority (CA) bundle into cPanel, and configures automatic reissue.
All of this happens through a simple form inside the cPanel dashboard. The plugin supports both Trustico® branded and Sectigo branded SSL Certificates, including Domain Validation (DV) and Organization Validation (OV) products.
Single site and Wildcard SSL Certificates are both supported, with the plugin handling the appropriate validation method automatically. Explore Traditional vs CaaS SSL Certificates 🔗
Plugin Workflow
The plugin uses the Automatic Certificate Management Environment (ACME) protocol with External Account Binding (EAB) to connect your Trustico® SSL Certificate order to your cPanel hosting environment.
When you purchase a CaaS-enabled SSL Certificate from Trustico® you receive two credentials : an EAB Key ID and an EAB HMAC Key. These are the only values you need to enter into the plugin.
Open the plugin from the "Security" section in your cPanel dashboard, select your virtual host, and choose which domain names to include on your SSL Certificate. Enter your EAB credentials and click "Retrieve SSL Certificate."
The plugin handles domain validation, SSL Certificate retrieval, installation, and automatic reissue configuration. You can close the page during processing and return later to check the result. View Our Plugin Guide 🔗
Background Operations
The plugin verifies that your domain's document root is accessible, registers with the ACME server using your EAB credentials, and performs domain validation. HTTP-01 is used for standard domains and DNS-01 for Wildcard SSL Certificates.
Once validated, the plugin retrieves the signed SSL Certificate and installs it into cPanel. Your domain immediately begins serving HTTPS.
The plugin then configures automatic reissue. When the SSL Certificate approaches its expiry window, it is automatically reissued and reinstalled without any action on your part.
This is particularly important as the industry moves towards shorter SSL Certificate validity periods, with maximum validity decreasing to 200 days from March 2026 and eventually to just 47 days.
SSL Certificate Coverage
The plugin displays your SSL Certificate coverage organized into three sections. The Virtual Host table shows the currently installed SSL Certificate. The Website Domains table shows the domain names your visitors use. The Service Domains table shows cPanel service subdomains such as webmail and webdisk.
Each domain name is checked against the installed SSL Certificate's Subject Alternative Names (SANs) to determine whether it is covered.
Color-coded status labels make it easy to see which domain names are secured at a glance. Domains covered show "Active" in green, while domains not covered show "Inactive" in gray.
Additional labels indicate when an SSL Certificate is approaching expiry or has already expired. View Our Plugin Guide 🔗
Wildcard SSL Certificate Support
Wildcard SSL Certificates allow you to secure all subdomains under a single domain - such as www.example.com, mail.example.com, and shop.example.com - with a single SSL Certificate.
It is important to understand that a Wildcard SSL Certificate covers subdomains only. The wildcard pattern *.example.com does not cover the base domain (example.com) itself.
To secure the base domain alongside the wildcard, it needs to be included as a separate Subject Alternative Name (SAN).
Trustico® generally bundles both together when you purchase a Wildcard SSL Certificate, so your licensed domain names will typically authorize issuance for both *.example.com and example.com.
The plugin fully supports Wildcard SSL Certificates and handles DNS-01 validation automatically. When you select a Wildcard domain name, the validation method switches to DNS-01.
The plugin manages the required Domain Name System (DNS) TXT records through cPanel. Learn About Wildcard SSL Certificates 🔗
Important : Wildcard SSL Certificate support using DNS-01 validation requires that the Domain Name System (DNS) zone for your domain is managed by the same cPanel server. If your domain uses external providers such as Cloudflare or Amazon Route 53, the plugin will detect this and display an error message.
Security Throughout
The plugin has been designed with security as a priority throughout. EAB credentials are passed via environment variables rather than command-line arguments and are cleared from memory after use.
All operations are protected by Cross-Site Request Forgery (CSRF) validation using cPanel session tokens. A five-minute cooldown between operations per domain prevents overuse of Certificate Authority (CA) rate limits.
Logs displayed through the "Show Details" view are sanitized to remove server paths, IP addresses, and credential values. Server-side error logs use Coordinated Universal Time (UTC) timestamps with automatic rotation and restricted file permissions.
The plugin runs entirely with cPanel user permissions - no root access is required or used.
Server Administrator Guide
The Trustico® CaaS cPanel plugin is designed for easy deployment. Whether you are a hosting company, a reseller, or managing your own dedicated server, a single installation makes the plugin available to every cPanel user.
The plugin appears under the "Security" section in the cPanel dashboard and requires PHP 7.4 or later with Secure Shell (SSH) root access for the initial installation only.
For detailed installation instructions, server requirements, and feature management options, refer to our installation guide. View Our Installation Guide 🔗
Tip : Hosting companies and server administrators interested in offering Trustico® SSL Certificates to their customers can explore our partner service for volume pricing. Explore The Trustico® Partner Service 🔗
Obtaining Your EAB Credentials
To use the Trustico® CaaS cPanel plugin, you need an active Trustico® SSL Certificate order that supports Certificate as a Service (CaaS).
When you purchase a qualifying SSL Certificate, your order includes the EAB Key ID and EAB HMAC Key credentials required by the plugin. You can find your credentials in your order confirmation e-mail. Discover How to Obtain Your CaaS Credentials 🔗
Ready to Install? Server administrators can download and install the plugin on their servers. View Our Installation Guide 🔗
Getting Started
If you are a website owner, check whether the Trustico® CaaS cPanel plugin is installed on your server. If it is, navigate to "Security" in your cPanel dashboard and click "Trustico® SSL Certificates" to open the plugin.
For a detailed step-by-step walkthrough covering every feature, troubleshooting guidance, and frequently asked questions, refer to our comprehensive guide. View Our Plugin Guide 🔗
If the plugin is not yet installed, you can direct your server administrator to the installation guide. If you manage your own cPanel server, the installation requires only a single script run as root via Secure Shell (SSH). Learn About Certificate as a Service (CaaS) 🔗
Below RRP CaaS
Below RRP CaaS
Below RRP CaaS
Below RRP CaaS
