Automatic SSL Manager Extension (SSL Manager)
Last updated on Jul 10, 2026 4:19 AM
Background & Limitations
- HTTP-01 Validation Failures: When provisioning Let's Encrypt certificates, ACME tools must access
.well-known/acme-challenge/. Custom vhost files, HTTPS redirects (RewriteRule), or OpenLiteSpeed security rules often block this path, causing SSL validation failures. - No SSL Expiry Tracking: Administrators lack a single dashboard view of all SSL certificates across main domains, subdomains, and aliases, leading to expired certificates and security warnings.
- Accidental Resets: Operators may accidentally click Delete or Reissue SSL on critical system domains (e.g., panel hostname, mail gateways, DNS servers), causing outages or hitting Let's Encrypt rate limits.
Solution
The SSL Manager extension provides a self-healing and protective layer for SSL operations:
A. Self-Repair Processor
- Before issuing or renewing certificates, the processor automatically verifies and patches the website's OpenLiteSpeed Virtual Host configuration (
vhost.conf). - Prioritizes the ACME challenge exclusion block above any other URL rewriting rules:
context /.well-known/acme-challenge { location /usr/local/lsws/Example/html/.well-known/acme-challenge allowSymbolLink 1 } - Restarts OpenLiteSpeed gracefully to apply changes before validation begins.
B. Centralized SSL Status Monitoring
- Displays domains, subdomains, and aliases in a single dashboard.
- Tracks expiry date, certificate issuer (Let's Encrypt, ZeroSSL, Self-Signed), and days remaining in real-time.
- Filters out domains without SSL or those near expiration.
C. Action Freeze Protection Mechanism
- Provides a locking toggle switch (lock/unlock icon) in the actions column for every domain.
- When locked (red/active status):
- Disables Reissue SSL and Delete buttons.
- Greys out dangerous actions to protect system core sites.
- Maintains locking states in the
ssl_lockstable on the VPS, remaining persistent across page reloads or software updates.
Security Capabilities & Utility Value
Security Features:
- Avoids HTTPS Downtime: Self-repairing configurations guarantee Let's Encrypt auto-renewals succeed, protecting domain reputation and SEO rankings.
- Operation Protection: The toggle lock actions and double-layer confirmations (Modal Confirm) freeze critical changes, preventing human errors.
- Rate Limit Control: Prevents repeated issue clicks that lead to Let's Encrypt IP bans.