SSL

Read your Cert:

SSL reader

Check the AutoSSL queue:

/usr/local/cpanel/bin/autossl_check_cpstore_queue

How comodo checks for autossl:

curl --user-agent "COMODO DCV" --insecure --max-time 10 --retry 0

Make sure Comodo can get there:

RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}.txt(?:\ Comodo\ DCV)?$
  RewriteCond %{REQUEST_URI} !^[0-9]+\..+\.cpaneldcv$

Make sure Let’s Encrypt can get there:

RewriteEngine On
  RewriteRule ^.well-known - [L]

Check for Service SSL’s(cpanel, mail, ftp)

/usr/local/cpanel/bin/checkallsslcerts --allow-retry --verbose

Add Let’s Encrypt as option for Cpanel:

/scripts/install_lets_encrypt_autossl_provider

Preferred Cipher list (nginx conf)

 ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256 kEECDH+ECDSA+AES128 kEECDH+ECDSA+AES256 kEECDH+AES256 kEDH+AES256 !aNULL !eNULL !LOW !kECDH !DSS !MD5 !EXP !PSK !SRP !CAMELLIA !SEED';

Force Clients to https using htaccess rewrite:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

 

Test SSL versions

curl -svo /dev/null --tlsv1.1 https://whiskytango.us/ 2>&1 | egrep -v "^{.*$|^}.*$|^\* http.*$"