For cPanel & WHM 60
This page was last updated on:
cPanel & WHM version 60 requires a web server that supports SNI (for example, Apache (httpd) 2.2.12, Litespeed 4.1, or Openlitespeed 1.4.12 or greater). You cannot upgrade to cPanel & WHM version 60 if your web server does not support SNI. Use WHM's EasyApache interface (Home >> Software >> EasyApache) to upgrade your web server.
cPanel & WHM version 60 is the last version of cPanel & WHM to support MySQL® 5.1 or below. Additionally, you will no longer be able to activate a remote MySQL profile if the server runs MySQL 5.1 or below.
cPanel Store now includes wildcard certificates
We added wildcard certificates to the cPanel Store in cPanel's SSL/TLS Wizard interface (Home >> Security >> SSL TLS Wizard).
System administrators and resellers can manage availability, recommendations, and pricing of wildcard certificates in WHM's Market Provider Manager interface (Home >> Market >> Market Provider Manager).
Simple and Advanced SSL/TLS Wizard interfaces
As part of the implementation of wildcard SSL certificates, we added a Simple section to cPanel's SSL/TLS Wizard interface (Home >> Security >> SSL/TLS Wizard). It displays all of the account's domains in a single list. This section automatically determines the necessary number and arrangement of certificates to secure the domains that you select. It also adds a Resolve issues step that helps users to resolve issues, conflicts, or warnings.
If you prefer to order certificates by website (virtual host) list, click the Advanced tab on SSL/TLS Wizard interface (Home >> Security >> SSL/TLS Wizard). However, you cannot order wildcard certificates through the Advanced section.
Third-party AutoSSL provider modules
We added information about how to create your own AutoSSL provider module.
We created the Domain TLS system to store and manage certificates for domains outside of Apache.
During the upgrade to cPanel & WHM version 60, servers will automatically copy current and valid certificates from the Apache SSL certificate storage to Domain TLS storage. Domain TLS does not copy expired or invalid certificates from Apache's SSL storage.
As users install, manage, and delete certificates through cPanel & WHM user interfaces or API calls, the system automatically performs the necessary updates to the Domain TLS index and certificate storage.
Currently, Domain TLS handles SNI functionality for the
cpsrvd daemon (cPanel, WHM, and Webmail logins and UI functionality), the
cpdavd daemon (Calendar, Contacts, and Web Disk), Exim, and Dovecot services. We plan to expand Domain TLS to handle SNI functionality for more services in future versions.
For more information, read our Domain TLS article.
Team: Honey Badgers
EasyApache 4 Migration
The EasyApache 4 Migration interface (Home >> Software >> EasyApache 4) now displays your system's version of EasyApache and allows you to migrate from EasyApache 3 (EA3). You can also revert your system back to EA3 within the same interface.
cPanel & WHM now determines if any blockers will arise when you attempt to migrate to EasyApache 4 (EA4). We created a pre-flight check to inform you of any potential blockers before you experience them during migration. Based on your third party vendor, you may receive a blocker, warning message, or informational message. Each of these messages will provide information about the blocker or issue, and how to fix it.
Extended PHP-FPM support
In cPanel & WHM version 60, we enabled the ability to set up and manage MultiPHP FPM pools in WHM's MultiPHP Manager interface (Home >> Software >> MultiPHP Manager). These pool options enable site configuration and for PHP-FPM to handle any incoming PHP requests that their domain receives. PHP-FPM increases the performance of the site with additional server resources. WHM's MultiPHP Manager interface (Home >> Software >> MultiPHP Manager) now prompts a user to install specific packages if their system does not contain the appropriate FPM dependencies.
Team: Loose Cannon
Create Support Ticket
In cPanel & WHM version 60, we added the ability for you to create cPanel support tickets from WHM's Create Support Ticket interface (Home >> Support >> Create Support Ticket). This feature streamlines the ticket creation process, automates SSH authorization, and decreases the time required to open a support ticket. In addition, it attempts to identify your support ticket requirements and redirects you to the cPanel Customer Portal as necessary. This feature only allows you to create a ticket for the server in which you access the Create Support Ticket interface. To open a ticket about multiple servers, use the cPanel Customer Portal website.
Feature Spotlight feature
The cPanel interface now includes a Feature Spotlight feature that users will see when they log in to their cPanel accounts.
- In cPanel & WHM version 60, this feature highlights cPanel's User Manager interface (Home >> Preferences >> User Manager).
- To dismiss the spotlight feature, click OK, or click anywhere in the interface. The spotlight will not reappear on future logins unless the user resets the cPanel interface via the Reset Page Settings option in the user menu.
- System administrators can disable this feature via the cPanel Spotlight setting in WHM's Feature Manager interface (Home >> Packages >> Feature Manager).
For more information, read our The cPanel Interface documentation.
Minified style CSS support
The cPanel style system now supports minified CSS files. You can supply style CSS files as the
styles.css file, the
styles.min.css file, or both. We strongly recommend that you include both the
For more information, read our Guide to cPanel Interface Customization - The styles.css File documentation.
PowerDNS option for Nameservers
You now have the option to choose the PowerDNS nameserver software in the Initial Setup Wizard or WHM's Nameserver Selection interface (Home >> Service Configuration >> Nameserver Selection). PowerDNS offers high performance and built-in support for DNSSEC.
DNSSEC with PowerDNS
We now allow users to enable DNSSEC on servers configured with PowerDNS. DNSSEC adds security to the DNS protocol by enabling DNS responses that can be validated and verified. This function is not available on servers that belong to a DNS cluster. If you enable DNSSEC on any domains on your server, you will not be able to enable DNS clustering on that server.
Context-sensitive Help in WHM
WHM now offers context-sensitive documentation. At the top of each interface, click on the question mark icon () to view documentation relevant to the section. Additionally, you can click the lifesaver icon ( ) on the right side of the interface and then click Documentation to reach the same page.
Team: SWAT Team
New purge file setting
We added the Age of content to purge from users' File Manager Trash setting in the System section of WHM's Tweak Settings interface (Home >> Server Configuration >> Tweak Settings). This setting determines the minimum age of files for the system to automatically purge from the
.trash folders in user home directories. A value of
0 configures the server to purge all files from every user's
.trash folder, regardless of age.
This setting only purges files that users delete through cPanel's File Manager interface (Home >> Files >> File Manager).
Team: Zero Cool
Disabled the distiller in EasyApache 4
We disabled the use of the Apache distiller
--update flag in EasyApache 4.
Mail SNI always enabled
As of cPanel & WHM version 60, the Dovecot and Exim servers always enable Mail SNI. We removed all Mail SNI controls from user interfaces.
We also deprecated API functions or parameters within functions that control Mail SNI functionality, and we no longer use the
AutoSSL enabled by default on new installations
New installations of cPanel & WHM enable AutoSSL activate the cPanel (powered by Comodo) provider by default. Use WHM's Manage AutoSSL interface (Home >> SSL/TLS >> Manage AutoSSL) to manage or disable AutoSSL.
AutoSSL no longer replaces non-AutoSSL certificates by default
We changed the behavior of AutoSSL so that it no longer replaces certificates that it did not issue. This behavior prevents the unexpected replacement of Extended Validation (EV) and Organizational Validation (OV) certificates from a certificate authority (CA) by AutoSSL-provided certificates.
Previously, AutoSSL replaced any certificate that was invalid or less than 3 days from expiration.
However, if you wish to allow AutoSSL to replace certificates that it did not issue, select the Allow AutoSSL to replace invalid or expiring non-AutoSSL certificates. option in WHM's Manage AutoSSL interface (Home >> SSL/TLS >> Manage AutoSSL).
Change in mail. alias behavior for Apache server
The system now automatically creates an Apache server alias for the
mail. subdomain for each domain, parked domain, and addon domain (but not subdomains). This allows the
For example, Apache will now respond to
mail.example.com as an alias for
example.com. However, Apache will not automatically respond to
mail.subdomain.example.com as an alias for the
Change in www. and subdomains behavior for SSL/TLS Wizard and UAPI-based SSL certificate orders
www. subdomains must now pass a Domain Control Validation (DCV) check before cPanel's SSL/TLS Wizard interface (Home >> Security >> SSL TLS Wizard) automatically includes them in a certificate order. The previous behavior attempted to include all
www. subdomains in certificate purchases through the SSL/TLS Wizard interface. If the DCV check failed, you could not complete the purchase through the cPanel Store.
We also updated UAPI's
Market::request_ssl_certificates function so that the
subject_names parameter no longer automatically includes the corresponding
www. subdomain with every domain. If you wish to secure a
www. subdomain in a certificate that you will order through API automation, you must explicitly declare it within the
www. subdomains of domains for which you order a certificate remain free of charge.
.htaccess files exclude DCV checks from HTTP redirections
We now automatically update
.htaccess files to exclude DCV checks from HTTP redirections so that the DCV checks complete successfully. This resolves issues that some customers reported with AutoSSL and cPanel Market purchases.
Additional returns for Market API functions for wildcard certificates
To allow users to purchase wildcard certificates, we modified the following WHM and UAPI functions:
These functions now can return the following values as necessary:
Also, if you maintain a Custom cPanel Market Provider module, you must use the
price_per_wildcard parameter in your
get_products_list subroutine to indicate wildcard products.
Transfer Tool delays updates to system
The system disables system and cPanel & WHM updates while there is an active session in the Transfer queue. This applies to both account transfers and configuration transfers.
Account creation performance improvement
We improved the account creation process performance due to more efficient handling of the BIND database. Also, we no longer use the operating system's
userdel routines. You will see significantly reduced creation times for accounts.
BIND deferred restart time
We changed the BIND deferred restart time option in the System section of WHM's Tweak Settings interface (Home >> Server Configuration >> Tweak Settings). This setting allows you to specify the time (in seconds) that the
dnsadmin service waits before it restarts BIND. The system silently discards additional restart requests in this time period. We recommend a setting between
600 seconds for busy servers and the default setting of
2 seconds on servers with few DNS changes.
Terminate Account interfaces replaced by Terminate Accounts interface
We replaced WHM's Terminate Account interface (Home >> Account Functions >> Terminate an Account) and Terminate Multiple Accounts interface (Home >> Multi Account Functions >> Terminate Multiple Accounts) with the new Terminate Accounts interface (Home >> Multi Account Functions >> Terminate Accounts).
This interface allows you to easily select multiple accounts to terminate, and it requires multiple confirmations before it removes the accounts and their data. You can also abort the account termination process for accounts in the termination queue.
cPanel interface sprites now use SVG format
We converted the image type of interface elements in cPanel's interface to SVG format. This reduces the size of many user interface icons and increases the rendering speed.
- If an .
svgfile is not available, cPanel will fall back to use the equivalent .
- We also updated the WHM, cPanel, and Webmail logos to support the SVG format, and you can use
.svgimages for your cPanel plugin icons.
- You can now use WHM's Customization interface (Home >> cPanel >> Customization) to upload
.svgimages for your custom-branded logos.
Mail script security improved
We expanded the Prevent nobody from sending mail option in the Mail section of WHM's Tweak Settings interface (Home >> Server Configuration >> Tweak Settings). It now includes email that scripts send through any loopback address.
Team: Loose Cannon
Disable Subaccount invites from WHM
In cPanel & WHM version 60, we added the ability for you to enable or disable new Subaccount invites from WHM's Tweak Settings - System interface (Home >> Server Configuration >> Tweak Settings). Previously, you could control this feature with the Reset Password for Subaccounts feature.
- If you enabled the Reset Password for Subaccounts feature in cPanel & WHM version 56, this feature defaults to On.
- If you disabled the Reset Password for Subaccounts feature in cPanel & WHM version 56, this feature defaults to Off.
- In new installations of cPanel & WHM version 60, this feature defaults to On.
Active Subaccount invite badge
In cPanel & WHM version 60, we updated cPanel's User Manager interface (Home >> Preferences >> User Manager) to display an indicator if a Subaccount owns an active or expired invite.
Subaccount Database Upgrade Script
In cPanel & WHM version 60, we updated the
upgrade_subaccount_databases script to run as a post-installation script, rather than as part of the
Updated Customization interface
WHM's Branding interface (Home >> cPanel >> Branding) is now WHM's Customization interface (Home >> cPanel >> Customization).
In addition, this interface now includes the following new features:
- You can upload, download, view, and delete styles for the Paper Lantern theme. Previously, this functionality was only available via the command line.
- You can select the default style for new accounts.
Updated WHM feature icons
The WHM interface now includes updated flat-style icons for its top-level navigation.
Improved CSS customization
Theme and plugin developers can now target specific cPanel interfaces, specific Webmail interfaces, or all Webmail interfaces in their custom
- For more information, read our Guide to cPanel Interface Customization - The styles.css File documentation.
- For a list of appkeys to use to target features, read our Guide to cPanel Interface Customization - Appkeys documentation.
Site Publisher template defaults
Site Publisher template developers can now set defaults for specific template field types in the
meta.json file. For more information, read our Guide to Site Publisher Templates - The meta.json File documentation.
Updated Email Accounts appkey
cPanel's Email Accounts interface (Home >> Email >> Email Accounts) now uses the
email_accounts appkey value. If you reference this interface's appkey in custom code, you must update it. For more information, read our Guide to cPanel Interface Customization - Appkeys documentation.
Expanded cpupdate.conf file support for installations
You can now specify cPanel & WHM version numbers without a major version number when you preconfigure the
/etc/cpupdate.conf file for a new cPanel & WHM installation. For more information, read our The cPanel Update Configuration File - cpupdate.conf and Installation Guide - Customize Your Installation documentation.
Configure address records for Nameservers
We simplified the configuration of namerserver address records in the Initial Setup Wizard and WHM's Basic WebHost Manager Setup interface (Home >> Server Configuration >> Basic WebHost Manager Setup). Additionally, you can now add IPv6 address records.
Review Update Blockers
Server administrators can now view update blockers in the Upgrade Blockers section of WHM's Upgrade to Latest Version interface (Home >> cPanel >> Upgrade to Latest Version).
Team: Zero Cool
EasyApache 4 UI improvements
The EasyApache 4 interface now properly resolves dependencies when you select packages, and asks you to choose which you prefer to install when multiple conflicts exist.
We greatly improved the speed of the user interface and added the following cosmetic improvements:
- Removed the
ea-prefixes from the selectable package names, in order to make them easier to read.
- Show the available packages in a list view, rather than tiles.
- Group the Apache and PHP modules together in the View All Packages section.
EasyApache 4 migration
We made several improvements and updates to the EasyApache 4 migration process.
EasyApache 3 profiles that contain Apache 2.2 are not compatible with EasyApache 4. We added warning messages to these profiles, and they will upgrade to Apache 2.4 when you install them.
EasyApache 4 attempts to migrate the
php.ini files on the system to an EasyApache 4-compatible format. In order for a user's
php.ini file to migrate successfully, all of the following must be true:
- The system is attempting to migrate from EasyApache 3 to EasyApache 4.
- The system's default PHP version must use the suPHP handler.
- One or more
.htaccessfiles must exist in the user's home directory.
.htaccessfile must contain a properly-configured
suPHP_ConfigPathdirectory must contain a
php.inifile that the
suPHP_ConfigPathdirective specifies must exist in the user's home directory.
If the migration completes successfully, the system renames the original
php.ini file to
php.ini.ea3.bak. The converted file does not retain comments from the original
For more information, read our The EasyApache 3 to EasyApache 4 Migration Process documentation.
Rework of the ea-php-cli package
We reworked the
ea-php-cli package to provide a new
/usr/bin/php binary. This better emulates the behavior of EasyApache 3. For more information, read our EasyApache 4 and the ea-php-cli Package documentation.
Deprecated and removed items
The x3 theme no longer ships with cPanel & WHM
New installations of cPanel & WHM will no longer include the x3 theme for the cPanel interface. When you upgrade to cPanel & WHM version 60 or higher on existing installations, we will not automatically remove the files for the x3 theme. However, we no longer support the x3 theme, and cannot guarantee that this theme will continue to function in future versions.
- Interfaces in cPanel & WHM will not list the x3 theme in theme selection menus, regardless of whether the x3 theme's files exist on the server.
- To ensure that new accounts do not use the deprecated and unsupported x3 theme, the
RSsetting now defaults to
Removed x3 theme-related interfaces
We have removed the following x3 theme-related interfaces and options from WHM:
- WHM's x3 Branding interface (Home >> cPanel >> x3 Branding)
- WHM's x3 Plugin File Generator interface (Home >> Development >> x3 Plugin File Generator)
- WHM's Legacy Configure Customer Contact interface (Home >> Support >> Legacy Configure Customer Contact)
- The x3 and x3mail options in the cPanel section of WHM's Theme Manager interface (Home >> Themes >> Theme Manager)
Certain x3-related options from WHM's Feature Manager interface (Home >> Packages >> Feature Manager)
Legacy x3-related features may continue to display in this interface, some of which may display with the Legacy label.
Appendix A: New and modified API functions
Modified cPanel API 2 functions
New UAPI functions
DNSSEC::disable_dnssec— This function disables DNSSEC on the domain.
DNSSEC::enable_dnssec— This function enables DNSSEC on the domain.
DNSSEC::fetch_ds_records— This function fetches the DS records on a domain.
DNSSEC::set_nsec3— This function configures the domain to use NSEC3 semantics.
DNSSEC::unset_nsec3— This function configures the domain to use NSEC semantics.
Team: SWAT Team
Modified UAPI functions
Market::get_all_products— Wildcard certificate and redirection parameters.
SSL::mail_sni_status— Mail SNI is always enabled.
SSL::enable_mail_sni— Mail SNI is always enabled.
SSL::disable_mail_sni— Mail SNI is always enabled.
SSL::rebuild_mail_sni_config— Mail SNI is always enabled.
SSL::is_mail_sni_supported— Mail SNI is always enabled.
Team: Honey Badgers
Team: Loose Cannon
New WHM API 0 functions
— This function retrieves a nameserver's IPv4 and IPv6 addresses.
New WHM API 1 functions
Team: Honey Badgers
Team: Loose Cannon
list_styles— This function lists the server's cPanel styles.
remove_style— This function deletes a cPanel style.
set_default— This function sets the default cPanel style.
Modified WHM API 1 functions
get_market_providers_product_metadata— Wildcard certificate and redirection parameters.
get_adjusted_market_providers_products— Wildcard certificate and redirection parameters.
get_market_providers_products— Wildcard certificate and redirection parameters.
enable_mail_sni— Mail SNI is always enabled.
disable_mail_sni— Mail SNI is always enabled.
rebuild_mail_sni_config— Mail SNI is always enabled.
mail_sni_status— Mail SNI is always enabled.
installssl— Mail SNI is always enabled.
is_sni_supported— Mail SNI is always enabled.
Team: Honey Badgers
lookupnsips— This function retrieves a nameserver's IPv4 and IPv6 addresses.