WHMCS - Registrar Module

Introduction

Modules directly shipped with WHMCS are maintained by the WHMCS Core Team. Bugs and Feature Requests have to be addressed via https://whmcs.com. It is possible to migrate to our Module Variant.

We are offering our custom module for WHMCS which covers more features than the natively integrated module would ever receive. In addition, this enables us to release more frequently. Therefore, we recommend using our custom variant instead.

NOTE: Since August 2023 we are no longer accepting new Customer Signups for HEXONET, please signup for CentralNic Reseller and use this WHMCS integration instead. The Integration is maintained by the same Team at CentralNic - we continue our professional work there, but also for existing HEXONET customers.

Features

WHMCS - Available Module Features & Addons

Installation

WHMCS - Module Installation & Upgrade

Domain Renewal Mode (Preventing Automatic Domain Renewal)

To avoid automatic renewal of domains that your customers do not wish to renew, it’s important to change the default behavior of the Domain Renewal Mode in our systems. By default, it is set to “Automatic Renewal”. Find below the steps for chaning it accordingly.

The renewal mode setting only applies to new domain registrations in your account. If you have previously registered domains in your account, make sure to reconfigure their renewal mode and disable automatic domain renewals as follows.

  1. --- global configuration setting: ---
    Log in to your account at LIVE System or OT&E System.
  2. Click on your username at the top right of the page.
  3. Navigate to Products > Domain Name Settings > Renewal Mode for New Domains.
  4. Select “Expire Domain” and click “Save”.
  5. --- update existing domains: ---
    Navigate to Dashboard > Domains.
  6. On the Domain Names Overview page, select all domains you wish to update.
  7. Use the “Bulk” dropdown field to update their renewal mode.
  8. Click the “Auto Renew” button to disable automatic domain renewals.

For reference, please see the screenshots below.

Changing default settings: domainrenewals domainrenewals

To update the renewal mode for existing domains: domainrenewals domainrenewals domainrenewals domainrenewals domainrenewals

Module Migration

If you started with the HEXONET module shipped with WHMCS and you're interested in switching to our HEXONET/ispapi Registrar Module, then click the button below - it allows for migrating by a single click.

migrationbttn

After this step, you can safely deactivate the built-in HEXONET module as the HEXONET/ispapi module is now used as replacement. Just ensure to also reconfigure the Lookup Provider via System Settings > Domain Pricing.

Module Configuration

Navigate to System Settings > Domain Registrars. Find the HEXONET/ispapi Module in the list and activate it. If you’re not able to find that Module in the list, something went wrong with the Module Installation - please check this part again please. The CentralNic Reseller Module isn't required.

configuration configuration configuration

 

configuration

Now, configure this Module by entering your credentials (OT&E or LIVE System Account). Activate Use Test Environment by activating the checkbox in case you want to use the OT&E System - just ensure you don’t mix it up with LIVE System Credentials or vice versa.

NOTE: We highly recommend to have two Sytems set up - An Integration Test / Demo System connected to our OT&E System and your Production System connected to our Live System. Switching this in one System may lead to bad experiences later on e.g. Registrar TLD Sync related, Domain Portfolio Mixup etc. You can request a free Developer License at whmcs.com that you can use for an internal hosted WHMCS Installation.

Plenty of the below configuration Settings are related to Custom Features of our Registrar Module and are used to turn them either on or off, by default turned off. Find Details here: WHMCS - Available Module Features & Addons.

Default TTL

The default TTL used for DNS Management. Used as default value for the TTL Field we made available.

Proxy Server

You may configure a Proxy Server to use for connecting. This configuration setting is optional. But this might be the entry point for performance improvements. I you have a Reverse Proxy set up, communication will be sent to this server. It could care for keeping connections open for a while (connection keep-alive) to improve HTTP communication performance. This is similar to what we offer via the high-performance proxy setup, but a way working for other web servers than Apache. This setting does not work together with the High-Performance Proxy Setup!

IRTP (Inter-Registrar Transfer Policy)

Our own related guide about IRTP and how our Backend System API is supporting it, can be found here.

We recommend using Option 1 to activate the default WHMCS way of the IRTP integration. The 2nd option may receive deprecation in future (in whmcs).

Option 1 (SUGGESTED):

This is the default and suggested setting. By checking this option you confirm to have obtained verifiable DA (Designated Agent) status. You will be automatically acting as Designated Agent(DA) for the new and old registrant. Our registrar module confirms the DA status by sending the following additional domain fields automatically with the TradeDomain command:

"X-CONFIRM-DA-OLD-REGISTRANT" => 1,
"X-CONFIRM-DA-NEW-REGISTRANT" => 1

Note: Ensure to have the “gTLD Inter-Registrar Transfer Policy” settings deactivated/removed in our control panel. If you haven’t configured this in the past, no worries.

Option 2 (DEPRECATED):

By checking this option you confirm to have obtained verifiable DA (Designated Agent) status to act on behalf of the new registrant of a domain name.

  • navigate on the control panelReseller Controls > Product Settings > Domain Settings. Under the “gTLD Inter-Registrar Transfer Policy” section first read the terms, implement the legal changes, and finally verify your Designated Agent status and your wish to alter the ModifyDomain command for IRTP compliance.
  • Whenever your customer evokes a material change of registrant, the Reseller must submit the change as the DA for the new registrant.
  • The prior (old) registrant will always be sent an authorization email, and they will have fourteen (14) days to confirm the change.
  • The opt-out of the sixty (60) days transfer lock is enabled for module Resellers by default. However, if a Reseller wishes to opt-IN (disable the automatic opt-out) to the registrar transfer lock so that they can immediately process Change of Registrant requests with added security (for Change of Registrant when email addresses are not working), resellers can simply enable the checkbox stating “Disable the automatic opt-out. Registrant changes are processed in realtime, but domains will also get transfer-locked for 60 days. Dependant on fallback being enabled.

Automatic Transfer Lock

Activate Automatic Transfer Lock setting by using the appropriate checkbox to ensure outgoing transfers can’t be initiated in ease. We suggest that setting as it helps securing your domain names from getting transferred out in ease.

Automatic NS Update

Activate Automatic NS Update setting in case you want our module to update domain’s nameservers automatically after successful transfer.

Automatic Contact Update

Activate Automatic Contact Update setting in case you want our module to update your domain’s contact details automatically after successful transfer.

Offer DNSSEC / Secure DNS

If you want to offer secure DNS / DNSSEC / Secure DNS, feel also free to activate the checkbox Offer DNSSEC / Secure DNS.

Transfer Checkout Pre-Checks

Activate Transfer Checkout Pre-Checks setting in case you want to have Domain Transfer Orders pre-checked. We validate if initiating the Transfer would succeed.

Sync Id Protection

Activate Sync Id Protection to include synchronizing this Domain Add-Ons checkboxes within the Registrar TLD Sync. We just Sync it for TLDs configured with us as Registrar in Auto Registration (see Domain Pricing Overview).

Suspend after Expiration

Activate Suspend after Expiration if you want to suspend domain name automatically after expiration. This option is useful if you’re faced with clients who are used to pay their domain renewals very late and you want to pressure a bit. Worst case such clients would lose domains when accidentally forgetting about the renewal. You can unsuspend domains over Client Profile > Tab Domains using the Button Unsuspend.

WHOIS Output & ERRP Settings

Offer fields for domain-level custom WHOIS Output and ERRP Settings in Client Summary > Tab Domains.

High-Performance Setup

Activate High-Performance Setup if you want to activate the High-Performance Proxy Setup. Please read about the technical requirements below and necessary configuration steps first. This mechanism is only compatible to Apache - still, you might try to work out a similar configuration for your Web-Server. We did not succeed with this in direction of LiteSpeed.

In case you are experiencing network latency issues (long node path to our data center), this setup may help improving the situation. After activation your WHMCS is requesting ALL our API requests via HTTP to localhost / 127.0.0.1 and there, a Proxy Mechanism cares for forwarding these requests to our API endpoint using HTTPS. This mechanism improves the performance as it is keeping the connections persistent and avoids a bit of reccuring connection handling overhead.

APACHE

At least Apache version 2.2.9 is required.

An example Apache configuration with binding to localhost:

<VirtualHost 127.0.0.1:80>
    ServerAdmin webmaster@localhost
    ServerSignature Off
    SSLProxyEngine on
    ProxyPass /api/call.cgi https://api.ispapi.net/api/call.cgi min=1 max=2
    ProxyPass /api-ote/call.cgi https://api-ote.ispapi.net/api/call.cgi min=1 max=2
    <Proxy *>
        Order Deny,Allow
        Deny from none
        Allow from all
    </Proxy>
</VirtualHost>

The following Apache2 modules must be installed and activated:

sudo a2enmod http_proxy ssl
sudo service apache2 restart

OTHER WEB SERVERS

Basically, LiteSpeed is a Drop-in Replacement for Apache and very compatible with Apache Configuration Settings. Still, we were not able to get the above mechanism supported by LiteSpeed.

Let me point you to the “Proxy Server” setting as well. Set up a Proxy Server with a connection keep-alive setting and provide the ip address and the port e.g.

Proxy Server: 66.96.200.39:8080

or just the ip / hostname for port

Proxy Server: 66.96.200.39


Aftermarket Domains

Offer Aftermarket Domains to your clients.

Precheck ID Protection / DNS Management / Email Forwarding

These settings lead to prechecking the checkboxes of shopping cart items. Your clients will still have to submit this, but they don't have to activate the checkboxes manually.

Offer Web Apps

If you want to offer our Web Apps to your customers, activate the Offer Web Apps checkbox.

NS & DNS Management

If you want to use DNS, URL or Email forwarding, domains must resolve to the ISPAPI nameserver cluster (ns1.ispapi.net, ns2.ispapi.net, ns3.ispapi.net). Alternatively: your Nameservers, but pointing to the ip addresses of our nameservers, we will explain this in the next steps.

You can enter them in Setup > General Settings > Domains as Default Nameservers for your customers:

nameservers

You can also create your own nameserver hostnames and use them, as long as they are registered and resolve to the correct IP addresses.

If you plan to use HEXONET’s DNS, ensure to activate checkbox DNS Management for the appropriate TLDs in the Domain Pricing Section of WHMCS (System Settings > Domain Pricing). This Domain Addon, when ordered, leads to getting an internal DNS Zone created at HEXONET, ready to use with the related domain name and the domain itself will be connected to it. This service is totally for free, no worries. Reminder: If you want to use a 3rd-party DNS, nothing you should start offering.

dnsmanagement

When registering a domain name, a checkbox for this Domain Addon will then be offered to your customers. When used, it finally allows managing resource records for that domain name over WHMCS.

shoppingcartdns

NOTE: If you plan to offer .DK Domains, please ensure to have your custom nameservers registered at DK Hostmaster first. Read here.

White-label DNS

aka. Vanity Name Servers.

Vanity name servers allow you to create name servers that reflect your organization (in this example “anthony.com”). If you want to use HEXONET’s DNS and Nameservers, but you’re looking for a way to keep them branded? Then, this section covers what you need.

So, instead of using our name server set,

ns1.hexonet.net
ns2.hexonet.net
ns3.hexonet.net
// aka. ns1/ns2/ns3.ispapi.net.

Vanity Name Servers allow for your branded name server set:

ns1.anthony.com
ns2.anthony.com
ns3.anthony.com

OUR NS IP ADDRESSES

Our nameservers use the below ip addresses:

ns1.hexonet.net -> 194.50.187.134
ns2.hexonet.net -> 194.0.182.1
ns3.hexonet.net -> 193.227.117.124

In addition to the below private Nameserver Settings, please do not forget to add A records to the related domain name’s DNSZone (in this example “anthony.com”) via DNS Management:

A Records for Nameservers

NAMESERVER SETTINGS

In WHMCS’ Client Area, please navigate to the domain name under which you want to have you nameservers registered and managed. e.g. if you want to have the nameservers “ns1.anthony.com”, “ns2.anthony.com” and “ns3.anthony.com”, then navigate to the detailed overview of the domain “anthony.com” and then to Private Nameservers.

Register Private Nameservers

Registered Private Nameservers

Here, you either Register new Nameservers or Modify existing Nameservers accordingly. If you don’t remember the current ip addresses of existing nameservers, well then delete and recreate them just with the new ip address. Just in case adding or modifying Nameservers is resulting into errors, be aware of that some registry providers are doing nameserver checks. So ensure the provided nameserver ip addresses are reachable - which should of course be the case for our nameservers. Also, sometimes it might be necessary to have the DNS Management Addon activated, if the underlying registry provider of a TLD covers private Nameservers through Glue Records.

Finally ensure to have this set of nameservers configured as Default Nameservers in WHMCS (read above) so that your clients are getting them suggested in the order process at the shopping cart level. In addition care about having the DNS Management Domain Addon configured accordingly (read above).

Additional Domain Fields

Since Version 6 of our Registrar Module, no need to worry about a special configuration file any longer.  Our Module is shipping with built-in Fields. We recommend removing the existing custom configuration file (/resources/domains/additionalfields.php) either entirely or just the parts related to the TLDs offered over us. Then, please take over changes to your theme to get the additional domain fields also shown on the contact information page in your WHMCS’ client area. Find the theme file clientareadomaincontactinfo.tpl either under /templates/cnic-six or /templates/cnic-twenty-one. Custom changes are nicely wrapped by comments and therefore, they can be identified and taken over in ease. You can skip this entire section then.

For WHMCS 7 (we aren't any longer actively supporting it), you can use our sample file as file /resources/domains/additionalfields.php.

Related: Additional Domain Fields - WHMCS Documentation

HEXONET Account Hardening

In order to secure your WHMCS installation, we recommend creating a User Role only dedicated for WHMCS. This User Role will only be able to execute the white-listed commands.

Whitelist API Commands

Here the list of commands ordered by whmcs module, that you need to whitelist - see next section where to paste them.

ALL our modules:

The below list covers all commands you need for all our modules (except deprecated ones).

AddDomain():ALLOW
AddDomainApplication():ALLOW
AddNameserver():ALLOW
CheckAuthentication():ALLOW
CheckAuthorization():ALLOW
CheckDomains():ALLOW
CheckDomainTransfer():ALLOW
CheckIDNLanguage():ALLOW
ConvertIDN():ALLOW
CreateSSLCert():ALLOW
DeleteDomain():ALLOW
DeleteNameserver():ALLOW
DENIC_CreateAuthInfo1():ALLOW
EndSession():ALLOW
ExecuteOrder():ALLOW
GetEnvironment():ALLOW
GetUserIndex():ALLOW
ModifyContact():ALLOW
ModifyDomain():ALLOW
ModifyNameserver():ALLOW
ModifyUserPassword():ALLOW
ParseSSLCertCSR():ALLOW
PayDomainRenewal():ALLOW
PushDomain():ALLOW
QueryDNSZoneRRList():ALLOW
QueryDNSZoneStats():ALLOW
QueryDomainList():ALLOW
QueryDomainOptions():ALLOW
QueryDomainRepositoryInfo():ALLOW
QueryDomainSuggestionList():ALLOW
QueryDomainWhoisInfo():ALLOW
QueryEnvironmentList():ALLOW
QueryExchangeRates():ALLOW
QueryObjectList():ALLOW
QueryObjectLogList():ALLOW
QueryOrderList():ALLOW
QuerySSLCertDCVEmailAddressList():ALLOW
QueryUserObjectStatistics():ALLOW
RenewDomain():ALLOW
RequestDomainAuthInfo():ALLOW
ResendDomainRegistrantVerificationEmail():ALLOW
ResendDomainTransferConfirmationEmails():ALLOW
ResendSSLCertEmail():ALLOW
RestoreDomain():ALLOW
SetEnvironment():ALLOW
StartSession():ALLOW
StatusAccount():ALLOW
StatusContact():ALLOW
StatusDNSZone():ALLOW
StatusDomain():ALLOW
StatusDomainApplication():ALLOW
StatusDomainTrade():ALLOW
StatusDomainTransfer():ALLOW
StatusObjectLog():ALLOW
StatusRoleUser():ALLOW
StatusSSLCert():ALLOW
StatusUser():ALLOW
TradeDomain():ALLOW
TransferDomain():ALLOW
UpdateDNSZone():ALLOW

Create a Role User

Create a restrictive Role User by:

  • Login to the HEXONET Control Panel
  • Click on your username (top right)
  • Click on ‘Settings’, click on ‘Share Access’ from the dropdown menu
  • Create a new role user by clicking on “New Role User”
  • Fill in the necessary input fields:

    Role ID: whmcs
    Password: **********
    Default Access: Deny
    Status: Active
    
  • [Optional] Continue to the “IP Restrictions” step and enter the outgoing ip address of your server (that runs your WHMCS instance)
  • Login to your WHMCS Backend and replace your Hexonet username with your role user.

(If your Hexonet username is “customer1” and your role user is “whmcs” you have to use the login like this: customer1!whmcs)

FYI: Further documentation about securing your WHMCS installation, can be found in the Post Installation Suggested Steps section of the WHMCS Installation Guide.

2-Factor Authentication

WHMCS itself does not support using 2-Factor Authentication (2FA) for Registrar Modules. So having 2FA activated for your user and using it in WHMCS simply does not work. If you’ve set up a restrictive User Role as described above and you’re using that one in your registrar configuration, then you can activate 2FA for your account (!!!not for your restrictive User Role!!!).

You can activate 2FA by logging in to our control panel (OT&ELIVE). Then click on your user name at the top right of the page and then navigate to Settings > Security. There, click on 2-Factor Authentication and follow that wizard.

If you lost your 2FA device / code generator, contact our support - see the footer of this page.

Activate IP Restrictions

You can activate IP Restrictions for both: Your account and the above described User Role. Find instructions on how to do that for the restrictive User Role as described here.

You can do that for your Account by logging in to our Control Panel (OT&ELIVE). Then click on your user name at the top right of the page and then navigate to Settings > Security. There, click on IP Restrictions and follow that wizard.

IMPORTANT: If you’re doing something wrong here, like just white-listing your internal server ip address instead of the outgoing one or not white-listing the ip address you are currently using yourself, you might no longer be able to login. It is also possible to add there ip address ranges. We suggest to have someone of your administrative team helping with that to ensure the correct ip addresses being white-listed. If you run into trouble or need help, contact our support - see the footer of this page.

Troubleshooting

WHMCS - Known Bugs

Was this article helpful?
0 out of 0 found this helpful