Why doesn't SSL cover webmail, mail, cpanel, whm subdomains?

MrCanada

• January 29, 2018 06:53

Hello. I installed SSL on my domain (example.com) which also works if you go to

• 

  cPanelMichael

  • January 30, 2018 17:45

  Hello, SSL certificates for the proxy subdomains (e.g. cpanel, whm, webmail, mail) are included for free as part of the AutoSSL feature: Manage AutoSSL - Version 70 Documentation - cPanel Documentation Are you using AutoSSL on this system? Thank you.

  0
• 

  linux4me2

  • January 30, 2018 20:31

  I'm still using WHM 68, but I have noticed lately that when a new account is added in WHM, and AutoSSL is enabled for the user in Manage AutoSSL, the main domain is provided with a certificate, but the subdomains webdisk, webmail, cpanel, and autodiscover are not. If I look at the AutoSSL logs, there will be an error regarding the subdomains not being resolved, and the red, unlocked padlocks appear by the domains in Manage SSL Hosts as the OP shows in his image. The workaround I use is to edit the DNS zone for the affected user, adding A records for each unsecured subdomain (they are apparently not added to the DNS record when the user account is created) using the IP for the domain. The next time AutoSSL runs, the certificates are added, the errors in the logs go away, and all is good. I think the issue is not with AutoSSL, but that the subdomains aren't being added to the DNS Zones when an account is created, so when AutoSSL tries to add the certificates, it is unable to resolve the subdomains.

  0
• 

  cPanelMichael

  • January 31, 2018 15:16

  Hello, Check to make sure the following options are enabled under the "Domains" tab in "WHM >> Tweak Settings" on this system: Proxy subdomains Proxy subdomain creation Additionally, for your existing domain names, you can run the following command to add the missing DNS entries: /scripts/proxydomains add --ifenabled
  Note that in cPanel version 70, we automatically complete a one time check on the server to check for missing proxy subdomain entries: Fixed case CPANEL-17258: Do a one time check for missing proxy subdomains. Thank you.

  0
• 

  linux4me2

  • January 31, 2018 16:16

  In my case, proxy subdomain creation was disabled in WHM -> Tweak Settings -> Domains.

  0
• 

  jamiepenner

  • February 21, 2018 18:23

  Discovered today that cachewall also prevents AutoSSL from updating certificates properly

  0

Please sign in to leave a comment.