AutoSSL only for subdomain?

Malachi

• February 12, 2018 14:42

Not sure if this is possible, and if it is how.. but here's the deal: I have a domain (www) that has a regular SSL certificate (not a free one). That ssl certificate is just for the www and non-www part of the domain. So far so good. However.... I have a subdomain (let's call it "blog") that therefore has no certificate. I want to use the Autossl feature for this. The blog has been set up as a subdomain of the domain, so it does not have it's own "account" within WHM. Is it possible to use the Let's Encrypt/Comodo free certificate for this through the Autossl feature? And if so, how?

• 

  Malachi

  • February 14, 2018 20:22

  I found the answer in another thread: Thanks for your response... the link I just gave has the answer. Note however, that the "security" block can be found in the individual account... in case you have a reseller account with a bunch of accounts in it. Second note: Besides this.. if you have a regular SSL certificate installed, simply turn on the AutoSSL for that domain anyway, but make sure you have the checkbox unchecked that says "Allow AutoSSL to replace invalid or expiring non-AutoSSL certificates." (This option will allow AutoSSL to replace certificates that the AutoSSL system did not issue. When you enable this option, AutoSSL will install certificates that replace users" CA-issued certificates if they are invalid or expire within 3 days.) Therefore, any installed certificates will stay where they are and AutoSSL will not replace those. AutoSSL will take care of subdomains that need a certificate though...

  0
• 

  cPanelMichael

  • February 14, 2018 21:20

  Hello, I'm glad to see you found the solution. Thank you for sharing the outcome.

  0
• 

  samgreco

  • April 30, 2018 17:29

  I found the answer in another thread:
  Strange. Just did this and AutoSSL does not seem to want to overwrite the cert. I get " The installed certificate does not cover this domain. The certificate will not renew via AutoSSL because it was not issued via AutoSSL" And of course, this is one of the domains that we actually use the webservers email. And the mail and webmail. are 2 of the subdomains that AutoSSL won't renew. Any thoughts?

  0
• 

  cPanelMichael

  • April 30, 2018 18:22

  Hello @samgreco, Can you provide some more information about the specific scenario you are facing so we can attempt to reproduce it on a test environment? Please include information about how the additional domain names are configured (e.g. subdomains, aliases), and verify which domain names you are excluding. Thank you.

  0
• 

  George_Fusioned

  • September 18, 2018 08:51

  I checked out both threads but unfortunately they didn't help in my case (which I believe is the same as yours here though) Here's my SSL/TLS Status page: - Removed - As you see I have an OV certificate for domain.com / www.domain.com and what I would like is to have AutoSSL generate an SSL for mail.domain.com There are no checkboxes next to the domains, in order to include/exclude domains from AutoSSL, and when I run AutoSSL this is the log output in WHM: 11:40:48 AM AutoSSL"s configured provider is "cPanel (powered by Comodo)". This AutoSSL provider does not poll for certificate availability immediately after a certificate request submission. Instead, it submits certificate requests then periodically polls the cPanel Store for each requested certificate and installs it after a successful retrieval. The system will record all requests, retrievals, and installations for the current AutoSSL run in this log. Checking websites for "xxxxxxxx" " 11:40:48 AM Analyzing "xxxxxxxx.com" " 11:40:48 AM TLS Status: Incomplete Certificate expiry: 9/14/19, 12:00 AM UTC (360.64 days from now) Issuer: commonName=COMODO RSA Organization Validation Secure Server CA, organizationName=COMODO CA Limited, localityName=Salford, stateOrProvinceName=Greater Manchester, countryName=GB Impediment: CERTIFICATE_IS_EXTERNALLY_SIGNED: The certificate is neither self-signed nor from AutoSSL. 11:40:48 AM The system has completed the AutoSSL check for "xxxxxxxx".
  Any ideas?

  0
• 

  cPanelMichael

  • September 18, 2018 15:29

  As you see I have an OV certificate for domain.com / Thank you.

  0
• 

  John Napoletano

  • January 15, 2019 05:50

  I found the answer in another thread: cPanel Inc (free) cpanel.domain.tld (A) mail.domain.tld (CNAME) I don't think you can do that above. Failing that... 1) Should mail clients target POP simply with 'domain.tld' without the mail sub? 2) Should users login to the cpanel accounts using https domain.tld:2083 or domain.tld/cpanel instead of cpanel.domain.tld? Both ideas seem to work fine. Maybe it's not a problem after all, just a misunderstanding of the way the default url structure is to be used. Anyone with insight please comment on this.

  0
• 

  cPanelMichael

  • January 15, 2019 16:06

  This doesn't seem to work on the auto created aliases, the ones created at account setup. For created sub domains maybe it works. Can you confirm this?

  
  Hi John, There's a separate workaround noted on the following thread: Can you confirm if that helps for the default aliases (e.g. mail)? Thank you.

  0

Please sign in to leave a comment.