Skip to main content

SSL subdomain issue

SBGD
I've installed a paid-for SSL certificate for one of the account domains on my VPS. I previously had the AutoSSL certificate on the domain, but I deleted this in order to force the proper certificate to show up. This SSL is not a wildcard certificate. My issue now is that the subdomains for cpanel, mail, web disk and webmail are not accessible without getting a security warning. I don't see any way to be able to install the SSL certificate on just the www and non-www version of the domain without selecting those subdomains. I understand why this is happening, but can I install either an AutoSSL or Lets Encrypt certificate to cover these subdomains, or do we always have to buy a Wildcard SSL? Also, I'm now unable to use ftp with this account, it appears to log in but it won't load the directory. Not sure if this is related... I'm using CPanel version 68.0.29 on CentOS 6.9. Thanks!

Comments

7 comments

Date Votes
  • cPanelMichael
    Hello, You can enable AutoSSL for the account and then exclude coverage for the domain name itself (and www) using the SSL TLS Status option in cPanel: SSL TLS Status - Version 70 Documentation - cPanel Documentation Thank you.
    0
  • SBGD
    Hello, You can enable AutoSSL for the account and then exclude coverage for the domain name itself (and www) using the SSL TLS Status option in cPanel:
    0
  • cPanelMichael
    The messages I get suggest that an AutoSSL certificate will not be issued. There's simply no way to tell what's happening.

    Hello, Do you see any additional information for this account under the "Logs" interface in "WHM >> Manage AutoSSL"? Thank you.
    0
  • SBGD
    Hello, Do you see any additional information for this account under the "Logs" interface in "WHM >> Manage AutoSSL"? Thank you.

    Hi here's the log report from the last time I ran AutoSSL 2:09:23 PM This system has AutoSSL set to use "cPanel (powered by Comodo)". 2:09:23 PM Checking websites for "myaccount" " 2:09:23 PM WARN The certificate for the website "mydomain.co.uk" will not contain the domains "mydomain.co.uk" and "www.mydomain.co.uk" because the current configuration excludes these domains. at /usr/local/cpanel/Cpanel/SSL/Auto/Report.pm line 125. 2:09:23 PM This website"s SSL certificate lacks the following domains: mail.mydomain.co.uk, cpanel.mydomain.co.uk, cpanel.mydomain.co.uk, webdisk.mydomain.co.uk, webdisk.mydomain.co.uk, webmail.mydomain.co.uk, webmail.mydomain.co.uk. AutoSSL will not replace a certificate that an installed AutoSSL provider did not generate unless it expires within 3 days. 2:09:23 PM The website owned by "myaccount" has a valid SSL certificate. 2:09:23 PM The system has completed the AutoSSL check for "myaccount".
    0
  • cPanelMichael
    Hello, Could you open a support ticket using the link in my signature so we can take a closer look at that account? Thank you.
    0
  • cPanelMichael
    Hello, To update, per the support ticket, in this case the exclusion of the subdomains using "cPanel >> SSL TLS Status" is not a valid solution because the subdomains in-question are actually considered aliases (setup as part of the proxy subdomain feature). Internal case CPANEL-11839 is open to report the issue where AutoSSL doesn't cover aliases if the certificate for the primary domain isn't an AutoSSL certificate. I'll monitor the case and update this thread with more information as it becomes available. Thank you.
    0
  • SBGD
    Hello, Could you open a support ticket using the link in my signature so we can take a closer look at that account? Thank you.

    Sorry, I've just spent 15 minutes trying to navigate your support but it just won't let me give you access to the server. I've now lost all the text I've just typed out
    Hello, To update, per the support ticket, in this case the exclusion of the subdomains using "cPanel >> SSL TLS Status" is not a valid solution because the subdomains in-question are actually considered aliases (setup as part of the proxy subdomain feature). Internal case CPANEL-11839 is open to report the issue where AutoSSL doesn't cover aliases if the certificate for the primary domain isn't an AutoSSL certificate. I'll monitor the case and update this thread with more information as it becomes available. Thank you.

    Thank you for updating the thread. If anyone else is ever looking at this, then the issue is that, at this time, if you wish to install a non-AutoSSL certificate and need subdomains such as mail.mydomain.com (for secure email connections) then you will need to install a wildcard SSL. For me, I just didn't realise this would be an issue when my client bought their SSL certificate. Lesson learned!
    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post