AutoSSL after parking domain

swbrains

• June 21, 2018 21:38

Hi, I have a question about what to expect from AutoSSL in a certain case: An account uses only a subdomain such as someuser.example.com and already has a wildcard SSL cert for *.example.com on that account. Then I park a domain "newdomain.com" on that same site. Can I initiate an AutoSSL "check" on that account and expect AutoSSL to issue the cert for "newdomain.com" even though there's a valid wildcard/subdomain SSL cert already on the account, or do I need to uninstall the wildcard SSL cert from that account first? Are both certs allowed on that one account? What is the best way in this scenario to ensure that an SSL cert is issued by AutoSSL for the newly-parked domain? Thanks!

• 

  24x7server

  • June 22, 2018 07:24

  Hi, No you cannot, AutoSSL generates SSL based on user and then looks for subdomain and addon inside it and then installs the SSL. If you initiate AutoSSL you will lose the wildcard SSL. Otherway round, could be that you save the current wildcard SSL, generate AutoSSL and then copy those SSL and then reinstall the wildcard SSL..

  0
• 

  swbrains

  • June 22, 2018 13:01

  In my case, I don't care about keeping the wildcard/subdomain SSL cert on the account. Once I park a regular domain on the account, I just need a SSL cert for the newly-parked domain to be active.

  0
• 

  sparek-3

  • June 22, 2018 15:02

  I really think cPanel would be better off by revamping the way they do parked domains (domain aliases). I think domain aliases should be constructed like addon domains are - with their own VirtualHost. This allows the separation of certificates to be more uniform. Instead of a VirtualHost that has 75 ServerAliases listed - which means the certificate SAN has to include all 75 of these ServerAliases - have 75 separate VirtualHosts. This way, if the user adds another domain aliases, the entire 75 SAN certificate doesn't have to be reissued with the 76th ServerAlias. A separate single SAN certificate would be issued for this new domain alias. This is how addon domains work. In fact you can do with with an addon domain. And, to me, it just makes things a bit more cleaner. cPanel should change the way domain aliases are created. Create a random subdomain off of the main domain. Set the DocumentRoot to the same as the main domain. Then create a domain alias under that subdomain. Now you have a domain alias (parked domain) pointing to the same directory as the main domain, and it has it's own VirtualHost, so certificates for it can be managed independently.

  0
• 

  cPanelMichael

  • June 22, 2018 15:45

  Hello @swbrains, You should uninstall the wildcard SSL certificate first because an alias is included under the same virtual host as the parent domain name it's associated with (as noted in the previous post). We do have a feature request to support wildcard SSL certificates as part of the AutoSSL feature at: Let's Encrypt Wildcard Certificates In the meantime, AutoSSL will already issue free SSL certificates for each individual subdomain, addon domain, and alias that's added to the account. Thank you.

  0
• 

  swbrains

  • June 23, 2018 13:02

  Thanks!

  0
• 

  swbrains

  • June 23, 2018 13:18

  With regard to

  0
• 

  cPanelMichael

  • June 25, 2018 14:20

  Hello @swbrains, It would refer to the aliases (parked domains) added underneath a single domain name on the cPanel account and not all aliases (parked domains) on the server. When adding a new alias (parked domain) on top of an existing domain name on a cPanel account, the AutoSSL feature will automatically detect the new alias during the next scheduled AutoSSL check. It then attempts to renew the existing certificate for the parent domain name associated with the alias so that it includes the new alias and it's corresponding subdomains (e.g. mail.newalias.tld). Thank you.

  0
• 

  swbrains

  • June 25, 2018 14:27

  Thanks for the clarification, @cPanelMichael.

  0

Please sign in to leave a comment.