Install SSL, but not for mail subdomain
Hi,
We're using a EV certificate on our primary domain. This only covers the root domain.
AutoSSL won't setup a free SSL certificate to the mail subdomain - but I have no idea why. It seems like cPanel thinks the mail subdomain is included in the EV certificate, which it isn't.
-
Hi @DennisMidjord Is the mail subdomain a CNAME or is it actually a subdomain? Curious if it being a CNAME may be causing the issue in this instance. Furthermore what is the error (if any) received in the AutoSSL logs in regard to this? Thanks! 0 -
Hi, No, it's just an ordinary A record pointing to the account's dedicated IP. Under SSL/TLS Status, I see this next to the subdomain: The installed certificate does not cover this domain. The certificate will not renew via AutoSSL because it was not issued via AutoSSL. 0 -
HI @DennisMidjord For that domain and subdomain if you go to cPanel>>SSL/TLS Status and exclude the domain with the EV certificate added to it (or any domain with a non AutoSSL issued certificate) from getting an SSL certificate are you able to provision a certificate for the mail. subdomain. 0 -
Hi, I don't have the option to exclude it. 0 -
Hi @DennisMidjord The certificate is definitely being viewed as being installed on the mail. subdomain - what is listed in the SAN's portion of the certificate? Thanks! 0 -
Hi, It's the following domains: - domain1.dk
- domain2.dk
- example.com
0 -
Hi @DennisMidjord Can you please open a ticket using the link in my signature? Once open please reply with the Ticket ID here so that we can update this thread with the resolution once the ticket is resolved. Thanks! 0 -
Hi @cPanelLauren! Thanks, that's done now. I never knew about opening tickets directly from WHM - much easier :-) Ticket ID is 10240525. 0 -
Hi @DennisMidjord Great! I am watching the ticket and I'll update here when with the outcome. Thanks! 0 -
Case closed! AutoSSL can't be mixed with other certificates. If we want AutoSSL to cover the mail subdomain, we'd have to remove the existing EV certificate. The other solution would be to buy an extra SAN for the EV certificate and include the mail subdomain. Guess I'll try to mess a bit with setting up certbot to issue a certificate that covers the mail subdomain :-) 0 -
Hi @DennisMidjord Technically that's true - it won't by default cover this because by default mail.domain.com and www.domain.com are added as aliases for domain.com. What you should be able to do at least for the mail. subdomain is create it in cPanel>>Domains>>Subdomains Note: the docroot needs to be something other than mail due to an internal case CPANEL-22229 which is resolved in v76. Once the subdomain is created it will have it's own VirtualHost similar to the following: :80> ServerName mail.test.com ServerAlias www.mail.test.com DocumentRoot /home/test/public_html/male ServerAdmin webmaster@mail.test.com UseCanonicalName Off
And no longer be included as a ServerAlias of the root domain. If you try this please let me know how it works out for you. Thanks!0 -
That actually seems to be working. Thanks! 0 -
Hi @DennisMidjord Great! Thanks for letting me know, I'm glad it was a solution for you. 0 -
Hi @cPanelLauren, Sorry about texting here but i have a same problem with EV Certificate. Is available just for domain.tld and www.domain.tld. Not for mail, cpanel, webdisk,etc. what is the solution to assign another paid or Let's Encrypt SSL certificate? just for mail and proxy subdomains? Thanks. 0 -
cPanel provides free hostname certificates if you choose to use a separate certificate you can cover the service subdomains with it they just need to be included as SAN's on the certificate. 0 -
Hi Lauren, could you please elaborate on how to set the subdomains to SANs in the AutoSSL? Thanks. 0 -
Hello, Pending they exist @DerekC they should be automatically added to the certificates provisioned by AutoSSL. 0
Please sign in to leave a comment.
Comments
17 comments