Secure 3,500 domains per SSL certificate
Hello
I've had a problem for several years now and simply can't seem to find a solution.
I have multiple client cPanel accounts with up to 3,500 domains each. The issue is that I need to have an SSL certificate for every domain (3,500) in each cPanel account. Using cPanel AutoSSL the max limit appears to only be 200 domains! I would be super-happy if anyone can provide me with a solution or workaround to my dilemma.
Thanks
-
Hey there! There aren't going to be any tools that will handle that situation. Can I ask why there are so many domains per cPanel account? I'm not sure that is really an intended use of the software if those are all addon domains. 0 -
Hey there! There aren't going to be any tools that will handle that situation. Can I ask why there are so many domains per cPanel account? I'm not sure that is really an intended use of the software if those are all addon domains.
Hey cPRex I think we've spoken before :) Yes, so I have been using cPanel to host whole domain portfolios (Parked Domains), these are both for sale, some have developed websites others have mini-sites on them. Splitting the domains up to host 200 /per cPanel would potentially create hundreds of cPanels to manage! So it's simply not possible, I am hopeful that someone can point me to a solution, there must be one?0 -
Unfortunately that's not going to be a possibility. Most SSL providers limit their certificates to 250 domains. Here's the Sectigo documentation showing this: Multi-Domain SSL Certificates 0 -
Are these domain aliases or addon domains? Been saying it for quite a while (ever since the SSL for everyone craze started), cPanel needs to move away from domain aliases and towards addon domains with shared DocumentRoots. Domain Aliases (parked domains) just adds the domain to the ServerAlias directive in the web server configuration. If you have 10 domain aliases, then a single VirtualHost in the web server configuration is responsible for 11 domains (the main domain + the 10 domain aliases), so a certificate has to be generated for all 11 domain names. (And regenerated every time one of those domains is added or deleted from the domain alias list) Addon domains create their own VirtualHost containers. So if you have 10 addon domains, then you have 11 VirtualHost containers - the main domain + the 10 addon domains. Each VirtualHost can have it's own certificate. So you'd actually have 11 certificates generated. When one is deleted... so what? The certificate doesn't get automatically renewed when it's renewal comes up. Want to add an 11th addon domain? Just generate a new certificate for that 11th domain name. Now... having said all of that... I actually have no idea how cPanel's AutoSSL works in regards to this. I could forsee the issue with domain aliases and certificate (re)generation, so I implemented my own solution. My "AutoSSL" doesn't depend on anything that cPanel does with automatic SSL generation. So I may be speaking out of turn here. Additionally, I would agree that 3500 domains on a single cPanel account is probably an extreme edge case and doesn't reflect the intent of cPanel. When you get into edge cases like this... you really can't expect the software to work the same as it does for everyone else the uses it within the realm of intention. There's likely always going to extreme cases where a user wants a piece of software do to something it's not specifically designed for, but the issue is that the user is "one" user. The other 99,999 users use the software within the bounds of intention. I would not expect a developer to bend over backwards to appease that one user if there's no justification for the other users. 0 -
@perplex Not sure whether you have already tried this out. But you may try the option of FleetSSL which is a third party plugin which uses Lets Encrypt for issuing the certificate. I dont see any Lets Encrypt enforced rate limiting will affect your requirement. You may need to try out the 'Issue' option of 0 -
I'm fairly certain that plugin will still be bound to the Let's Encrypt domain limits. 0 -
@SS-Maddy Unfortunately it doesn't look like FleetSSL is going to be able to do what I want, but thanks for the link. 0 -
Are these domain aliases or addon domains? Been saying it for quite a while (ever since the SSL for everyone craze started), cPanel needs to move away from domain aliases and towards addon domains with shared DocumentRoots. Domain Aliases (parked domains) just adds the domain to the ServerAlias directive in the web server configuration. If you have 10 domain aliases, then a single VirtualHost in the web server configuration is responsible for 11 domains (the main domain + the 10 domain aliases), so a certificate has to be generated for all 11 domain names. (And regenerated every time one of those domains is added or deleted from the domain alias list) Addon domains create their own VirtualHost containers. So if you have 10 addon domains, then you have 11 VirtualHost containers - the main domain + the 10 addon domains. Each VirtualHost can have it's own certificate. So you'd actually have 11 certificates generated. When one is deleted... so what? The certificate doesn't get automatically renewed when it's renewal comes up. Want to add an 11th addon domain? Just generate a new certificate for that 11th domain name. Now... having said all of that... I actually have no idea how cPanel's AutoSSL works in regards to this. I could forsee the issue with domain aliases and certificate (re)generation, so I implemented my own solution. My "AutoSSL" doesn't depend on anything that cPanel does with automatic SSL generation. So I may be speaking out of turn here. Additionally, I would agree that 3500 domains on a single cPanel account is probably an extreme edge case and doesn't reflect the intent of cPanel. When you get into edge cases like this... you really can't expect the software to work the same as it does for everyone else the uses it within the realm of intention. There's likely always going to extreme cases where a user wants a piece of software do to something it's not specifically designed for, but the issue is that the user is "one" user. The other 99,999 users use the software within the bounds of intention. I would not expect a developer to bend over backwards to appease that one user if there's no justification for the other users.
In answer to your question, my domains are parked as Aliases. I've done a bit more research and the best I can achieve using WHM and cPanel by tweaking settings is SSL for 1,000 domains only; however, due to this limit it would really be more like 500 domains as I would want both www.example.com and example.com secured. I have 3,500 domains /per cPanel account x10 so this would leave me 3,000 /per account without SSL certificates. Reparking the domains in 500 batches is simply not an option as this would be extremely time-consuming and I would end up with 70 cPanel accounts to manage..OMG! What I need in cPanel is for AutoSSL to batch domains in to groups of 500, then issue SSL for www.example.com and example.com. This way a new SSL certificate would be generated for every 500 domains. If there's definately not an existing solution out there, and I have looked high and low already, then do you think it's possible for a developer to create a cPanel compatible plugin to achieve this for me?0 -
Hey there! There aren't going to be any tools that will handle that situation. Can I ask why there are so many domains per cPanel account? I'm not sure that is really an intended use of the software if those are all addon domains.
@cPRex Hey there, No the domains are actually parked as Aliases. I run a small web hosting business and I manage parked portfolios of domains for clients so that they may generate revenue from parking and also offer their domains for sale. Without SSL on their domains they're missing out on a lot of potential visitors to their sites. Hmmm I'm totally stumped at this point, there must be an answer out there somewhere! :)0 -
Hi! I know that this is an old post, but how did you fixed it?
I have a similar situation with the limits that Let´s Encrypt (up to 100 domain alias ) and Sectigo have ( up to 250 domain alias )
0 -
I don't believe they did resolve this.
0
Please sign in to leave a comment.
Comments
11 comments