Skip to main content

Auto SSL subject domain name primary domain

horizon2021
With the Let's Encrypt auto SSL plugin, is there a way to have it use the account's primary domain as the subject for the ssl cert always? Sometimes I'm finding that an account's ssl cert has a

Comments

8 comments

Date Votes
  • cPRex Jurassic Moderator
    Hey hey! Unfortunately no - this is one area we don't really get a vote on. Let's Encrypt says this is "cosmetic" and they don't guarantee which domain will be the primary. We include this in the yellow box on our page here:
    0
  • Jhosman
    Hey hey! Unfortunately no - this is one area we don't really get a vote on. Let's Encrypt says this is "cosmetic" and they don't guarantee which domain will be the primary. We include this in the yellow box on our page here:
    0
  • cPRex Jurassic Moderator
    @Jhosman - Sectigo also doesn't guarantee any type of order to the domains on a certificate.
    0
  • horizon2021
    I guess the only way to work around this would be to have an option to request a cert for the primary account domain.com (only) and then a second cert for everything else.
    0
  • cPRex Jurassic Moderator
    Sure, but then we run into this issue, which isn't something we plan to implement at this point:
    0
  • horizon2021
    I guess for now, for any important accounts where it matters to me, the best workaround for me is to continue to buy an ssl cert for the primary domain and then let cpanel install free certs for any subdomains. That way when visiting the main domain it will always show the cert for the main domain, and it will still save money over not having autossl. Another thing to do would be to eliminate any subdomains now that would look bad if one day the main site presents that as the ssl cert subject for the main domain.
    0
  • cPRex Jurassic Moderator
    Just for my own curiosity, can you let me know where you are seeing this cause an issue? As long as the domain you're visiting is in the SAN list, end-users in the browser shouldn't have a different experience.
    0
  • horizon2021
    It doesn't cause a site to stop working - it just "looks slightly amiss" if someone views the ssl cert and it says an unexpected site. It looks like a primary way that subdomains are "revealed" or presented as the main site's ssl cert in "unfortunate random happenings" now is that cpanel creates www.subdomain entries may help. (have to look into how to do that as cpanel appears to create them automatically). The actual subdomain.domain.com is covered by *.domain.com but if you have internal-test.domain.com cpanel auto creates www.christmas-slippers.highfashionshoes.com or christmas-slippers.com as the main site's identity under the ssl cert. It just looks less than premium or slightly tacky/off if that happens. Granted only nerdy people probably look at the cert. But I will say that there was one web services company that I hesitated to signup with because I did look and their main site showed the ssl cert of a blog site they also ran rather than their main site. Gave me a moment of pause.
    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post