SSL certificate for mail server only (A record is pointed elsewhere)
We have a cPanel account where the A record and WWW are pointed elsewhere. Currently, there's a LetsEncrypt certificate that is expiring in 7 days, that covers the domain and all subdomains. AutoSSL will not renew the certificate, because the A and www fail DCV.
Is there a way we can still use AutoSSL to provide a certificate for the remaining subdomains? mail.*domain*.com and cpanel.*domain*.com are the most important.
Also; if I probe the mail server for SSL for mail.*domain.com*,
openssl s_client -showcerts -connect mail.*domain.com*:993
it serves up the server's own hostname certificate, rather than the certificate for mail.*domain.com*. Is this expected behaviour?
Thanks for any and all help.
-
Is it failing because the "A" and "www" fail or is it failing because of "reduced coverage" (i.e. the cert used to cover more things that it does not)? If it's reduced coverage, try going to SSL/TLS Coverage in the cPanel account and disabling the things you don't host. Then try running auto-SSL again. 0 -
The error is: The web server responded with the following error: 404 (Not Found). A DNS (Domain Name System) or web server misconfiguration may exist. The domain "*domain.com*" resolved to an IP address "xx.xx.xx.xx that does not exist on this server. I can't find SSL/TLS Coverage in cPanel. I'm sure I've seen it previously, but can't see it any longer. There is: SSL/TLS SSL/TLS Wizard SSL/TLS Status None of which seem to have SSL coverage. Thanks. 0 -
Sorry, it's SSL/TLS Status On that page you should see all the domain/sub-domain names. There should be checkboxes in front of them and you can Exclude (disable) the ones that you don't host. 0 -
I may have to open a ticket for this one. There's no checkbox for each subdomain - only the parent one, and the 'exclude' button is grayed out. If I check other domains, they do have the expected checkboxes. Thanks for the help. Appreciated. 0 -
If you don't have root access to the system, you'll likely need to contact your host to have them check the settings on the account. 0
Please sign in to leave a comment.
Comments
5 comments