"Generate a self-signed SSL for new domains" vs AutoSSL?
First to differentiate:
1) AutoSSL installs Let's Encrypt SSL which is CA-signed and passes the browser security check?
2) Option "Generate a self-signed SSL certificate if a CA-signed certificate is not available when setting up new domains." is not referring to SSL that is installed by AutoSSL? It is a separate cPanel self-signed certificate that doesn't pass the browser security check like any other self-signed SSL?
Scenario 1 (AutoSSL off, Self-Signed off):
You're left with HTTP.
Scenario 2 (AutoSSL on, Self-Signed off):
Self-signed SSL is not generated, AutoSSL will be generated automatically.
Scenario 3 (AutoSSL on, Self-Signed on):
What happens here?
Is there a benefit to having both of these options on? What is the benefit of having Self-Signed "on" if the AutoSSL will generate a CA-signed anyways for a new domain?
-
Hey there! Everything you've said above is correct. In Scenario 3, AutoSSL will take precedence and generate a valid certificate if possible. Let me know if you need clarification on anything else! 0 -
Hey Rex! Can you please explore my questions about the Scenario 3 a bit further: 1) What is the order of events in Scenario 3? Self-Signed is created => It gets replaced by AutoSSL's or [COLOR=rgb(44, 130, 201)]Self-Signed isn't created => AutoSSL creates? 2) Is there a benefit to having both of these options on? What is the benefit of having Self-Signed "on" if the AutoSSL will generate a CA-signed anyway for a new domain? If the above is true then Scenario 2 is the best option (disabled Self-Signed). Could it be that in the case of AutoSSL not being able to create an SSL, it can be useful to have a self-signed one? But what's the point if it will trigger the browser warning? 0 -
As far as the order of events, the self-signed cert still gets created for a brief period when Apache creates the secure vhost for the domain. It's up to you to decide if there is any benefit - browsers are getting *much* more strict about opening insecure pages, so it's likely that self-signed certificates will not have use much longer. 0 -
REDACTED 0 -
I removed your post because we can't include domain names or IP addresses in public replies. I did check the websites you mentioned that were showing an error, and they were all secured with SSL, so I'm wondering if the tool later came back and fixed the issue. Did you try visiting those pages in a browser? 0 -
I removed your post because we can't include domain names or IP addresses in public replies. I did check the websites you mentioned that were showing an error, and they were all secured with SSL, so I'm wondering if the tool later came back and fixed the issue. Did you try visiting those pages in a browser?
How did that happen?? I did check the websites you mentioned that were showing an error, and they were all secured with SSL0 -
I can't say for sure, but it seems like AutoSSL fixed the issue after your initial reply. 0
Please sign in to leave a comment.
Comments
7 comments