AutoSSL for aliases
Hello,
I recently discovered the cPanel-signed certificates (through Comodo) generated with the AutoSSL (great work guys!). Works well for an account's main domain. However, it would be great to have it also for aliases.
1. Added an alias domain, but then is invalid. But then I found out that when I created the addon domain, a self-signed certificate was created as well, and it was perhaps it causing the issue. I deleted the self-signed one (in cPanel) and now it works well (although it was tricky, I had to clear cache in Chrome). So, question no. 2: how to disable the creation of self-signed certificates? Quick research... Seems it isn't possible now (?) and will be since WHM 66, which should be out any day. Am I correct here? Any update on the WHM 66 as Release?
3. I actually sell domain names and I would ideally need to have hundreds or thousands of certificates, one for each domain I guess. Would there be any issues with that? Is there a limit of the cPanel-signed certificates I can create in a cPanel account?
Thanks!
-
Hi, AutoSSL analyses the domain verifies the Addon domain, subdomains in it and then issues it for a certificate, and when the certificate is ready, AutoSSL installs it.. However, if for any reason, the AutoSSl fails to verify in the initial stage, then the certificate issue process stops.. You have to review the AutoSSL logs in the WHM >> AutoSSL section to see whether the verification for the cPanel user is going well or not.. 0 -
Hello @blade304, . Added an alias domain, but then is invalid. But then I found out that when I created the addon domain, a self-signed certificate was created as well, and it was perhaps it causing the issue. I deleted the self-signed one (in cPanel) and now it works well (although it was tricky, I had to clear cache in Chrome). So, question no. 2: how to disable the creation of self-signed certificates? Quick research... Seems it isn't possible now (?) and will be since WHM 66, which should be out any day. Am I correct here? Any update on the WHM 66 as Release?
The self-signed certificate is only installed when no valid AutoSSL certificate is available. Rather than disabling the self-signed certificate generation, you should check the "Logs" tab in "WHM >> Manage AutoSSL" to see why the domain name is not issued an AutoSSL certificate.. I actually sell domain names and I would ideally need to have hundreds or thousands of certificates, one for each domain I guess. Would there be any issues with that? Is there a limit of the cPanel-signed certificates I can create in a cPanel account?
You can find the domain and rate limits on the following document: Manage AutoSSL - Documentation - cPanel Documentation Let us know if you have any additional questions. Thanks!0 -
Hi @cPanelMichael, Thanks for the reply. 1. Standard warning message. As I said, the certificate at as well". And that was the certificate the browser get at 0 -
. Standard warning message. As I said, the certificate at > Manage AutoSSL" to see why AutoSSL failed to validate the aliased domain name.
. But alias2.dom (addon domain) was issued an AutoSSL certificate. I said "a self-signed certificate was created as well". And that was the certificate the browser get at Problem with automatically generated self-signed SSL certificates
. So, if in one cPanel account I had 10000 domains as addon domains, I would have 10000 virtual hosts and 10000 certificates, and there wouldn't be any issues with that. Please confirm.
That's correct. Thank you.0 -
Thanks @cPanelMichael. Adding hundreds of addon domains by hand would be painful. Can I somehow add addon domains from a list (so that the certificates are created as well)? 0 -
New Thanks @cPanelMichael. Adding hundreds of addon domains by hand would be painful. Can I somehow add addon domains from a list (so that the certificates are created as well)?
There's no specific feature in cPanel to add multiple addon domain names from a list, but you could develop a custom script that makes use of the following cPanel API 2 function: cPanel API 2 Functions - AddonDomain::addaddondomain - Software Development Kit - cPanel Documentation Thank you.0 -
Hi @cPanelMichael, I indeed wrote the script and added 500+ addon domains so far. Seemed like there was an issue with: PM WARN The domain "addon.dom" failed domain control validation: The system queried for a temporary file at ", but the web server responded with the following error: 404 (Not Found). A DNS or web server misconfiguration may exist.
Indeed, my code may have had the server respond with the 404, but cPanel fixed it on its own after a while. So, now I have 500+ certificates in this one cPanel account. Everything works well, except 6 domains are stuck in "AutoSSL Pending Queue". Logs say "The system will attempt to renew SSL certificates for the following websites:" (and then list the 6 domains), but nothing happens. It's been a few hours, and I know that sometimes it may take longer, but something feels not right, considering the fact of the other 500+ being approved quickly. I don't see a way to restart the process for these 6 domains. I tried to search the forum for this stuck issue and I'm not the only one having it, so maybe it would be a good idea to write some fix for that. This issue may be especially problematic during certificate renewals, as it may cause the websites to not being displayed due to the bad certificate warning.0 -
It's been a few hours, and I know that sometimes it may take longer, but something feels not right, considering the fact of the other 500+ being approved quickly. I don't see a way to restart the process for these 6 domains. I tried to search the forum for this stuck issue and I'm not the only one having it, so maybe it would be a good idea to write some fix for that. This issue may be especially problematic during certificate renewals, as it may cause the websites to not being displayed due to the bad certificate warning.
Hello, Could you review the "Logs" tab in "WHM >> Manage AutoSSL" and let us know if you notice any specific error messages for the affected domain names? Thank you.0 -
Michael, I already gave you everything the logs say in my previous message. No errors. 0 -
Feel free to open a support ticket if the pending certificates do not issue within the next several hours so we can take a closer look to see why the validation is failing. Thank you. 0 -
So, together with Michael we came to conclusion the issue is there due to Comodo's bug of treating domains like samurai.cloud as containing a branded name. "icloud", believe it or not. No official confirmation from Comodo yet, but that's nearly 100% sure. Anyway, Comodo is very slow in handling my ticket, and when I created an account at their helpdesk, they emailed me my password. With their slogan that they "create trust". I'm thinking about switching to Let's Encrypt. If I install and set LE as default at WHM, will it replace the Comodo certificates instantly on its own? If not, how can I trigger such process? 0 -
If I install and set LE as default at WHM, will it replace the Comodo certificates instantly on its own? If not, how can I trigger such process?
Hello, It would for new certificates, but existing certificates would not be replaced until they expire. You'd have to manually remove them via "WHM >> Manage SSL Hosts". Thank you.0
Please sign in to leave a comment.
Comments
12 comments