Skip to main content

WHM DNS A Record Not Supported By the SSL

Comments

12 comments

  • cPRex Jurassic Moderator

    Hey hey!  For this record, do you mean whm.subdomain.domain.com? 

    1
  • vatra

    Hey! No, it's whm.domain.com. We recently discussed service subdomains for subdomains, but now I'm talking about the WHM subdomain for a domain.

    0
  • cPRex Jurassic Moderator

    I think the best answer to this is "tradition" - we've just always created that since we don't know how people are going to use their server.  Some people get REALLY attached to the hostname and use that for everything, but some people just pick a domain name and use that to access everything.

    1
  • vatra

    I understand, but whm.domain.com:

    1. Has a DNS A record so people can access it, but it is not protected with SSL.
    2. This is because it's not added as a ServerAlias to the Apache <VirtualHost 1.1.1.1:443>.
    3. The SSL cert actually covers it, but since it's not a ServerAlias, it has no purpose.

    It's not a matter of preference, it doesn't work.

    0
  • cPRex Jurassic Moderator

    Ooooooh I see what you're saying.  Give me a bit to look into this and I'll let you know what I find.

    1
  • vatra

    Solution:

    1. Either add WHM as ServerAlias and A record for resellers only.
    2. Or, add WHM as ServerAlias for domain.com for everyone.
    0
  • cPRex Jurassic Moderator

    I didn't like much of the answers I found internally, so I created case CPANEL-43635 for our developers to review this behavior.  I'll let you know what I hear back once that gets a response!

    1
  • vatra

    Super!

    1
  • vatra

    Please add ftp.domain.com A record to this issue as well, because this one also doesn't have ServerAlias entry and is not protected by the SSL. When you access it through the browser it warns you that it's not secure. So:

    whm.domain.com
    ftp.domain.com

    0
  • cPRex Jurassic Moderator

    The case covers all the service domains :D

    1
  • vatra

    Great! Either way, removing them is fine since they have no default purpose, or including them in the ServerAlias directive gets them covered by the SSL.

    But more A records and Server Aliases that serve no purpose are just a waste of resources and increase confusion.

    1
  • vatra

    This is a very good idea:

    The reseller's main domains: whm, cpanel, webmail, webdisk, cpcalendars, cpcontacts.

    The non-reseller's main domains: cpanel, webmail, webdisk, cpcalendars, cpcontacts.

    All other domains: webmail, webdisk, cpcalendars, cpcontacts.

    0

Please sign in to leave a comment.