WHM DNS A Record Not Supported By the SSL
We know from here that the WHM subdomain is not covered by the SSL (not present in Apache's 443 virtual host), except for the reseller accounts. This is understandable since non-seller accounts don't have access to WHM.
But why does cPanel create a WHM subdomain's DNS A record then? It serves no purpose. If you access it, it triggers the browser's insecure warning. It would be much better to not have it.
-
Hey hey! For this record, do you mean whm.subdomain.domain.com?
1 -
Hey! No, it's whm.domain.com. We recently discussed service subdomains for subdomains, but now I'm talking about the WHM subdomain for a domain.
0 -
I think the best answer to this is "tradition" - we've just always created that since we don't know how people are going to use their server. Some people get REALLY attached to the hostname and use that for everything, but some people just pick a domain name and use that to access everything.
1 -
I understand, but whm.domain.com:
- Has a DNS A record so people can access it, but it is not protected with SSL.
- This is because it's not added as a ServerAlias to the Apache <VirtualHost 1.1.1.1:443>.
- The SSL cert actually covers it, but since it's not a ServerAlias, it has no purpose.
It's not a matter of preference, it doesn't work.
0 -
Ooooooh I see what you're saying. Give me a bit to look into this and I'll let you know what I find.
1 -
Solution:
- Either add WHM as ServerAlias and A record for resellers only.
- Or, add WHM as ServerAlias for domain.com for everyone.
0 -
I didn't like much of the answers I found internally, so I created case CPANEL-43635 for our developers to review this behavior. I'll let you know what I hear back once that gets a response!
1 -
Super!
1 -
Please add ftp.domain.com A record to this issue as well, because this one also doesn't have ServerAlias entry and is not protected by the SSL. When you access it through the browser it warns you that it's not secure. So:
whm.domain.com
ftp.domain.com0 -
The case covers all the service domains :D
1 -
Great! Either way, removing them is fine since they have no default purpose, or including them in the ServerAlias directive gets them covered by the SSL.
But more A records and Server Aliases that serve no purpose are just a waste of resources and increase confusion.
1 -
This is a very good idea:
The reseller's main domains: whm, cpanel, webmail, webdisk, cpcalendars, cpcontacts.
The non-reseller's main domains: cpanel, webmail, webdisk, cpcalendars, cpcontacts.
All other domains: webmail, webdisk, cpcalendars, cpcontacts.
0
Please sign in to leave a comment.
Comments
12 comments