Skip to main content
cPanel Technical Support has been heavily impacted by hurricane Beryl and our ability to respond to tickets has been hindered as a result. We appreciate your understanding and patience as we address these delays.

Multiple overlapping SSL certificates

Comments

5 comments

  • cPRex Jurassic Moderator

    Hey there!  On a cPanel server, you can only have one SSL certificate per vhost, so I'm not entirely sure what is happening in the situation you describe.

    cPanel also has the AutoSSL tool, https://docs.cpanel.net/whm/ssl-tls/manage-autossl/, which provides a free SSL certificate to all domains on the system.

    I can't comment on the specific SSL that you purchased because I don't know what type of domains it was designed to cover, but in general:

    -you can install the SSL certificate on the server and it will cover the domain it is purchased for
    -if it is a wildcard SSL you may need to install it for each subdomain you want covered
    -if there are separate domains or subdomains on a separate vhost, they would not be affected by this work.

    0
  • museumgeek

    Thanks for your response, dPRex!

    It sounded like I'd be ok to install the new certificate, since as far as I can tell from the cPanel documentation, all of our subdomains should be on separate vhosts.

    However, installing the new cert has left a few subdomains not covered, and I'm not sure why these and no others seem to be affected. Here are the 4 certs currently on our account - I put an "x" after the ones that are returning security warnings in the browser:

    Certificate #1, expires 6/24:
    mydomain.org
    files.mydomain.org
    subdomain1.mydomain.org
    subdomain2.mydomain.org
    subdomain3.mydomain.org
    www.mydomain.org
    www.files.mydomain.org
    www.subdomain1.mydomain.org
    www.subdomain2.mydomain.org
    www.subdomain3.mydomain.org

    Certificate #2, expires 7/24:
    mydomain.org
    mail.mydomain.org x
    www.mydomain.org

    Certificate #3, expires 2/2025:
    mydomain.org
    subdomain5.mydomain.org
    subdomain6.mydomain.org 

    Reissued certificate #3, expires 2/25:
    mydomain.org
    subdomain4.mydomain.org x
    subdomain5.mydomain.org
    subdomain6.mydomain.org 
    staging.mydomain.org x
    www.mydomain.org
    www.subdomain4.mydomain.org x
    www.subdomain5.mydomain.org x
    www.subdomain6.mydomain.org x

    It seems like the safest/cleanest solution would be to reissue certificate #4 (the re-issued #3) to include ALL of our subdomains with www variations. Except maybe www.staging.mydomain.org, since I'm the only one who uses it. And install that, and delete all of the other certificates.

    Does that make sense?

    Thanks!

    0
  • cPRex Jurassic Moderator

    That certainly sounds correct, but is there a reason you can't use AutoSSL?  It's free, it's automatic, and covers every domain on the server.

    0
  • museumgeek

    Thanks for suggesting AutoSSL, I guess I need to read up on that. But, as I understand it, cPanel is now using Let's Encrypt by default instead of Sectigo,

    And I've more or less been told not to use Let's Encrypt certs by our tech support folks, "because they are not always in the browser’s trusted certificate authority list."

    Also, I don't see how to manage AutoSSL in cPanel, and unfortunately, I don't have a login for WHM. But if this looks like what we should be doing, I can request that.

    Thanks for all your help!

     

     

    0
  • cPRex Jurassic Moderator

    Interesting - I've never heard that complaint about Let's Encrypt as they are a *major* certificate authority.  I just think it would be easier long-term than trying to manually manage all those different SSL certificates, and much cheaper for you.

    You should have options under the SSL/TLS Status page, if you can see that area of the interface in your cPanel.

    0

Please sign in to leave a comment.