Skip to main content

Auto SSL Certificate Common Name (CN)

Comments

15 comments

  • cPRex Jurassic Moderator

    Hey there!  Unfortunately there is no way to choose what the CN is in the certificate as it ultimately shouldn't matter to any browser-based tools.  Is this causing a specific issue with your certificate?

    0
  • udayasl

    It's not a technical issue, but I find it unattractive to see a subdomain with a personal name appear as the CN in the certificate visible to the public.

    There are several subdomains on my website. If I had the option to use the main domain as the CN for both the main domain and all the subdomains, it would look nice and clean.

    0
  • cPRex Jurassic Moderator

    Could you submit a feature request for this over at features.cpanel.net?  Right now there isn't a way to control this, but it might be something we're interested in adding.  If you aren't able to do that, I'm happy to submit that idea for you if you'd like.

    0
  • udayasl

    Okay, I will work on the feature request right now. Thank you.

    0
  • cPRex Jurassic Moderator

    You're very welcome!

    0
  • markus909

    Can I find this feature request in public to follow? I am facing the same .. Maybe this does not matter at all in real life, but when you are troubleshooting some SSL / Cloudflare topics and related issues you need to exclude everything - I checked all non-cPanel hostings I have access to, and it's only cPanel doing it this "unclean" way.

    Could I workaround it? e.g. delete the SSL, exclude all subdomains and only include root domain and www, run AutoSSL, later include the rest again, run AutoSSL again

     

    0
  • cPRex Jurassic Moderator

    markus909 - individual requests and comments aren't made public, but you're welcome to submit your idea/concern as well and I'll get that to the proper team.

    There is no guarantee that the method you mention will keep the same CN as it will issue a completely different certificate and not just add to the existing one.

    0
  • markus909

    I just added it as a feature request

    About my workaround idea: if I only include the main domain and the www-domain for AutoSSL and not any other subdomain then it must work. That means you are saying, when I go for the second run to run AutoSSL again then this will create a completely new certificate (bringing me to the very same situation again)

    It's odd that cPanel does it this way. Haven't noticed this anywhere else.

    0
  • cPRex Jurassic Moderator

    Sure, if it was just the main domain and www, that would limit things greatly.  If it was limited in a future run I would expect the same behavior to happen, but if other domains are added there's no guarantee what shows up first.

    0
  • cPRex Jurassic Moderator

    markus909 - I did want to confirm that I see that request and I'll make sure it gets in front of the SSL team!

    0
  • markus909

    Thanks a lot 

    0
  • cPRex Jurassic Moderator

    Sure thing!

    0
  • tppweb

    I ran into the same issue on a new server today. My client called me on it complaining that the auto SSL subdomain Lets Encrypt selected was one that was not supposed to be public and he had concerns. My entire team could not work out how to resolve this issue. So the end result was to temporarily delete the subdomain, rerun the auto SSL, then add the subdomain back in. Still has an issue with it selecting a subdomain as the main CN for the SSL though.

    The strange thing is I checked several domains on one of our other servers that is using Lets Encrypt, and it doesn't have the same issue. All of the CNs are the main domain.

    0
  • markus909

    I didn't communicate this to my clients, becaus it probably does not matter at all in real life. But it gives it a very bad look. I have only seen it with cPanel and no other hosting / management platform. 

    Too bad that the workaround (temporarily delete the subdomain + rerun AutoSSL) did not work as expected. This was also my planned workaround for this

    0
  • cPRex Jurassic Moderator

    Thanks for that feedback - I've added both of those thoughts to the feature request and I'm going to bring this up with the team again during our meeting Friday.

    0

Please sign in to leave a comment.