chaosm

Member
Dec 7, 2016
6
0
1
Greece
cPanel Access Level
Root Administrator
Hi i have my domain with and ssl from comodo.
This ssl does not provide a certificate for email.

Only for the domain. I use this for my eshop.
So the email is without ssl.

Is possible to add a free ssl from cpanel only for the email or i have to buy it from comodo?

Thanks
 

cPanelLauren

Forums Analyst II
Staff member
Nov 14, 2017
6,762
535
263
Houston
cPanel Access Level
DataCenter Provider
The SSL provided for your domain does in fact provide means to connect securely over an encrypted connection to the server using TLS when you use a domain covered by the SSL certificate as the incoming/outgoing mail server. What has led you to come to the conclusion that it does not? Please provide detailed replication steps if possible.
 

chaosm

Member
Dec 7, 2016
6
0
1
Greece
cPanel Access Level
Root Administrator
The SSL provided for your domain does in fact provide means to connect securely over an encrypted connection to the server using TLS when you use a domain covered by the SSL certificate as the incoming/outgoing mail server. What has led you to come to the conclusion that it does not? Please provide detailed replication steps if possible.
Thanks for your reply.
Comodo provides me an SSL that is about the domain and doesn't include for email.

I attached an image.
Sorry if i am wrong but i am totally new to this.
Thanks
 

Attachments

cPanelLauren

Forums Analyst II
Staff member
Nov 14, 2017
6,762
535
263
Houston
cPanel Access Level
DataCenter Provider
I see, the real issue here is going to be finding out why mail.domain.tld didn't get included as a SAN (subject alternate name) on the certificate. Does the domain resolve? In most cases mail.domain.tld is a CNAME for domain.tld but it should still resolve. A test you can do with root access to the server via CLI is run the following script:


/scripts/cpdig mail.domain.tld A



If you don't get an IP address as a result of this (it will provide one whether or not it's a CNAME for this purpose) then you'll know that there is an issue with the DNS of the domain.
 
  • Like
Reactions: chaosm

chaosm

Member
Dec 7, 2016
6
0
1
Greece
cPanel Access Level
Root Administrator
I see, the real issue here is going to be finding out why mail.domain.tld didn't get included as a SAN (subject alternate name) on the certificate. Does the domain resolve? In most cases mail.domain.tld is a CNAME for domain.tld but it should still resolve. A test you can do with root access to the server via CLI is run the following script:


/scripts/cpdig mail.domain.tld A



If you don't get an IP address as a result of this (it will provide one whether or not it's a CNAME for this purpose) then you'll know that there is an issue with the DNS of the domain.
Thanks for your reply.
I run this command and returned the ip of my server.
For this domain only i pay a comodo ssl which it is for the domain as i remember. Doesn't include the email.

I
 

cPanelLauren

Forums Analyst II
Staff member
Nov 14, 2017
6,762
535
263
Houston
cPanel Access Level
DataCenter Provider
I see, I believe I misunderstood what the initial issue was - it's not that AutoSSL didn't issue the certificate for your subdomain, it's that your purchased certificate isn't including the mail. subdomain and unless the subdomain is added *as* a subdomain within the account AutoSSL will not look at it a free certificate for it.

To resolve this I'd do one of the following:

* Add the subdomain to the account which will require removing the CNAME record in the DNS zone file for it.

* Request comodo add the subdomain to the certificate, this could come with an additional cost though.