Add AutoSSL to Email?

[chaosm]

Hi i have my domain with and ssl from comodo.
This ssl does not provide a certificate for email.

Only for the domain. I use this for my eshop.
So the email is without ssl.

Is possible to add a free ssl from cpanel only for the email or i have to buy it from comodo?

Thanks

 

[cPanelLauren]

The SSL provided for your domain does in fact provide means to connect securely over an encrypted connection to the server using TLS when you use a domain covered by the SSL certificate as the incoming/outgoing mail server. What has led you to come to the conclusion that it does not? Please provide detailed replication steps if possible.

 

[chaosm]

The SSL provided for your domain does in fact provide means to connect securely over an encrypted connection to the server using TLS when you use a domain covered by the SSL certificate as the incoming/outgoing mail server. What has led you to come to the conclusion that it does not? Please provide detailed replication steps if possible.

Thanks for your reply.
Comodo provides me an SSL that is about the domain and doesn't include for email.

I attached an image.
Sorry if i am wrong but i am totally new to this.
Thanks

 

[cPanelLauren]

I see, the real issue here is going to be finding out why mail.domain.tld didn't get included as a SAN (subject alternate name) on the certificate. Does the domain resolve? In most cases mail.domain.tld is a CNAME for domain.tld but it should still resolve. A test you can do with root access to the server via CLI is run the following script:


/scripts/cpdig mail.domain.tld A



If you don't get an IP address as a result of this (it will provide one whether or not it's a CNAME for this purpose) then you'll know that there is an issue with the DNS of the domain.

 

[chaosm]

I see, the real issue here is going to be finding out why mail.domain.tld didn't get included as a SAN (subject alternate name) on the certificate. Does the domain resolve? In most cases mail.domain.tld is a CNAME for domain.tld but it should still resolve. A test you can do with root access to the server via CLI is run the following script:


/scripts/cpdig mail.domain.tld A



If you don't get an IP address as a result of this (it will provide one whether or not it's a CNAME for this purpose) then you'll know that there is an issue with the DNS of the domain.

Thanks for your reply.
I run this command and returned the ip of my server.
For this domain only i pay a comodo ssl which it is for the domain as i remember. Doesn't include the email.

I

 

[cPanelLauren]

I see, I believe I misunderstood what the initial issue was - it's not that AutoSSL didn't issue the certificate for your subdomain, it's that your purchased certificate isn't including the mail. subdomain and unless the subdomain is added *as* a subdomain within the account AutoSSL will not look at it a free certificate for it.

To resolve this I'd do one of the following:

* Add the subdomain to the account which will require removing the CNAME record in the DNS zone file for it.

* Request comodo add the subdomain to the certificate, this could come with an additional cost though.