Auto SSL notifications for subdomains like mail with external DNS settings

[go4]

Hi,

We have a bunch of account with external DNS, MX records being the most common, and hence get a stack of system emails. Using Let's Encrypt.

[domain.com] Potential reduced AutoSSL coverage

To provide you with more time to resolve these problems, AutoSSL will defer the renewal until xxx.

AutoSSL did not renew the certificate for “domain.com”. You must take action to keep this site secure.

The “LetsEncrypt” AutoSSL provider could not renew the SSL certificate without a reduction of coverage because of the following problem:

domain.com
DNS DCV: No local authority: “mail.domain.com”; HTTP DCV: The system failed to fetch the DCV (Domain Control Validation) file at

I understand it's possible in WHM to turn off AutoSSL notifications to admin or user for failures or warnings.
Seeking a couple of clarifications here:

1. If we turn notifications to failures only will this stop these emails?
1a. What exactly is the difference between a failure and warning?
1b. Does using this setting mean that any other potential issues, aside from these, would be missed and a notification would only be sent when cert expires?

2. Is there a way to specify subdomains per account to exclude?

Thanks.

 

[cPRex]

Hey there!

1 - We have an option in WHM specifically for those messages: "AutoSSL has renewed a certificate, but the new certificate lacks at least one domain that the previous certificate secured." If those were the only ones you wanted to stop, that is the best way to do that.
1a - Failures are something that keeps the process from running completely, while warnings indicate the process completed but my have data you want to review.
1b - Not if you only select the specific option I mention above. If you chose some of the other options (there's several available) that could potential keep you from seeing important notifications.
2 - Yes - if you go in to cPanel >> SSL/TLS Status you can choose what specific domains and subdomains will be included in the AutoSSL run.

 

[go4]

Thanks @cPRex,

Appreciate the response.

1 - We have an option in WHM specifically for those messages: "AutoSSL has renewed a certificate, but the new certificate lacks at least one domain that the previous certificate secured." If those were the only ones you wanted to stop, that is the best way to do that.

Where is that option?

 

[cPRex]

Whoops - sorry for not being more specific on that. That would be in WHM >> Contact Manager under the "Notifications" tab.

 

[go4]

Thank you!

 

[cPRex]

You're welcome!