Hey everyone,
I'll try and explain this as concisely as I can but the entire issue seems very odd to me and I can't find a common linkage. Overnight, we received an email that some subdomains from a newly launched site failed to receive their Cpanel auto SSL Certs claiming that it could not reach the validation file on a server that has nothing to do with us.
[removed - please attach images directly to the thread]
In Cpanel, it shows that the certs were in fact issued by Cpanel for 3 of the domains successfully.
[removed - please attach images directly to the thread]
I did a bit more digging and went to one of the subdomains (autodiscover) and, to my surprise, it had a certificate already installed. Even stranger, it had a LetsEncrypt certificate installed. LetsEncrypt isn't installed as an autoSSL provider on this server at all. And the cert that's installed is for the mail subdomain, not autodiscover.
[removed - please attach images directly to the thread]
Drilling down even deeper I found that the cert sees domain is a subdomain of site that we have no association with. domain.tld
[removed - please attach images directly to the thread]
I went to domain.tld and viewed their cert. It looks like they are using cpanel/letsencrypt to secure that domain and several others. I know this is a bit rambly, but I can't make sense of this situation and it's kind of concerning. Could anyone please shed some light as to what's going on to put my mind at ease?
Thanks!
I'll try and explain this as concisely as I can but the entire issue seems very odd to me and I can't find a common linkage. Overnight, we received an email that some subdomains from a newly launched site failed to receive their Cpanel auto SSL Certs claiming that it could not reach the validation file on a server that has nothing to do with us.
[removed - please attach images directly to the thread]
In Cpanel, it shows that the certs were in fact issued by Cpanel for 3 of the domains successfully.
[removed - please attach images directly to the thread]
I did a bit more digging and went to one of the subdomains (autodiscover) and, to my surprise, it had a certificate already installed. Even stranger, it had a LetsEncrypt certificate installed. LetsEncrypt isn't installed as an autoSSL provider on this server at all. And the cert that's installed is for the mail subdomain, not autodiscover.
[removed - please attach images directly to the thread]
Drilling down even deeper I found that the cert sees domain is a subdomain of site that we have no association with. domain.tld
[removed - please attach images directly to the thread]
I went to domain.tld and viewed their cert. It looks like they are using cpanel/letsencrypt to secure that domain and several others. I know this is a bit rambly, but I can't make sense of this situation and it's kind of concerning. Could anyone please shed some light as to what's going on to put my mind at ease?
Thanks!
Last edited by a moderator:
