The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

AutoSSL for proxy / subdomains such as whm cpanel and webmail

Discussion in 'Security' started by Mike_ACC, Nov 16, 2016.

Tags:
  1. Mike_ACC

    Mike_ACC Member

    Joined:
    Nov 20, 2015
    Messages:
    14
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    UK
    cPanel Access Level:
    Root Administrator
    I think I may be confused by wording. In this blog post SSL certificate per domain on cpanel, webmail, dav, caldav, and whm services (SNI). from benny@cpanel it says "cPanel, WHM, webmail, webdav and caldav all use domain-specific SSLs now.". However it also says (later) proxy subdomains are not included. My main domain gets SSL no problem but whm.domain reports certificate error. I raised this with support and they suggested to remove the A record for whm and recreate it as a subdomain.

    Does this mean that whm. cpanel. etc are considered as proxy subdomains and, therefore, not currently supported by AutoSSL?
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,064
    Likes Received:
    1,288
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello @Mike_ACC,

    cPanel version 60 introduced the Domain TLS functionality to provide SNI functionality for the following services (including mail.domain.tld subdomain):

    • cpsrvd — cPanel, WHM, and Webmail logins and interfaces.
    • cpdavd — Calendar, Contacts, and Web Disk services.
    • exim — Mail transfer and receiving services.
    • dovecot — Mailbox service.
    For instance, someone browsing to domain.tld/cpanel would benefit from this. AutoSSL support for proxy subdomains (e.g. cpanel.domain.tld) is not yet available. That's planned for the future, and can be tracked at:

    Allow to make certificate for subdomains like cPanel.example.com and mail.Example.com

    Thank you.
     
  3. Mike_ACC

    Mike_ACC Member

    Joined:
    Nov 20, 2015
    Messages:
    14
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    UK
    cPanel Access Level:
    Root Administrator
    Ah, light dawns. So mydomain.tld/webmail and mydomain.tld/cpanel (for example) should work "out of the box" with AutoSSL (as does the :2083 :2087 port connections). But if I wanted to use webmail.mydomain.tld I have to do the workround suggested by support and set it up as subdomain.
    Thanks for the illumination.
     
    cPanelMichael likes this.
Loading...

Share This Page