AutoSSL for proxy / subdomains such as whm cpanel and webmail

[Mike_ACC]

I think I may be confused by wording. In this blog post SSL certificate per domain on cpanel, webmail, dav, caldav, and whm services (SNI). from [email protected] it says "cPanel, WHM, webmail, webdav and caldav all use domain-specific SSLs now.". However it also says (later) proxy subdomains are not included. My main domain gets SSL no problem but whm.domain reports certificate error. I raised this with support and they suggested to remove the A record for whm and recreate it as a subdomain.

Does this mean that whm. cpanel. etc are considered as proxy subdomains and, therefore, not currently supported by AutoSSL?

 

[cPanelMichael]

Hello @Mike_ACC,

cPanel version 60 introduced the Domain TLS functionality to provide SNI functionality for the following services (including mail.domain.tld subdomain):

• cpsrvd — cPanel, WHM, and Webmail logins and interfaces.
• cpdavd — Calendar, Contacts, and Web Disk services.
• exim — Mail transfer and receiving services.
• dovecot — Mailbox service.

For instance, someone browsing to domain.tld/cpanel would benefit from this. AutoSSL support for proxy subdomains (e.g. cpanel.domain.tld) is not yet available. That's planned for the future, and can be tracked at:

Allow to make certificate for subdomains like cPanel.example.com and mail.Example.com

Thank you.

 

[Mike_ACC]

Ah, light dawns. So mydomain.tld/webmail and mydomain.tld/cpanel (for example) should work "out of the box" with AutoSSL (as does the :2083 :2087 port connections). But if I wanted to use webmail.mydomain.tld I have to do the workround suggested by support and set it up as subdomain.
Thanks for the illumination.