Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

AutoSSL for proxy subdomains when root domain exists elsewhere

Discussion in 'Security' started by Jcats, Jun 21, 2017.

Tags:
  1. Jcats

    Jcats Well-Known Member

    Joined:
    May 25, 2011
    Messages:
    720
    Likes Received:
    123
    Trophy Points:
    168
    Location:
    New Jersey
    cPanel Access Level:
    DataCenter Provider
    Scenario..

    domain.com resides on a different server than cPanel.
    domain.com's mail is handled on the cPanel server.

    I want AutoSSL to generate SSL's for proxy subdomains like cpanel.domain.com and webmail.domain.com however its failing because cPanel cannot verify the domain. Anyway around this?

    Code:
     2:11:38 PM This system has AutoSSL set to use “Let’s Encrypt™”.
 2:11:38 PM Checking websites for “domain” …
 2:11:39 PM The website “domain.com”, owned by “domain”, has a valid SSL certificate, but additional SSL coverage may be possible for the domains “webdisk.domain.com”, “cpanel.domain.com”, “webmail.domain.com”, and “autodiscover.domain.com”. The system will attempt to replace this certificate with one that includes these additional domains.
 2:11:39 PM WARN The domain “domain.com” failed domain control validation: The system queried for a temporary file at “<a href="http://domain.com/.well-known/acme-challenge/K93X_G426ZJ5TP8BDZMI_1N9WA5BR96-">http://domain.com/.well-known/acme-challenge/K93X_G426ZJ5TP8BDZMI_1N9WA5BR96-</a>”, but the web server responded with the following error: 404 (Not Found). A <abbr title="Domain Name System">DNS</abbr> or web server misconfiguration may exist. The domain “domain.com” resolved to an IP address “1.1.1.1” that does not exist on this server.
 2:11:39 PM WARN The current SSL certificate for “domain.com” secures the domain “domain.com”. However, this domain failed local domain control validation. In order to maintain SSL domain coverage for this domain, the system will not attempt to replace the current certificate.
 2:11:39 PM The system has completed the AutoSSL check for “domain”.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #1 Jcats, Jun 21, 2017
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,384
    Likes Received:
    1,951
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    As I understand, the AutoSSL feature should still issue a certificate for the proxy subdomains when the parent domain name resolves to an IP outside of the server.

    Do you already have an existing SSL certificate installed on the domain name on the cPanel server, even though it resolves elsewhere?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 cPanelMichael, Jun 21, 2017
  3. Jcats

    Jcats Well-Known Member

    Joined:
    May 25, 2011
    Messages:
    720
    Likes Received:
    123
    Trophy Points:
    168
    Location:
    New Jersey
    cPanel Access Level:
    DataCenter Provider
    There was an SSL so I removed it completely and am running AutoSSL, now getting:

    Code:
    10:42:30 PM The system will attempt to renew SSL certificates for the following websites:
 10:42:30 PM domain.com (webmail.domain.com)
 10:42:35 PM WARN (XID dsh7r9) The system failed to install an SSL certificate onto the website “domain.com” because of the following error: The certificate does not support the domain “domain.com”. It supports this domain: webmail.domain.com.
 10:42:35 PM The system has completed the AutoSSL check for “domain”.
    No certificate has been created.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #3 Jcats, Jun 21, 2017
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,384
    Likes Received:
    1,951
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    Internal case CPANEL-13308 is open to address an issue where SSL certificates that are issued for the proxy subdomains (but don't contain the main domain) will not install on the server in WHM/cPanel.

    As far as manually installing the certificate for the proxy subdomain via the cPanel and WHM user interfaces, the following resolution in cPanel 64.0.27 should allow you to do this:

    Fixed case CPANEL-13363: Make SSL install UIs handle mail and proxy subdomains.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #4 cPanelMichael, Jun 22, 2017
    Last edited: Jul 26, 2017
(You must log in or sign up to post here.)
Loading...
Similar Threads - AutoSSL proxy subdomains
  1. kylejlarson

    How To Remove Proxy Subdomains for AutoSSL

    kylejlarson, Dec 14, 2017, in forum: Security
    Replies:
    2
    Views:
    574
    cPanelMichael
    Dec 15, 2017
  2. Vijai

    Adding autossl for proxy domain

    Vijai, Apr 22, 2018, in forum: Security
    Replies:
    5
    Views:
    634
    Jcats
    Apr 29, 2018
  3. jamiepenner

    SOLVED AutoSSL Proxy Subdomain Validation [case CPANEL-18074]

    jamiepenner, Feb 21, 2018, in forum: General Discussion
    Replies:
    3
    Views:
    641
    cPanelMichael
    Feb 21, 2018
  4. Spork Schivago

    AutoSSL and proxy subdomain support.

    Spork Schivago, Jan 24, 2017, in forum: Security
    Replies:
    4
    Views:
    1,024
    Spork Schivago
    Jan 24, 2017
  5. Sachin James

    AutoSSL for each domain or account?

    Sachin James, Dec 7, 2018 at 7:09 AM, in forum: Security
    Replies:
    4
    Views:
    130
    Sachin James
    Dec 8, 2018 at 1:07 AM

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice