AutoSSL, Let's Encrypt, Aliases and subdomains. How to handle them?

[Harikalar Kutusu]

I'm completely new to SSL... I installed it. Now I have questions. I read a lot and got confused.

I have a VDS with about 10 accounts, and I thought 100/vhost limits, renewing limits etc are not an issue.

All of my domains have com/net/org bought, setup as alises and redirected in .htaccess... Example:

I have one example.org (1 certificate)
I also have example.com, example.net, example.org.countrycode as alises. (+4)
Each DNS has own definition, www, mail, ftp defined. (*4)
This makes a total of 20.

example.org has 5 subdomains defined as CNAME's (+5)
It seems www.subdomain CNAME's are also needed or it errors out (+5)
So a total of 30 out of 100 got used for a single domain.

Also when needed, would refreshing limit would make them wait? Or is it a single entity?

What I need is to have SSL on (www.)example.org, mail.example.org and ftp.example.org. Also 5 subdomains of course... Total 9...

How can I handle this? What are my options wiith the current status as of version 60.x?
I cannot remove mail/ftp from alises, AutoSSL gives errors. Is it possible?
Would it be best to park the alises elsewhere?
What else?

I read some debate on this and some feature requests but I cannot decide now.
I have mail SSL connection issues I couldn't fix. Outlook 2016 gives 0x80040900 errors, probably these are related.

Any help and directions are much appreciated.

 

[cPanelMichael]

Hello,

AutoSSL generates certificates based on Virtual Host entries in Apache, not based on DNS records. Thus, if you manually add a CNAME entry, it's not included as part of the AutoSSL feature. We recently published the following document to help explain how your server handles domains and virtual hosts:

How Your Server Handles Domains and Virtual Hosts - cPanel Knowledge Base - cPanel Documentation

In addition, here's a section relevant to your question from our Manage AutoSSL document:

AutoSSL includes corresponding www. domains for each domain and subdomain in the certificate, and those www. domains count towards any domain or rate limits.

• For example, if your domain is example.com, AutoSSL will automatically include www.example.com in the certificate.
• If the corresponding www. domain does not pass a DCV test, AutoSSL will not attempt to secure that www. domain.
• This affects Let's Encrypt's limit of 20 certificates per week that may contain a domain or its subdomains.

Also, take a look at the following document to see how the Domain TLS feature works for services such as email in cPanel version 60:

What is Domain TLS - cPanel Knowledge Base - cPanel Documentation

Thank you.

 

[Harikalar Kutusu]

As indicated, my understanding of vhosts was very wrong indeed.

After carefully examining the settings, everything is going well now.

And the error from Outlook is based on Outlook. I've got rid of it (after so much years) and moved to Thunderbird. Outlook just can't handle 50+ e-mail addresses and got confused by parallel connections.

Thank you...