Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

SOLVED AutoSSL only for subdomain?

Discussion in 'Security' started by Malachi, Feb 12, 2018.

Tags:
  1. Malachi

    Malachi Registered

    Joined:
    Feb 12, 2018
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Ohio
    cPanel Access Level:
    Root Administrator
    Not sure if this is possible, and if it is how.. but here's the deal:
    I have a domain (www) that has a regular SSL certificate (not a free one). That ssl certificate is just for the www and non-www part of the domain. So far so good.

    However.... I have a subdomain (let's call it "blog") that therefore has no certificate. I want to use the Autossl feature for this. The blog has been set up as a subdomain of the domain, so it does not have it's own "account" within WHM.
    Is it possible to use the Let's Encrypt/Comodo free certificate for this through the Autossl feature? And if so, how?
     
  2. Malachi

    Malachi Registered

    Joined:
    Feb 12, 2018
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Ohio
    cPanel Access Level:
    Root Administrator
    I found the answer in another thread: Paid SSL on Domain, Free AutoSSL on Subdomains?

    Thanks for your response... the link I just gave has the answer. Note however, that the "security" block can be found in the individual account... in case you have a reseller account with a bunch of accounts in it.
    Second note: Besides this.. if you have a regular SSL certificate installed, simply turn on the AutoSSL for that domain anyway, but make sure you have the checkbox unchecked that says "Allow AutoSSL to replace invalid or expiring non-AutoSSL certificates." (This option will allow AutoSSL to replace certificates that the AutoSSL system did not issue. When you enable this option, AutoSSL will install certificates that replace users’ CA-issued certificates if they are invalid or expire within 3 days.)
    Therefore, any installed certificates will stay where they are and AutoSSL will not replace those. AutoSSL will take care of subdomains that need a certificate though...
     
  3. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,806
    Likes Received:
    1,898
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    I'm glad to see you found the solution. Thank you for sharing the outcome.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. samgreco

    samgreco Member

    Joined:
    Sep 7, 2008
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    51
    Strange. Just did this and AutoSSL does not seem to want to overwrite the cert. I get "
    The installed certificate does not cover this domain. The certificate will not renew via AutoSSL because it was not issued via AutoSSL"

    And of course, this is one of the domains that we actually use the webservers email. And the mail and webmail. are 2 of the subdomains that AutoSSL won't renew.

    Any thoughts?
     
  5. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,806
    Likes Received:
    1,898
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @samgreco,

    Can you provide some more information about the specific scenario you are facing so we can attempt to reproduce it on a test environment? Please include information about how the additional domain names are configured (e.g. subdomains, aliases), and verify which domain names you are excluding.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. wintech2003

    wintech2003 Active Member
    PartnerNOC

    Joined:
    Sep 15, 2010
    Messages:
    28
    Likes Received:
    1
    Trophy Points:
    53
    Location:
    Greece
    cPanel Access Level:
    DataCenter Provider
    I checked out both threads but unfortunately they didn't help in my case (which I believe is the same as yours here though)

    Here's my SSL/TLS Status page:
    [​IMG]

    As you see I have an OV certificate for domain.com / www.domain.com and what I would like is to have AutoSSL generate an SSL for mail.domain.com
    There are no checkboxes next to the domains, in order to include/exclude domains from AutoSSL, and when I run AutoSSL this is the log output in WHM:

    Code:
     11:40:48 AM AutoSSL’s configured provider is “cPanel (powered by Comodo)”.
     This AutoSSL provider does not poll for certificate availability immediately after a certificate request submission. Instead, it submits certificate requests then periodically polls the cPanel Store for each requested certificate and installs it after a successful retrieval. The system will record all requests, retrievals, and installations for the current AutoSSL run in this log.
     Checking websites for “xxxxxxxx” …
     11:40:48 AM Analyzing “xxxxxxxx.com” …
     11:40:48 AM TLS Status: Incomplete
     Certificate expiry: 9/14/19, 12:00 AM UTC (360.64 days from now)
     Issuer: commonName=COMODO RSA Organization Validation Secure Server CA, organizationName=COMODO CA Limited, localityName=Salford, stateOrProvinceName=Greater Manchester, countryName=GB
     Impediment: CERTIFICATE_IS_EXTERNALLY_SIGNED: The certificate is neither self-signed nor from AutoSSL.
     11:40:48 AM The system has completed the AutoSSL check for “xxxxxxxx”.
    Any ideas?
     
  7. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,806
    Likes Received:
    1,898
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice