AutoSSL providing incorrect SSL for a subdomain

[madnoob2]

Hello. I've just created a subdomain that will host my wordpress site (https://blog.mydomain.com)
I've run AutoSSL and it has done it's job of assigning a SSL certificate to the subdomain. However the certificate is showing errors :

The security certificate presented by this website was issued for a different website's address.

I've run it on SSL checker , and I got the following issue :
None of the common names in the certificate match the name that was entered (blog.mydomain.com). You may receive an error when accessing this site in a web browser.
Common name: main.mydomain.com
SANs: main.mydomain.com, www.main.mydomain.com
Valid from April 16, 2017 to April 17, 2018
Serial Number: serialnumberedited
Signature Algorithm: sha256WithRSAEncryption
Issuer: cPanel, Inc. Certification Authority

The main.mydomain.com is the domain of my cPanel. When I run the SSL checker for my domain (mydomain.com) it works fine , common name is mydomain.com and SANs are also mydomain.com .
Why was the certificate issued with main. common name and SANs? I think that is the problem , but then again I have no ideas how SSL work.

 

[cPanelMichael]

Hello @madnoob2,

We introduced new functionality in cPanel version 64 to better establish which domains to add to the certificate first. Here's the corresponding quote from the cPanel 64 Release Notes:

AutoSSL now sorts domains for a certificate intelligently
In cPanel & WHM version 64, AutoSSL now uses a sort algorithm to establish which domains to add to the certificate first. This sort order ensures that the system adds the domains that customers will most likely visit to the certificate first, if the certificate reaches the domain limit. For example, customers most likely intend to navigate to example.com versus www.subdomain.example.com. For more information, read the Which domains does AutoSSL add to the certificate first? section of our Manage AutoSSL documentation.

In cPanel & WHM version 64, the AutoSSL sort algorithm will select a domain of 64 bytes or fewer to enter in the commonName field of the SSL certificate if such a domain exists on the virtual host. Additionally, AutoSSL adds proxy subdomains to automatically generated SSL certificates.

This is further explained on the following document:

Which Domain Does AutoSSL Add To The Certificate First

However the certificate is showing errors :

The security certificate presented by this website was issued for a different website's address.

Could you verify which version of cPanel is installed on this system? Also, how are you reproducing the above error message?

Thank you.

 

[madnoob2]

Hello @madnoob2,

We introduced new functionality in cPanel version 64 to better establish which domains to add to the certificate first. Here's the corresponding quote from the cPanel 64 Release Notes:


This is further explained on the following document:

Which Domain Does AutoSSL Add To The Certificate First



Could you verify which version of cPanel is installed on this system? Also, how are you reproducing the above error message?

Thank you.

Hi Michael.
I've got version 64.0 (build 19) installed currently. That error is reproduced when visiting the https://blog.mydomain.com on IE. Mozilla also reports it , but can't remember the exact error since I added the certificate exception for the blog in Mozilla.

 

[madnoob2]

The issue seemed to resolve itself after rebooting the server.

 

[cPanelMichael]

Hello,

It's possible the issue was related to cached data, however it's difficult to know for sure since the reboot addressed the issue. Let us know if you encounter any additional problems going forward.

Thank you.

 

[mec-forum]

Hello, I've got an self-signed SSL error with whm.my-domain.com
Is there a way to force-update the certificate for system subdomains to a valid AutoSSL-provided one?

 

[SS-Maddy]

Hello @mec-forum

Did you go through the cPanel documentation which helps you to issue free cPanel certificate for your WHM / cPanel related services. Once you login to WHM, you will see a feature "Manage Service SSL certificates" and that screen is self explanatory. Go for the last option.

Manage Service SSL Certificates | cPanel & WHM Documentation

This interface allows you to manage certificates for your server's services.

docs.cpanel.net

 

[mec-forum]

I've done everything. I'm just wondering if I have a misconception about the whm.* subdomain being a system one.
I was looking for an url I can use to login to whm or cpanel without adding the port number.

 

[cPRex]

@mec-forum - if your hostname resolves properly in DNS, I would expect cPanel to issue the SSL normally. You can try running this command to force that to happen at any time:

/usr/local/cpanel/bin/checkallsslcerts