AutoSSL setup process redirects new website to another domain name on server?

Hi Jim,

Accessing a new domain name over SSL should not result in the website loading the SSL contents of another domain name. That should only occur if you were accessing the website via it's IP address, or if you've turned off the following option under the "Security" tab in "WHM >> Tweak Settings":

Generate a self signed SSL certificate if a CA signed certificate is not available when setting up new domains

Per it's description:

When you create a new domain, cPanel will apply the best available certificate (CA signed); otherwise cPanel will apply a self-signed SSL certificate and request a new certificate via AutoSSL if it is enabled. Warning: If you disable this option, and a CA signed certificate is not available, when a user attempts to visit the newly created domain over https, the user will see the first SSL certificate installed on that IP address. Warning: If you enable this option and do not have a CA signed certificate or AutoSSL enabled, Google search results may point to the SSL version of the site with a self-signed certificate, which will generate warnings in the users’ browser. To avoid both of these concerns, we strongly recommend that you enable AutoSSL.

Have you turned this option off on this system?

Thank you.

 

It's normal to see that behavior when installing SSL certificates on shared IP addresses due to the way SNI works. We document methods to address this on our SSL FAQ document:

My certificate installed, but visitors who try to securely access other sites on the shared IP address can only see the site with an installed SSL certificate, not my default domain.

AutoSSL can replace self-signed certificates automatically if you enable the following feature under the "Options" tab in "WHM >> Manage AutoSSL":

Allow AutoSSL to replace invalid or expiring non-AutoSSL certificates.

Per it's description:

This option will allow AutoSSL to replace certificates that the AutoSSL system did not issue. When you enable this option, AutoSSL will install certificates that replace users’ CA-issued certificates if they are invalid or expire within 3 days.

Unless you fully understand this option, do not select it, because the system could unexpectedly replace an expiring or invalid EV or OV certificate with a DV certificate.

As far as the automatic self-signed SSL certificate setup, is the system attempting to generate an AutoSSL certificate for the new domain name upon account creation, and does that initial attempt to do so fail? Or, do you have AutoSSL disabled for new accounts?

Thank you.

 

Hi Mark,

This should not happen unless the following feature is disabled under the Security tab in WHM >> Tweak Settings:

Generate a self signed SSL certificate if a CA signed certificate is not available when setting up new domains.

When that feature is disabled, it's possible a period of time will exist where no SSL certificate is installed for the domain name. Since it can sometimes take a few hours for the AutoSSL validation process to occur, that would leave the domain name with no certificate for a few hours and thus you'd notice the reported behavior.

Can you provide more details about how you are verifying the AutoSSL certificate was installed for the domain name?

Thank you.