AutoSSL- Subdomains Getting Split Across Multiple Certificates

Hello,

I have a WordPress multisite with about 50 subdomains in total (including the "www" versions). Due to circumstances with my CDN service, I need to have all of these subdomains (and the parent domain) issued as one combined SSL certificate so that I can upload it to the CDN's system.

According to what I've read, the limit for domains on a single SSL is 100. However, in my case (using AutoSSL with Let's Encrypt), they seem to be getting split into groups of 24, resulting in a total of 3 certificates for me. I can see the 3 certificates in WHM's "SSL Storage Manager."

In other words, even though all of the requests for the domains/subdomains are occurring at once, they are getting split up into 3 certificates, whereas I need to have them all combined into one.

I've tested this a couple times by deleting all existing "SSL hosts" (WHM > Manage SSL Hosts) and re-doing the request, by the result is the same every time.

Any advice would be greatly appreciated.

Thank you,
JP

 

Hi Michael,

Thank you for the reply and the link to the article!

The subdomains are added as their own separate subdomains in the parent site's cPanel account > Subdomains area.

I just tried using cPanel (Comodo) as the AutoSSL certificate provider and that actually resulted in separate certificates for every subdomain. Each individual certificate only shows the "www" and "non-www" version of a single subdomain. So instead of 3 certificates, I now have 26.

Ideally, I'd like to combine them into just a single certificate. Are you saying that it may be possible to do this by using domain aliases instead of subdomains?

Thank you,
JP

 

I happen to have a development version of the site at "dev.sitename.net" (in a separate "dev" directory outside of the parent site's /public_html folder). I set up an alias for that but it keeps redirecting to the parent site. I think this is probably what you were referring to, correct?

Is there any way to set up aliases for a "dev" site like this without separating out the "dev" site into a separate cPanel? If I could change the "Domain Root" of the alias, I suppose that might do the trick, but I don't see a way to do that.

 

Ok thank you Michael!

So in summary, looks like I won't be able to combine everything into one certificate due to my website configuration.

 

Quick follow-up question: You mentioned that it was intended behavior that cPanel (Comodo) issued separate certificates for all subdomains. But what about Let's Encrypt? As I mentioned, they seem to be limiting the certificates to 24 domains/subdomains. However, the documentation I was looking at states: "Certificates that Let's Encrypt provides can secure a maximum of 100 domains per certificate."

Is there a way to get all of the domains combined onto one certificate via Let's Encrypt?

 

Thanks Michael,

So, am I correct that the Let's Encrypt certificates limit the number of domains to 24 (despite the documentation mentioning a limit of 100)?

 

If subdomains are considered separate virtual host entries, then yes, I believe so. Here is an example from one of the 3 certificates:

X509v3 Subject Alternative Name:
[removed]

 

Hi Michael,

Ok, good to know. After encountering this limitation, I've been exploring alternate strategies for resolving my initial issue. However, if/when I have time, I will gladly open a ticket to explore the situation Let's Encrypt, I appreciate the offer and your input

Thank you,
JP