The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

AutoSSL- Subdomains Getting Split Across Multiple Certificates

Discussion in 'Security' started by livingmiracles, Jun 18, 2017.

Tags:
  1. livingmiracles

    Joined:
    May 5, 2017
    Messages:
    13
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Kamas, Utah
    cPanel Access Level:
    Root Administrator
    Hello,

    I have a WordPress multisite with about 50 subdomains in total (including the "www" versions). Due to circumstances with my CDN service, I need to have all of these subdomains (and the parent domain) issued as one combined SSL certificate so that I can upload it to the CDN's system.

    According to what I've read, the limit for domains on a single SSL is 100. However, in my case (using AutoSSL with Let's Encrypt), they seem to be getting split into groups of 24, resulting in a total of 3 certificates for me. I can see the 3 certificates in WHM's "SSL Storage Manager."

    In other words, even though all of the requests for the domains/subdomains are occurring at once, they are getting split up into 3 certificates, whereas I need to have them all combined into one.

    I've tested this a couple times by deleting all existing "SSL hosts" (WHM > Manage SSL Hosts) and re-doing the request, by the result is the same every time.

    Any advice would be greatly appreciated.

    Thank you,
    JP
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,173
    Likes Received:
    1,295
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
  3. livingmiracles

    Joined:
    May 5, 2017
    Messages:
    13
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Kamas, Utah
    cPanel Access Level:
    Root Administrator
    Hi Michael,

    Thank you for the reply and the link to the article!

    The subdomains are added as their own separate subdomains in the parent site's cPanel account > Subdomains area.

    I just tried using cPanel (Comodo) as the AutoSSL certificate provider and that actually resulted in separate certificates for every subdomain. Each individual certificate only shows the "www" and "non-www" version of a single subdomain. So instead of 3 certificates, I now have 26.

    Ideally, I'd like to combine them into just a single certificate. Are you saying that it may be possible to do this by using domain aliases instead of subdomains?

    Thank you,
    JP
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,173
    Likes Received:
    1,295
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Yes, this is in-fact the intended behavior.

    Using aliases would achieve what you are seeking as far as I understand, but keep in mind aliases are designed to only open the same content of the domain name they are added as aliases to.

    Thank you.
     
  5. livingmiracles

    Joined:
    May 5, 2017
    Messages:
    13
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Kamas, Utah
    cPanel Access Level:
    Root Administrator
    I happen to have a development version of the site at "dev.sitename.net" (in a separate "dev" directory outside of the parent site's /public_html folder). I set up an alias for that but it keeps redirecting to the parent site. I think this is probably what you were referring to, correct?

    Is there any way to set up aliases for a "dev" site like this without separating out the "dev" site into a separate cPanel? If I could change the "Domain Root" of the alias, I suppose that might do the trick, but I don't see a way to do that.
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,173
    Likes Received:
    1,295
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Domain aliases don't have their own virtual hosts, and thus it's not possible to configure a custom document root.

    Thank you.
     
  7. livingmiracles

    Joined:
    May 5, 2017
    Messages:
    13
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Kamas, Utah
    cPanel Access Level:
    Root Administrator
    Ok thank you Michael!

    So in summary, looks like I won't be able to combine everything into one certificate due to my website configuration.
     
  8. livingmiracles

    Joined:
    May 5, 2017
    Messages:
    13
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Kamas, Utah
    cPanel Access Level:
    Root Administrator
    Quick follow-up question: You mentioned that it was intended behavior that cPanel (Comodo) issued separate certificates for all subdomains. But what about Let's Encrypt? As I mentioned, they seem to be limiting the certificates to 24 domains/subdomains. However, the documentation I was looking at states: "Certificates that Let's Encrypt provides can secure a maximum of 100 domains per certificate."

    Is there a way to get all of the domains combined onto one certificate via Let's Encrypt?
     
  9. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,173
    Likes Received:
    1,295
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    It's not possible to have all of the domain names on a single virtual host, even with Let's Encrypt. It's likely you'd need to purchase a multi-domain (UCC) certificate from a commercial SSL certificate provider to achieve this.

    Thank you.
     
  10. livingmiracles

    Joined:
    May 5, 2017
    Messages:
    13
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Kamas, Utah
    cPanel Access Level:
    Root Administrator
    Thanks Michael,

    So, am I correct that the Let's Encrypt certificates limit the number of domains to 24 (despite the documentation mentioning a limit of 100)?
     
  11. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,173
    Likes Received:
    1,295
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    It can secure 100 domain names per virtual host, but addon domain names and subdomains have their own virtual hosts. In the example you are referencing, are those 24 domain names part of separate virtual host entries?

    Thank you.
     
  12. livingmiracles

    Joined:
    May 5, 2017
    Messages:
    13
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Kamas, Utah
    cPanel Access Level:
    Root Administrator
    If subdomains are considered separate virtual host entries, then yes, I believe so. Here is an example from one of the 3 certificates:

    X509v3 Subject Alternative Name:
    [removed]
     
    #12 livingmiracles, Jun 20, 2017
    Last edited by a moderator: Jun 20, 2017
  13. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,173
    Likes Received:
    1,295
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    It's possible this works slightly differently with Let's Encrypt. Feel free to open a support ticket using the link in my signature so we can take a closer look at your system and determine exactly which domain names are included in a single certificate when using Let's Encrypt vs Comodo.

    Thank you.
     
  14. livingmiracles

    Joined:
    May 5, 2017
    Messages:
    13
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Kamas, Utah
    cPanel Access Level:
    Root Administrator
    Hi Michael,

    Ok, good to know. After encountering this limitation, I've been exploring alternate strategies for resolving my initial issue. However, if/when I have time, I will gladly open a ticket to explore the situation Let's Encrypt, I appreciate the offer and your input :)

    Thank you,
    JP
     
Loading...

Share This Page