AutoSSL subdomains with certificate installed on domain

daimpa

Member
Mar 18, 2019
6
0
1
italy
cPanel Access Level
Root Administrator
Hello, I've a SSL certificate installed on example.com and valid only for example.com and www.example.com.

I want to use autoSSL for mail.example.com, webmail.example.com, cpanel.example.com etc.

I've try to exclude example.com and www.example.com from AutoSSL and the Run AutoSSL. This don't work.
 
Last edited by a moderator:

daimpa

Member
Mar 18, 2019
6
0
1
italy
cPanel Access Level
Root Administrator
Hi @daimpa

What's output in the logs when you attempt to get the certificate with the root domain excluded? You can find them by going to WHM>>SSL/TLS>>Manage AutoSSL
Code:
1:28:10 PM AutoSSL’s configured provider is “Let’s Encrypt™”.
 Checking websites for “user” …
 1:28:10 PM Analyzing “example.com” …
 1:28:10 PM User-excluded domains: 2 (example.com, www.example.com)
 TLS Status: Incomplete
 Certificate expiry: 3/24/20, 12:00 PM UTC (357.02 days from now)
 Impediment: CERTIFICATE_IS_EXTERNALLY_SIGNED: The certificate is neither self-signed nor from AutoSSL.
 1:28:10 PM The system has completed the AutoSSL check for “user”.
 
Last edited by a moderator:

cPanelLauren

Forums Analyst II
Staff member
Nov 14, 2017
7,986
644
263
Houston
cPanel Access Level
DataCenter Provider
Hello @daimpa

The domains are hitting an impediment due to the certificate not being issued by AutoSSL and not being a self signed (being issued by another entity). If you go to WHM>>SSL/TLS>>Options -> and enable Allow AutoSSL to replace invalid or expiring non-AutoSSL certificates. Does this issue persist?

Thanks!
 

daimpa

Member
Mar 18, 2019
6
0
1
italy
cPanel Access Level
Root Administrator
Hello @daimpa

The domains are hitting an impediment due to the certificate not being issued by AutoSSL and not being a self signed (being issued by another entity). If you go to WHM>>SSL/TLS>>Options -> and enable Allow AutoSSL to replace invalid or expiring non-AutoSSL certificates. Does this issue persist?

Thanks!
Thanks for the reply, but it's already enabled.
 

cPanelLauren

Forums Analyst II
Staff member
Nov 14, 2017
7,986
644
263
Houston
cPanel Access Level
DataCenter Provider
Hi @daimpa

Interesting, can you please open a ticket using the link in my signature? It may be that the root domain in this instance needs to be able to receive the certificate but I'm not certain that behavior should be the default and I'd like for us to look further into that. Once open please reply with the Ticket ID here so that we can update this thread with the resolution once the ticket is resolved.


Thanks!
 

daimpa

Member
Mar 18, 2019
6
0
1
italy
cPanel Access Level
Root Administrator
Hi @daimpa

Interesting, can you please open a ticket using the link in my signature? It may be that the root domain in this instance needs to be able to receive the certificate but I'm not certain that behavior should be the default and I'd like for us to look further into that. Once open please reply with the Ticket ID here so that we can update this thread with the resolution once the ticket is resolved.


Thanks!
maybe it's the same problem of here? In Progress - [CPANEL-22039] AutoSSL doesn't cover Service Subdomains when parent domain uses third-party cert