AutoSSL subdomains with certificate installed on domain

daimpa

Member
Mar 18, 2019
8
0
1
italy
cPanel Access Level
Root Administrator
Hello, I've a SSL certificate installed on example.com and valid only for example.com and www.example.com.

I want to use autoSSL for mail.example.com, webmail.example.com, cpanel.example.com etc.

I've try to exclude example.com and www.example.com from AutoSSL and the Run AutoSSL. This don't work.
 
Last edited by a moderator:

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,271
313
Houston
Hi @daimpa

What's output in the logs when you attempt to get the certificate with the root domain excluded? You can find them by going to WHM>>SSL/TLS>>Manage AutoSSL
 
  • Like
Reactions: daimpa

daimpa

Member
Mar 18, 2019
8
0
1
italy
cPanel Access Level
Root Administrator
Hi @daimpa

What's output in the logs when you attempt to get the certificate with the root domain excluded? You can find them by going to WHM>>SSL/TLS>>Manage AutoSSL
Code:
1:28:10 PM AutoSSL’s configured provider is “Let’s Encrypt™”.
 Checking websites for “user” …
 1:28:10 PM Analyzing “example.com” …
 1:28:10 PM User-excluded domains: 2 (example.com, www.example.com)
 TLS Status: Incomplete
 Certificate expiry: 3/24/20, 12:00 PM UTC (357.02 days from now)
 Impediment: CERTIFICATE_IS_EXTERNALLY_SIGNED: The certificate is neither self-signed nor from AutoSSL.
 1:28:10 PM The system has completed the AutoSSL check for “user”.
 
Last edited by a moderator:

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,271
313
Houston
Hello @daimpa

The domains are hitting an impediment due to the certificate not being issued by AutoSSL and not being a self signed (being issued by another entity). If you go to WHM>>SSL/TLS>>Options -> and enable Allow AutoSSL to replace invalid or expiring non-AutoSSL certificates. Does this issue persist?

Thanks!
 

daimpa

Member
Mar 18, 2019
8
0
1
italy
cPanel Access Level
Root Administrator
Hello @daimpa

The domains are hitting an impediment due to the certificate not being issued by AutoSSL and not being a self signed (being issued by another entity). If you go to WHM>>SSL/TLS>>Options -> and enable Allow AutoSSL to replace invalid or expiring non-AutoSSL certificates. Does this issue persist?

Thanks!
Thanks for the reply, but it's already enabled.
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,271
313
Houston
Hi @daimpa

Interesting, can you please open a ticket using the link in my signature? It may be that the root domain in this instance needs to be able to receive the certificate but I'm not certain that behavior should be the default and I'd like for us to look further into that. Once open please reply with the Ticket ID here so that we can update this thread with the resolution once the ticket is resolved.


Thanks!
 

daimpa

Member
Mar 18, 2019
8
0
1
italy
cPanel Access Level
Root Administrator
Hi @daimpa

Interesting, can you please open a ticket using the link in my signature? It may be that the root domain in this instance needs to be able to receive the certificate but I'm not certain that behavior should be the default and I'd like for us to look further into that. Once open please reply with the Ticket ID here so that we can update this thread with the resolution once the ticket is resolved.


Thanks!
maybe it's the same problem of here? In Progress - [CPANEL-22039] AutoSSL doesn't cover Service Subdomains when parent domain uses third-party cert
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,271
313
Houston
Hi @daimpa


Without a valid SSL installed or any SSL including a self-signed one you won't be able to access sites over https. If you do have at the very least a self-signed SSL installed you'll be able to access but you will receive a warning in your browser.