AutoSSL subdomains with certificate installed on domain

[daimpa]

Hello, I've a SSL certificate installed on example.com and valid only for example.com and www.example.com.

I want to use autoSSL for mail.example.com, webmail.example.com, cpanel.example.com etc.

I've try to exclude example.com and www.example.com from AutoSSL and the Run AutoSSL. This don't work.

 

[cPanelLauren]

Hi @daimpa

What's output in the logs when you attempt to get the certificate with the root domain excluded? You can find them by going to WHM>>SSL/TLS>>Manage AutoSSL

 

[daimpa]

Hi @daimpa

What's output in the logs when you attempt to get the certificate with the root domain excluded? You can find them by going to WHM>>SSL/TLS>>Manage AutoSSL

1:28:10 PM AutoSSL’s configured provider is “Let’s Encrypt™”.
 Checking websites for “user” …
 1:28:10 PM Analyzing “example.com” …
 1:28:10 PM User-excluded domains: 2 (example.com, www.example.com)
 TLS Status: Incomplete
 Certificate expiry: 3/24/20, 12:00 PM UTC (357.02 days from now)
 Impediment: CERTIFICATE_IS_EXTERNALLY_SIGNED: The certificate is neither self-signed nor from AutoSSL.
 1:28:10 PM The system has completed the AutoSSL check for “user”.

 

[cPanelLauren]

Hello @daimpa

The domains are hitting an impediment due to the certificate not being issued by AutoSSL and not being a self signed (being issued by another entity). If you go to WHM>>SSL/TLS>>Options -> and enable Allow AutoSSL to replace invalid or expiring non-AutoSSL certificates. Does this issue persist?

Thanks!

 

[daimpa]

Hello @daimpa

The domains are hitting an impediment due to the certificate not being issued by AutoSSL and not being a self signed (being issued by another entity). If you go to WHM>>SSL/TLS>>Options -> and enable Allow AutoSSL to replace invalid or expiring non-AutoSSL certificates. Does this issue persist?

Thanks!

Thanks for the reply, but it's already enabled.

 

[cPanelLauren]

Hi @daimpa

Interesting, can you please open a ticket using the link in my signature? It may be that the root domain in this instance needs to be able to receive the certificate but I'm not certain that behavior should be the default and I'd like for us to look further into that. Once open please reply with the Ticket ID here so that we can update this thread with the resolution once the ticket is resolved.


Thanks!

 

[daimpa]

Hi @daimpa

Interesting, can you please open a ticket using the link in my signature? It may be that the root domain in this instance needs to be able to receive the certificate but I'm not certain that behavior should be the default and I'd like for us to look further into that. Once open please reply with the Ticket ID here so that we can update this thread with the resolution once the ticket is resolved.


Thanks!

maybe it's the same problem of here? In Progress - [CPANEL-22039] AutoSSL doesn't cover Service Subdomains when parent domain uses third-party cert

 

[cPanelLauren]

Hi @daimpa

I believe so and this case is unresolved at this time, which is why I'd like to see if it's possible for you to open a ticket with us.

 

[daimpa]

Hi @daimpa

I believe so and this case is unresolved at this time, which is why I'd like to see if it's possible for you to open a ticket with us.

I'll write to my host first.
One question: is there any particular problem in accessing to https://webmail.example.com in this settings? I mean, without a valid SSL certificate installed.

 

[cPanelLauren]

Hi @daimpa


Without a valid SSL installed or any SSL including a self-signed one you won't be able to access sites over https. If you do have at the very least a self-signed SSL installed you'll be able to access but you will receive a warning in your browser.