Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

AutoSSL subdomains with certificate installed on domain

Discussion in 'Security' started by daimpa, Mar 30, 2019.

  1. daimpa

    daimpa Member

    Joined:
    Mar 18, 2019
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    italy
    cPanel Access Level:
    Root Administrator
    Hello, I've a SSL certificate installed on example.com and valid only for example.com and www.example.com.

    I want to use autoSSL for mail.example.com, webmail.example.com, cpanel.example.com etc.

    I've try to exclude example.com and www.example.com from AutoSSL and the Run AutoSSL. This don't work.
     
    #1 daimpa, Mar 30, 2019
    Last edited by a moderator: Mar 31, 2019
  2. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,476
    Likes Received:
    507
    Trophy Points:
    263
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @daimpa

    What's output in the logs when you attempt to get the certificate with the root domain excluded? You can find them by going to WHM>>SSL/TLS>>Manage AutoSSL
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    daimpa likes this.
  3. daimpa

    daimpa Member

    Joined:
    Mar 18, 2019
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    italy
    cPanel Access Level:
    Root Administrator
    Code:
    1:28:10 PM AutoSSL’s configured provider is “Let’s Encrypt™”.
     Checking websites for “user” …
     1:28:10 PM Analyzing “example.com” …
     1:28:10 PM User-excluded domains: 2 (example.com, www.example.com)
     TLS Status: Incomplete
     Certificate expiry: 3/24/20, 12:00 PM UTC (357.02 days from now)
     Impediment: CERTIFICATE_IS_EXTERNALLY_SIGNED: The certificate is neither self-signed nor from AutoSSL.
     1:28:10 PM The system has completed the AutoSSL check for “user”.
     
    #3 daimpa, Apr 2, 2019
    Last edited by a moderator: Apr 2, 2019
  4. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,476
    Likes Received:
    507
    Trophy Points:
    263
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hello @daimpa

    The domains are hitting an impediment due to the certificate not being issued by AutoSSL and not being a self signed (being issued by another entity). If you go to WHM>>SSL/TLS>>Options -> and enable Allow AutoSSL to replace invalid or expiring non-AutoSSL certificates. Does this issue persist?

    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. daimpa

    daimpa Member

    Joined:
    Mar 18, 2019
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    italy
    cPanel Access Level:
    Root Administrator
    Thanks for the reply, but it's already enabled.
     
  6. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,476
    Likes Received:
    507
    Trophy Points:
    263
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @daimpa

    Interesting, can you please open a ticket using the link in my signature? It may be that the root domain in this instance needs to be able to receive the certificate but I'm not certain that behavior should be the default and I'd like for us to look further into that. Once open please reply with the Ticket ID here so that we can update this thread with the resolution once the ticket is resolved.


    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. daimpa

    daimpa Member

    Joined:
    Mar 18, 2019
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    italy
    cPanel Access Level:
    Root Administrator
    maybe it's the same problem of here? In Progress - [CPANEL-22039] AutoSSL doesn't cover Service Subdomains when parent domain uses third-party cert
     
  8. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,476
    Likes Received:
    507
    Trophy Points:
    263
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @daimpa

    I believe so and this case is unresolved at this time, which is why I'd like to see if it's possible for you to open a ticket with us.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. daimpa

    daimpa Member

    Joined:
    Mar 18, 2019
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    italy
    cPanel Access Level:
    Root Administrator
    I'll write to my host first.
    One question: is there any particular problem in accessing to https://webmail.example.com in this settings? I mean, without a valid SSL certificate installed.
     
    #9 daimpa, Apr 3, 2019
    Last edited: Apr 3, 2019
  10. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,476
    Likes Received:
    507
    Trophy Points:
    263
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @daimpa


    Without a valid SSL installed or any SSL including a self-signed one you won't be able to access sites over https. If you do have at the very least a self-signed SSL installed you'll be able to access but you will receive a warning in your browser.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice