cname of main domain - SSL issue

Operating System & Version
Centos 7.9
cPanel & WHM Version
93

Shinoda

Registered
Aug 21, 2020
4
0
1
World
cPanel Access Level
Root Administrator
Hi,

Unfortunately, until came here, there was no any satisfied resource regarding CNAME's SSL.

I created 3 new CNAME for the main domain due to fetch different sources throughout created CNAMEs (CDN). However, some browsers' refuse the connection and give a 499 status code. Dispate the matter this code mostly matches with nGinX servers which I do not use. This error is given for me due to CNAMEs are not matched with the main domain's inputs. Therefore, browsers don't fetch pics, jss and css... My questions:

1- How can I use my main domain's SSL cert. for the CNAMEs?
2- If the first clause is impossible then how www and mail CNAMEs is using the same cert?

SSL Host Manager in WHM doesn't work to solve the issue and when you create a CNAME in DNS Zone, used certs for the main domain doesn't assing to new created CNAMEs automatically.

I have VPS and adjust everything by myself.

Thanks
 
Last edited by a moderator:

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
6,810
895
313
cPanel Access Level
Root Administrator
Hey there! It seems there is some confusion about what gets issued an AutoSSL and why, so I'll see if I can explain that for you here.

The reason you get an SSL for the "www" and "mail" subdomains, even though they are setup as a CNAME in the DNS zones, is because they also get added to the Apache configuration on your server. If we check a typical virtual host on a cPanel server, we'll see the following:

Code:
<VirtualHost 1.2.3.4:443>
  ServerName domain.com
  ServerAlias mail.domain.com www.domain.com webmail.domain.com cpanel.domain.com
  DocumentRoot /home/username/public_html
  ServerAdmin [email protected]
  UseCanonicalName Off
Since those domains are setup in the Apache configuration for web traffic, they will receive an SSL.

If you just create a CNAME in DNS, that will not receive an SSL as that doesn't indicate it is a full domain on the machine. To get the SSL coverage, you would need to create the domain on the server, and not just in DNS.

Let me know if that helps to clear things up!
 

Shinoda

Registered
Aug 21, 2020
4
0
1
World
cPanel Access Level
Root Administrator
Thank you. Yes, this is making me understand how it is working well now.

So here are the new 2 questions:

1- Adding new CNAME domains into Apache configuration file will solve the SSL issue?
2- How to point the new subdomains to main domain's directory instead of using CNAME but the same effect like CNAME to fetch resources from the main domain's directory?

Thank you
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
6,810
895
313
cPanel Access Level
Root Administrator
1 - You wouldn't want to create any DNS records before you add the domain in cPanel. The cPanel tools will take care of that automatically
2 - This would be an Alias domain:


Alias domains allow you to have multiple domain names that point to the same document root, so the content will show the same website when you visit the domain in a browser.