Configure AutoSSL to exclude mail. and www. certificates?

[Nash1]

How can I filter out mail.domain and www.domain so AutoSSL doesn't add them to the SSL certificate? I have a WordPress multi site install with many domains parked on it. I want to prevent using up the SSL Certificate's 250 domain limit with the mail and www domains.

I saw a discussion regarding using the WordPress client's cPanel interface, navigate to SSL Status, and then click the Exclude from AutoSSL option so that it won't even try to issue a cert for those mail.domain hostnames. Does this also work for Parked domains?

So far I'm unable to see the SSL Status on the WordPress domain's cPanel login. I've gone so far as to create a feature list with everything selected. Even using that, I don't see the SSL Status show up under Security.

 

[CreateChange]

Hi Nash,

Just a thought - in

/var/cpanel/ssl/autossl/excludes

are excludes files in json format. See:

[email protected] [/var/cpanel/ssl/autossl/excludes]# cat account_name.json
{"excluded_domains":["domain.com","www.domain.com"]}

Note that the file is the account name, while directives in the file are domains. I would suspect that you could include parked domains to the respective excludes file to disable AutoSSL from running on those parked domains. Don't know if this is the best option (or even an option!) but thought it might give you some food for thought.

Have a good day!

 

[Infopro]

This thread may be of some use:

AutoSSL on cPanel Service Proxies

Hello Please I need some help, guidance, clarification :/ How do I delete "mail.domain.com" cPanel proxy subdomain? And then what is the best practice / setup configuration to access the cpanel webmail interface with an email client using SMTP 465 and IMAP 943 without errors? Without...

forums.cpanel.net

 

[Nash1]

Hello Infopro,

Thank you for the thread link. However, there no longer are any "proxy subdomain" settings under Tweak settings. I have "service subdomains" disabled. Running as root, the script
/scripts/proxydomains remove made no changes according to the scripts' output.

Hello CreateChange,

I'll experiment with /var/cpanel/ssl/autossl/excludes, and comment back on how that works. Thank you for the suggestion. I was hoping to have something that didn't require manual edits with each new parked domain.

 

[Nash1]

Hello CreateChange,

That works, updating the domain's json file in /scripts2/listparked does exclude the listed domains from AutoSSL.

Can the json file take wildcards? If so, how do I tell it to exclude mail.*.sdsu.edu and www.*.sdsu.edu in the json file?

Is there a command line script to list the domains parked? I'd like to automate updates to our WordPress domain's json file. I noticed if any typo is made, AutoSSL fails for the domain.