Configure AutoSSL to exclude mail. and www. certificates?

Nash1

Member
Oct 20, 2015
8
0
1
San Diego
cPanel Access Level
Root Administrator
How can I filter out mail.domain and www.domain so AutoSSL doesn't add them to the SSL certificate? I have a WordPress multi site install with many domains parked on it. I want to prevent using up the SSL Certificate's 250 domain limit with the mail and www domains.

I saw a discussion regarding using the WordPress client's cPanel interface, navigate to SSL Status, and then click the Exclude from AutoSSL option so that it won't even try to issue a cert for those mail.domain hostnames. Does this also work for Parked domains?

So far I'm unable to see the SSL Status on the WordPress domain's cPanel login. I've gone so far as to create a feature list with everything selected. Even using that, I don't see the SSL Status show up under Security.


WPMS-cPanel-security.PNG
 
Last edited by a moderator:

CreateChange

Member
Apr 30, 2019
10
1
3
Denver, CO
cPanel Access Level
Root Administrator
Hi Nash,

Just a thought - in
Code:
/var/cpanel/ssl/autossl/excludes
are excludes files in json format. See:

Code:
[email protected] [/var/cpanel/ssl/autossl/excludes]# cat account_name.json
{"excluded_domains":["domain.com","www.domain.com"]}
Note that the file is the account name, while directives in the file are domains. I would suspect that you could include parked domains to the respective excludes file to disable AutoSSL from running on those parked domains. Don't know if this is the best option (or even an option!) but thought it might give you some food for thought.

Have a good day!
 

Infopro

Well-Known Member
May 20, 2003
17,113
507
613
Pennsylvania
cPanel Access Level
Root Administrator
Twitter
This thread may be of some use:
 

Nash1

Member
Oct 20, 2015
8
0
1
San Diego
cPanel Access Level
Root Administrator
Hello Infopro,

Thank you for the thread link. However, there no longer are any "proxy subdomain" settings under Tweak settings. I have "service subdomains" disabled. Running as root, the script
/scripts/proxydomains remove made no changes according to the scripts' output.

Hello CreateChange,

I'll experiment with /var/cpanel/ssl/autossl/excludes, and comment back on how that works. Thank you for the suggestion. I was hoping to have something that didn't require manual edits with each new parked domain.
 

Nash1

Member
Oct 20, 2015
8
0
1
San Diego
cPanel Access Level
Root Administrator
Hello CreateChange,

That works, updating the domain's json file in /scripts2/listparked does exclude the listed domains from AutoSSL.

Can the json file take wildcards? If so, how do I tell it to exclude mail.*.sdsu.edu and www.*.sdsu.edu in the json file?

Is there a command line script to list the domains parked? I'd like to automate updates to our WordPress domain's json file. I noticed if any typo is made, AutoSSL fails for the domain.
 
Last edited: