In Progress CPANEL-37730 - AutoSSL can't see webmail subdomain

[LoadFactor]

I have a client with an aliased domain that has become their primary brand over the years. There's an A record in the DNS for webmail, the MX is local. Everything DNS looks perfectly normal.

But in SSL/TLS Status, AutoSSL doesn't list anything except the mail and www subdomains. This means that https://webmail.aliasdomain.com gets the server's certificate and the browser pops up a warning. (meanwhile, https://webmail.maindomain.com is fine).

I've tried removing and re-adding the subdomain, uninstalling and reissuing the AutoSSL certificates. But AutoSSL simply doesn't list the webmail subdomain for the alias.

Anyone got an idea for a fix?

 

[andrew.n]

You should add it as add-don domain to get SSL properly installed. As far as I remember aliases are not getting certs.

 

[cPRex]

Alias domains do get included in the AutoSSL runs. I set one up just now to confirm, and then ran AutoSSL on the domain and it did issue the certificate for me

Is there an Apache entry for webmail for the domain? By default, an alias doesn't get the "webmail" subdomain created, so there would not be anything for Apache to secure. I checked my 443 vhost in the httpd.conf file to confirm this was the case, and only the main domain got the webmail.domain.com entry.

 

[LoadFactor]

You should add it as add-don domain to get SSL properly installed. As far as I remember aliases are not getting certs.

The domain, including www and mail subdomains ARE getting coverage. AutoSSL is just not recognizing the webmail subdomain. It's not even listing it.

 

[LoadFactor]

Alias domains do get included in the AutoSSL runs. I set one up just now to confirm, and then ran AutoSSL on the domain and it did issue the certificate for me

Is there an Apache entry for webmail for the domain? By default, an alias doesn't get the "webmail" subdomain created, so there would not be anything for Apache to secure. I checked my 443 vhost in the httpd.conf file to confirm this was the case, and only the main domain got the webmail.domain.com entry.

I have verified what andrew.n said: although alias domains do get wildcard certs, cPanel doesn't do anything for the webmail subdomain, although it does add an A record for webmail/webdisk, etc. to the DNS.

As a work-around, I manually added the webmail subdomain to the alias, then redirected it to webmail.maindomain.com, and that works.

Automatically adding the cPanel related subdomains to DNS without adding them to AutoSSL feels like a bug to me.

 

[andrew.n]

@cPRex

 

[cPRex]

Someone is really excited about tagging me today, @andrew.n !

I agree, so I've created case CPANEL-37730 for our developers to look into this. I'm wondering if this was already discussed, but we opted to leave that out due to AutoSSL limits. However, if we're creating the DNS records, I'm of the opinion we should be able to secure them.

I'll be sure to respond once I get an update on that case.

 

[andrew.n]

hehe sorry about that Rex you are the most important person here :D

 

[cPRex]

I am almost certainly not! I am the.........................dinosaur-iest though?

 

[andrew.n]

very true, the most(!) dinosaur-iest

 

[LoadFactor]

Now I feel like tagging both of you.

Thanks both of you for your help and to cPRex for raising it to a case. (see, no @. Do I get a prize?)

 

[cPRex]

Ummm, how about the prize of knowing the team has already talked about it and plans to do some work toward it in version 100? Does that work?

 

[dywilson]

Hi all,

I just found this thread and noted that there was a case created CPANEL-37730
Is there a way for me to track this case status.

Just wanting to know if/when we can expect it.

Also wondering if there a simple work-around to force an auto-ssl generation of alias subdomains.
I know that there is a workaround in that you can redirect to the main domain, but I suspect that only works for web-pages.
If we use a subdomain in the alias domain as the inbound and outbound hosts in an email client then it will not redirect.

 

[cPRex]

@dywilson - I don't have a good way to track this one except for watching the changelogs. Since you're following this thread now, I also post updates once it has been resolved, and the cPanel version number where it is fixed if that is applicable.

I do see our team is working on this now, although it has not been added to a release.