In Progress CPANEL-37730 - AutoSSL can't see webmail subdomain

LoadFactor

Well-Known Member
Jul 12, 2013
59
8
133
cPanel Access Level
Root Administrator
I have a client with an aliased domain that has become their primary brand over the years. There's an A record in the DNS for webmail, the MX is local. Everything DNS looks perfectly normal.

But in SSL/TLS Status, AutoSSL doesn't list anything except the mail and www subdomains. This means that https://webmail.aliasdomain.com gets the server's certificate and the browser pops up a warning. (meanwhile, https://webmail.maindomain.com is fine).

I've tried removing and re-adding the subdomain, uninstalling and reissuing the AutoSSL certificates. But AutoSSL simply doesn't list the webmail subdomain for the alias.

Anyone got an idea for a fix?
 

andrew.n

Well-Known Member
Jun 9, 2020
611
175
43
EU
cPanel Access Level
Root Administrator
You should add it as add-don domain to get SSL properly installed. As far as I remember aliases are not getting certs.
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
6,923
912
313
cPanel Access Level
Root Administrator
Alias domains do get included in the AutoSSL runs. I set one up just now to confirm, and then ran AutoSSL on the domain and it did issue the certificate for me

Is there an Apache entry for webmail for the domain? By default, an alias doesn't get the "webmail" subdomain created, so there would not be anything for Apache to secure. I checked my 443 vhost in the httpd.conf file to confirm this was the case, and only the main domain got the webmail.domain.com entry.
 

LoadFactor

Well-Known Member
Jul 12, 2013
59
8
133
cPanel Access Level
Root Administrator
You should add it as add-don domain to get SSL properly installed. As far as I remember aliases are not getting certs.
The domain, including www and mail subdomains ARE getting coverage. AutoSSL is just not recognizing the webmail subdomain. It's not even listing it.
 

LoadFactor

Well-Known Member
Jul 12, 2013
59
8
133
cPanel Access Level
Root Administrator
Alias domains do get included in the AutoSSL runs. I set one up just now to confirm, and then ran AutoSSL on the domain and it did issue the certificate for me

Is there an Apache entry for webmail for the domain? By default, an alias doesn't get the "webmail" subdomain created, so there would not be anything for Apache to secure. I checked my 443 vhost in the httpd.conf file to confirm this was the case, and only the main domain got the webmail.domain.com entry.
I have verified what andrew.n said: although alias domains do get wildcard certs, cPanel doesn't do anything for the webmail subdomain, although it does add an A record for webmail/webdisk, etc. to the DNS.

As a work-around, I manually added the webmail subdomain to the alias, then redirected it to webmail.maindomain.com, and that works.

Automatically adding the cPanel related subdomains to DNS without adding them to AutoSSL feels like a bug to me.
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
6,923
912
313
cPanel Access Level
Root Administrator
Someone is really excited about tagging me today, @andrew.n !

I agree, so I've created case CPANEL-37730 for our developers to look into this. I'm wondering if this was already discussed, but we opted to leave that out due to AutoSSL limits. However, if we're creating the DNS records, I'm of the opinion we should be able to secure them.

I'll be sure to respond once I get an update on that case.
 

LoadFactor

Well-Known Member
Jul 12, 2013
59
8
133
cPanel Access Level
Root Administrator
Now I feel like tagging both of you. ;)

Thanks both of you for your help and to cPRex for raising it to a case. (see, no @. Do I get a prize?)
 

dywilson

Registered
Aug 29, 2021
1
0
1
Australia
cPanel Access Level
Root Administrator
Hi all,

I just found this thread and noted that there was a case created CPANEL-37730
Is there a way for me to track this case status.

Just wanting to know if/when we can expect it.

Also wondering if there a simple work-around to force an auto-ssl generation of alias subdomains.
I know that there is a workaround in that you can redirect to the main domain, but I suspect that only works for web-pages.
If we use a subdomain in the alias domain as the inbound and outbound hosts in an email client then it will not redirect.
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
6,923
912
313
cPanel Access Level
Root Administrator
@dywilson - I don't have a good way to track this one except for watching the changelogs. Since you're following this thread now, I also post updates once it has been resolved, and the cPanel version number where it is fixed if that is applicable.

I do see our team is working on this now, although it has not been added to a release.