Digital certificate for cPanel and Wordpress using wildcard

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,252
313
Houston

toplisek

Well-Known Member
Jan 7, 2010
185
11
68
It is an issue if DNS is not managed by CloudFlare. All domains, which use a wildcard, should be migrated outside CloudFlare when you try to install Let's Encrypt and an option for the wildcard.

Maybe I'm wrong but free account (CloudFlare) does not allow * wildcard settings by default as it is only an option for the paid account. You have to purchase for 20 USD per month to use this option and manage DNS for such accounts only inside Cloudflare.

Migrating DNS management is a huge vulnerability inside CP as all is disclosed regarding the hosting domain without CDN. Proxy is not defined between CDN and origin server and just between visitor and origin server.

Also, manually management for each SUBdomain is time-consuming. * demands inside CloudFlare to add each SUBdomain on your own. Sure, this costs 20 USD and you manage. It costs from 150 USD - 700 USD to purchase alternative compared to Let's Encrypt .

Any option or alternative demands that the certificate should be installed on same server.

So, my question is the following: if we install Let's Encrypt and manage DNS inside CP, can we use CDN and add SUBdomain inside CDN?
 
Last edited:

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,252
313
Houston
@toplisek

I'm not sure I understand the relevance? Your concerns are related to CloudFlare and have nothing to do with cPanel or the wildcard ssl offered by Let's Encrypt.
 

toplisek

Well-Known Member
Jan 7, 2010
185
11
68
I understand but I'm trying to see global perspective.

So, any wildcard SSL offered by Let's Encrypt will demand DNS management inside cPanel not CloudFlare. Please confirm. Is there an example how to do this in the case of Wordpress Multi-site?
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,252
313
Houston
I see, you're correct Let's Encrypt does not support HTTP DCV checks for wildcard certificates. This is noted in the documentation we have for the plugin as follows:


  • This plugin cannot use HTTP DCV challenges to issue wildcard certificates. Let’s Encrypt does not support this type of challenge. For more information, read Let’s Encrypt’s HTTP-01 challenge type documentation.
  • You cannot use this plugin to obtain wildcard certificates if you use third-party DNS hosting. You must host DNS on your local cPanel & WHM server or within the server’s DNS cluster.
This is Let's Encrypt's limitation, their documentation on this here: Challenge Types - Let's Encrypt - Free SSL/TLS Certificates states the following:

Re: HTTP DCV checks:
  • Let’s Encrypt doesn’t let you use this challenge to issue wildcard certificates.
So, in the event you need a wildcard certificate for a specific domain and you want it issued by Let's Encrypt you must host DNS locally for that domain or have the certificate issued where DNS is hosted (if possible). In the circumstance where you're hosting DNS with CloudFlare, or any other 3rd party DNS provider no, you would not be able to utilize it for Wildcard Certificates with Let's Encrypt.