RyanR

Active Member
Jul 22, 2020
33
4
8
London
cPanel Access Level
Root Administrator
Hi,

If I try to connect to the ftp.website.com subdomains via FTP I get warnings thrown about the "Hostname not matching the certificate." becacause the SSL certificate is for the main WHM server, not the subdomain.

How do I get certificates applied to the ftp subdomain so that a user can connect to their account via ftp.website.com without the warning from showing ever.

The DNS records are setup as A type DNS records pointing to the server IP.

Thanks
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,266
313
Houston
This is because FTP does not support SNI, so while you can have a certificate issued for domain.tld which also covers ftp.domain.tld FTP won't recognize this. This is noted in WHM>>Service Configuration>>Manage Service SSL certificates:

When the system processes a TLS SNI request, the system serves a domain-specific certificate with all services except FTP. If no domain-specific certificate matches the SNI request or if the client doesn’t send an SNI request, the service uses its default certificate, which you can manage below.

We recommend that you install the same certificate for each service.
This is also noted in the FTP documentation:

https://docs.cpanel.net/cpanel/files/ftp-accounts/ said:
FTP does not support Server Name Indication (SNI). You must use the server’s hostname as the FTP server to connect with SSL. You can’t use your domain name. For more information, read our How To Configure Your SFTP Client documentation.
In order to bypass the error you're receiving they'd need to use the hostname of the server.
 

RyanR

Active Member
Jul 22, 2020
33
4
8
London
cPanel Access Level
Root Administrator
Hi Lauren,

Interesting... Why then does the FTP login instructions in cPanel list the FTP subdomain then?

My previous host had it working... I could connect over ftp.website.com without the warning coming up.

On a similar note / question what about the likes of mail, autoconfig, webdisk... Etc subdomains?

One think that's odd is the cPanel subdomain isn't working. I've not tested whm but I assume that will be the same. They're just redirecting to website.com
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,266
313
Houston
Interesting... Why then does the FTP login instructions in cPanel list the FTP subdomain then?
Because you can still access this without SSL/TLS.

My previous host had it working... I could connect over ftp.website.com without the warning coming up.
Were you connecting to https://ftp.website.com or http://ftp.website.com?

On a similar note / question what about the likes of mail, autoconfig, webdisk... Etc subdomains?
As noted in the previous response, FTP is the only service that this occurs with.
 

RyanR

Active Member
Jul 22, 2020
33
4
8
London
cPanel Access Level
Root Administrator
The FTP is the same as the old server, we aren't defining HTTP or HTTPS because the FTP account settings in cPanel show "ftp.website.com" and adding http:// stops the FTP client from working.

So it should be attempting to connect over HTTP but yet on the new server it is trying to connect over https clearly hence the certificate warning

I've setup the A-DNS record in Cloudflare to be DNS only so it isn't getting HTTPS forced by Cloudflare & I've disabled the .htaccess rules which force HTTPS on all domains just in case it's honoring .htaccess rules in the public_html.

As noted in the previous response, FTP is the only service that this occurs with.
I see, for what reason would the cPanel subdomain not be working then?
 

RyanR

Active Member
Jul 22, 2020
33
4
8
London
cPanel Access Level
Root Administrator
The FTP is the same as the old server, we aren't defining HTTP or HTTPS because the FTP account settings in cPanel show "ftp.website.com" and adding http:// stops the FTP client from working.

So it should be attempting to connect over HTTP but yet on the new server it is trying to connect over https clearly hence the certificate warning

I've setup the A-DNS record in Cloudflare to be DNS only so it isn't getting HTTPS forced by Cloudflare & I've disabled the .htaccess rules which force HTTPS on all domains just in case it's honoring .htaccess rules in the public_html.

I see, for what reason would the cPanel subdomain not be working then?
Would it be better to open a ticket for this so I can provide access to WHM so you can see the issues?
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
5,316
688
313
cPanel Access Level
Root Administrator
I believe the FTP portion of the question has been clarified, but the "cpanel" subdomain issue hasn't.

cPanel creates special redirects for our Service Subdomains in the Apache configuration of the system. You'll just want to make sure those are set to "On" in WHM >> Tweak Settings. If so, and your DNS is managed locally, I would expect them to also be secured and responding normally, and to redirect you to the correct ports on the system so cpanel.domain.com lets you log in to cPanel.

Can you let me know what happens when you try to access that subdomain currently?