Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Generating AutoSSL certificate before pointing traffic to server

Discussion in 'Security' started by greatwitenorth, Oct 3, 2018.

  1. greatwitenorth

    greatwitenorth Member

    Joined:
    Feb 28, 2014
    Messages:
    15
    Likes Received:
    1
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    We are currently migrating a website to our cpanel server. We only have file access to the website so I cannot access the existing SSL certificates. Also the origin server is not Cpanel so I cannot simply do a transfer.

    My question is how can I generate a SSL certificate using autossl prior to pointing traffic to the new server? I do have access to the DNS records of the domain. Is there any way I can get cpanel to do the verification via a DNS record?
     
  2. Anupam SG

    Anupam SG Active Member

    Joined:
    Aug 29, 2018
    Messages:
    38
    Likes Received:
    15
    Trophy Points:
    8
    Location:
    Earth
    cPanel Access Level:
    Root Administrator
    Let's say your old server has the domain domain.xyz
    You need to create a A record in the DNS zone with IP of the new server and assign the address subdomain.domain.xyz in that record.
    So the new subdomain, is now on the new server; while the old website sits where it was.
    Now run AutoSSL. It should install SSL for domain.xyz on the new server.
    Ofcourse you need to change the sub-domain to domain in DNS when you want to move the traffic to the new server.
     
  3. greatwitenorth

    greatwitenorth Member

    Joined:
    Feb 28, 2014
    Messages:
    15
    Likes Received:
    1
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    OK that's good to know. I didn't realize that AutoSSL would install a certificate for the entire domain despite only having the subdomain pointed to the server. Thanks!
     
    cPanelLauren likes this.
  4. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    5,815
    Likes Received:
    444
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    @Anupam SG is correct! Thanks!

    It'll issue a cert for the subdomain not for the root domain unless you can prove ownership of the domain. Basically whichever domain is pointed to the server.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. greatwitenorth

    greatwitenorth Member

    Joined:
    Feb 28, 2014
    Messages:
    15
    Likes Received:
    1
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    Is it possible to prove ownership without pointing the main domain to the new server? We're basically trying to avoid 10-15mins of users seeing a SSL warning once we point the domain to the new server. We'd like to get the SSL cert sorted before pointing the main domain.
     
  6. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    5,815
    Likes Received:
    444
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @greatwitenorth


    It might be if the DNS records are hosted locally on the server but the issue is that the free SSL DCV process just won't provision a certificate for a domain that doesn't resolve to the server. There are a couple of solutions you might want to look at:

    1. You might check to see if the current SSL certificate can be copied from the old server to the new server

    2. You could implement something like CloudFlare which issues it's own free SSL certificate, so during the migration, you wouldn't really need to worry about timing of the provisioning of the certificate.


    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice