Generating AutoSSL certificate before pointing traffic to server

Feb 28, 2014
15
1
3
cPanel Access Level
Root Administrator
We are currently migrating a website to our cpanel server. We only have file access to the website so I cannot access the existing SSL certificates. Also the origin server is not Cpanel so I cannot simply do a transfer.

My question is how can I generate a SSL certificate using autossl prior to pointing traffic to the new server? I do have access to the DNS records of the domain. Is there any way I can get cpanel to do the verification via a DNS record?
 

Anupam SG

Active Member
Aug 29, 2018
44
17
8
Earth
cPanel Access Level
Root Administrator
Let's say your old server has the domain domain.xyz
You need to create a A record in the DNS zone with IP of the new server and assign the address subdomain.domain.xyz in that record.
So the new subdomain, is now on the new server; while the old website sits where it was.
Now run AutoSSL. It should install SSL for domain.xyz on the new server.
Ofcourse you need to change the sub-domain to domain in DNS when you want to move the traffic to the new server.
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,271
313
Houston
@Anupam SG is correct! Thanks!

OK that's good to know. I didn't realize that AutoSSL would install a certificate for the entire domain despite only having the subdomain pointed to the server. Thanks!
It'll issue a cert for the subdomain not for the root domain unless you can prove ownership of the domain. Basically whichever domain is pointed to the server.
 
Feb 28, 2014
15
1
3
cPanel Access Level
Root Administrator
@Anupam SG is correct! Thanks!



It'll issue a cert for the subdomain not for the root domain unless you can prove ownership of the domain. Basically whichever domain is pointed to the server.
Is it possible to prove ownership without pointing the main domain to the new server? We're basically trying to avoid 10-15mins of users seeing a SSL warning once we point the domain to the new server. We'd like to get the SSL cert sorted before pointing the main domain.
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,271
313
Houston
Hi @greatwitenorth


It might be if the DNS records are hosted locally on the server but the issue is that the free SSL DCV process just won't provision a certificate for a domain that doesn't resolve to the server. There are a couple of solutions you might want to look at:

1. You might check to see if the current SSL certificate can be copied from the old server to the new server

2. You could implement something like CloudFlare which issues it's own free SSL certificate, so during the migration, you wouldn't really need to worry about timing of the provisioning of the certificate.


Thanks!