Background:
For Server {servernameA.com} and Addon Domain {example.com} cPanel issues SSL Client Certificates in the form of:
For rollover backup reasons I have {example.com} fully built out on 2 cPanel servers {servernameA.com} and {servernameB.com}. This causes “reduced AutoSSL coverage” errors like:
Since the Common Name for the cert is based off the Server {servernameA.com/servernameB.com} and not the actual Addon Domain, I’m curious if it would be possible to jury rig the cPanel process so the cert on both Servers fully ‘resolves’ whereby the certs look like:
servernameA
servernameB
# # #
Q1)
Would doing this violate the SSL Certificate ‘laws’/ ‘legality’ / ‘structure’ ?
Q2)
(I’ll assume yes to the above.)
Would there be any actual repercussions to users’ browser experience?
Q3)
Any thoughts on how to achieve this?
(I have a notion on how to create the workaround, but always looking for a better idea.)
# # #
Like most I have junk domains I can test this on, just wanted the opinions of the greater community before investing possibly 10s of man hours in the event there’s a simple, “Ah, no, not even possible because of XYZ.”
Hoping everyone is having a great Thanksgiving weekend.
Best,
Michael
For Server {servernameA.com} and Addon Domain {example.com} cPanel issues SSL Client Certificates in the form of:
Code:
Common Name: example.servernameA.com
Containing:
example.com
mail.example.com
www.example.com
example.servernameA.com
www.example.com.servernameA.com
Code:
DNS DCV: The DNS query to “_cpanel-dcv-test-record.example.com”
for the DCV challenge returned no “TXT” record that matches the
value “_cpanel-dcv-test-record=FILTER”.; HTTP DCV: The system queried
for a temporary file at “http://mail.example.com/.well-known/pki-validation/FILTER.txt”,
but the web server responded with the following error: 404 (Not Found).
A DNS (Domain Name System) or web server misconfiguration may exist.
The domain “mail.example.com” resolved to an IP address “FILTER” that
does not exist on this server.
servernameA
Code:
Common Name: example.servernameA.com
Containing:
example.com
mail.example.com
www.example.com
example.servernameA.com
www.example.com.servernameA.com
Code:
Common Name: example.servernameB.com
Containing:
example.com
mail.example.com
www.example.com
example.servernameB.com
www.example.com.servernameB.com
Q1)
Would doing this violate the SSL Certificate ‘laws’/ ‘legality’ / ‘structure’ ?
Q2)
(I’ll assume yes to the above.)
Would there be any actual repercussions to users’ browser experience?
Q3)
Any thoughts on how to achieve this?
(I have a notion on how to create the workaround, but always looking for a better idea.)
# # #
Like most I have junk domains I can test this on, just wanted the opinions of the greater community before investing possibly 10s of man hours in the event there’s a simple, “Ah, no, not even possible because of XYZ.”
Hoping everyone is having a great Thanksgiving weekend.
Best,
Michael
Last edited by a moderator: