How to Get Rid of www, mail, ftp CNAME records in DNS?

In many cases, you want to host a domain but you don't need the www, mail, or ftp prefixes. It appears WHM puts these in the DNS zone record for the domain whether you want them or not. This in turn creates issues with AutoSSL because it is trying to get a certificate that works for all hostnames in the domain's zone record and all my domains use an external DNS that I'm not going to add CNAME records to for host names I'm not using. I can view and edit details of these CNAME records from the WHM interface but I can't find out how to delete the record all together?

 

I'm curious why WHM creates the zone anyway when you create a new account and specify you are using external nameservers? If there's no need for it, then why create it in the first place?

This makes me think, why theoretically if DNS for the account is not being handled on the WHM server, you should indeed be able to delete the zone with no negative effect. But are we sure about this?

Let's say I have an account, and the only address I need to host is special.mydomain.com not www. not mail. just special. I need AutoSSL for just special.mydomain.com. So the account is created with the name special.mydomain.com (not mydomain.com) and DNS is hosted for mydomain.com at 3rd party server. If I delete the entire zone file on WHM for that account will AutoSSL still try to install a cert for special.mydomain.com?

 

The problem is there are cases where you just want to host a website and nothing else. I used a domain I have for testing and deleted the zone file. It is just for hosting a website at www.mydomain.com. However, even with no local zone file, AutoSSL tries to verify mail.mydomain.com, webmail.mydomain.com, webdisk.mydomain.com, and cpanel.mydomain.com when I have none of those hosts in my DNS.

It seems to me it would be logical for WHM to ignore those hostnames if I selected remote mail exchanger and remote DNS when I setup the domain (which I did), UNLESS those hostnames have a DNS record in the remote DNS. Furthermore, in a standard setup for an account, in fact we all know, 99% of the time all those hostnames point to the same IP anyway so have different domain names for those services is sort of useless.

 

Thank you for pointing this out. I failed to notice this was the SSL/TLS within the account control panel, not WHM. Problem solved.

However I don't think WHM by default should be trying to get SSL certs for things like webmail. mail. when the user selected Remote Mail Exchanger to begin with.

What a pain to go through 20 accounts to add all those exclusions.

 

Here's the issue I'm left with. I exclude all the unused subdomains and AutoSSL still generates warnings about the subdomains being excluded instead of not being able to be verified. What happens is the default email notifications will send an email with these type of AutoSSL warnings. So I turned it off before and was hoping to turn it back on. I just want to receive email warning when AutoSSL can't replace/renew a cert for a domain/subdomain that is NOT excluded. Is that possible? If not then I'm stuck either getting a bunch of unnecessary (in my opinion) notifications or not getting any at all including the ones that matter.

Wait... I just got an email for a domain that it couldn't renew that also had domains excluded. So it appears excluded domains won't trigger an email. Can someone confirm this is true?

 

Yes, I see in 68 some of these past headaches around AutoSSL have been addressed. Great progress!