Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to Get Rid of www, mail, ftp CNAME records in DNS?

Discussion in 'General Discussion' started by jazee, Nov 4, 2017.

Tags:
  1. jazee

    jazee Well-Known Member

    Joined:
    Jan 12, 2015
    Messages:
    80
    Likes Received:
    1
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    In many cases, you want to host a domain but you don't need the www, mail, or ftp prefixes. It appears WHM puts these in the DNS zone record for the domain whether you want them or not. This in turn creates issues with AutoSSL because it is trying to get a certificate that works for all hostnames in the domain's zone record and all my domains use an external DNS that I'm not going to add CNAME records to for host names I'm not using. I can view and edit details of these CNAME records from the WHM interface but I can't find out how to delete the record all together?
     
  2. sawbuck

    sawbuck Well-Known Member

    Joined:
    Jan 18, 2004
    Messages:
    1,370
    Likes Received:
    5
    Trophy Points:
    168
    cPanel Access Level:
    Root Administrator
    WHM > DNS Functions > Delete a DNS Zone
     
  3. jazee

    jazee Well-Known Member

    Joined:
    Jan 12, 2015
    Messages:
    80
    Likes Received:
    1
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    I'm curious why WHM creates the zone anyway when you create a new account and specify you are using external nameservers? If there's no need for it, then why create it in the first place?

    This makes me think, why theoretically if DNS for the account is not being handled on the WHM server, you should indeed be able to delete the zone with no negative effect. But are we sure about this?

    Let's say I have an account, and the only address I need to host is special.mydomain.com not www. not mail. just special. I need AutoSSL for just special.mydomain.com. So the account is created with the name special.mydomain.com (not mydomain.com) and DNS is hosted for mydomain.com at 3rd party server. If I delete the entire zone file on WHM for that account will AutoSSL still try to install a cert for special.mydomain.com?
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    42,715
    Likes Received:
    1,705
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Several functions of cPanel/WHM rely on the existence of the zone even when the local name server isn't utilized. For instance, this allows administrators to utilize features such as SPF/DKIM creation within cPanel (for use to determine which specific records to add to the remote DNS host), and allows administrators to convert from using a remote DNS server to a local DNS server. It also allows for the successful transfer of cPanel accounts from a server without local DNS hosting to a server with local DNS servers.

    Rather than deleting the zone records, you should instead exclude those domain names from the AutoSSL feature using the following option in cPanel:

    SSL TLS Status - Version 68 Documentation - cPanel Documentation

    Thank you.
     
  5. jazee

    jazee Well-Known Member

    Joined:
    Jan 12, 2015
    Messages:
    80
    Likes Received:
    1
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    The problem is there are cases where you just want to host a website and nothing else. I used a domain I have for testing and deleted the zone file. It is just for hosting a website at www.mydomain.com. However, even with no local zone file, AutoSSL tries to verify mail.mydomain.com, webmail.mydomain.com, webdisk.mydomain.com, and cpanel.mydomain.com when I have none of those hosts in my DNS.

    It seems to me it would be logical for WHM to ignore those hostnames if I selected remote mail exchanger and remote DNS when I setup the domain (which I did), UNLESS those hostnames have a DNS record in the remote DNS. Furthermore, in a standard setup for an account, in fact we all know, 99% of the time all those hostnames point to the same IP anyway so have different domain names for those services is sort of useless.
     
    #5 jazee, Nov 7, 2017
    Last edited: Nov 7, 2017
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    42,715
    Likes Received:
    1,705
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    That's not correct. The option allows you to exclude AutoSSL on specific subdomains or domain names.

    Is there a specific reason you need to delete the DNS zone? It's existence shouldn't actually cause any harm, and it's required for certain aspects of cPanel/WHM to function.

    Thank you.
     
  7. jazee

    jazee Well-Known Member

    Joined:
    Jan 12, 2015
    Messages:
    80
    Likes Received:
    1
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Thank you for pointing this out. I failed to notice this was the SSL/TLS within the account control panel, not WHM. Problem solved.

    However I don't think WHM by default should be trying to get SSL certs for things like webmail. mail. when the user selected Remote Mail Exchanger to begin with.

    What a pain to go through 20 accounts to add all those exclusions.
     
    #7 jazee, Nov 7, 2017
    Last edited: Nov 7, 2017
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    42,715
    Likes Received:
    1,705
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    I encourage you to submit a feature request for the ability to automatically disable all email-related subdomains as part of the AutoSSL functionality:

    Submit A Feature Request

    Thank you.
     
  9. jazee

    jazee Well-Known Member

    Joined:
    Jan 12, 2015
    Messages:
    80
    Likes Received:
    1
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Here's the issue I'm left with. I exclude all the unused subdomains and AutoSSL still generates warnings about the subdomains being excluded instead of not being able to be verified. What happens is the default email notifications will send an email with these type of AutoSSL warnings. So I turned it off before and was hoping to turn it back on. I just want to receive email warning when AutoSSL can't replace/renew a cert for a domain/subdomain that is NOT excluded. Is that possible? If not then I'm stuck either getting a bunch of unnecessary (in my opinion) notifications or not getting any at all including the ones that matter.

    Wait... I just got an email for a domain that it couldn't renew that also had domains excluded. So it appears excluded domains won't trigger an email. Can someone confirm this is true?
     
  10. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    42,715
    Likes Received:
    1,705
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    You can browse to "cPanel >> Contact Information" to control which AutoSSL notifications are enabled on the account. As of cPanel 68, this includes:

    AutoSSL has renewed a certificate. The system will notify you when it has installed an AutoSSL certificate.
    AutoSSL cannot add any additional domains because domains that fail validation exist on the current certificate
    AutoSSL cannot renew a certificate because domains that fail validation exist on the current certificate.
    AutoSSL certificate expiry. The system will notify you if an AutoSSL certificate will expire soon.
    SSL certificate expiry. The system will notify you if a non-AutoSSL certificate will expire soon.

    In cPanel 68, you should not receive an email notification for domain names excluded from AutoSSL, however you may see a reference to those excluded domain names in the notification if AutoSSL cannot install or renew a certificate for a non-excluded domain name. Let us know if you are experiencing behavior different to this.

    Thank you.
     
  11. jazee

    jazee Well-Known Member

    Joined:
    Jan 12, 2015
    Messages:
    80
    Likes Received:
    1
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Yes, I see in 68 some of these past headaches around AutoSSL have been addressed. Great progress!
     
    cPanelMichael likes this.
Loading...

Share This Page