Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Installing purchased certificate on proxy subdomain

Discussion in 'Security' started by kerb, Jul 25, 2017.

Tags:
  1. kerb

    kerb Registered

    Joined:
    Jul 25, 2017
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Canada
    cPanel Access Level:
    Root Administrator
    Hello,

    I am attempting to install a purchased certificate on a webmail proxy subdomain, webmail.domain.com (not the real domain, of course). I read that this is recently supported.

    I used WHM to generate the CSR. Now that I have it signed, I go to SSL/TLS -> Install an SSL Certificate on a Domain, and paste in the signed certificate. After clicking the Autofill button, everything fills in correctly. I select the IP address (non-user domains only) and click "Install"

    I receive the following error:
    "The certificate does not support the domain “webmail.domain.com”. It supports these domains: webmail.domain.com and www.webmail.domain.com."

    The certificate was issued by COMODO through Namecheap, which automatically adds the www subdomain so that the certificate is issued for both with and without www. But the certificate definitely supports webmail.domain.com, as indicated in this odd error.

    Is the additional www subdomain throwing things off? Is this a bug? Is there any work-around so I can get this certificate installed?

    Thank you.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,427
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    This is actually the issue related to internal case CPANEL-13308. I updated the post you linked to better match the description of the issue:

    As a workaround, try manually creating "webmail" as a subdomain via cPanel for this account and then try installing the SSL certificate again.

    Thank you.
     
  3. kerb

    kerb Registered

    Joined:
    Jul 25, 2017
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Canada
    cPanel Access Level:
    Root Administrator
    Thanks for your reply, and for updating the other post to clarify.

    I tried creating the subdomain and installing the certificate - the certificate went ok then, but then the proxy subdomain stopped working. Going to webmail.domain.com just showed a directory listing of the subdomain directory (just cgi-bin in this case), and not the webmail login. I deleted the subdomain and it went back to showing webmail again, but also back to the wrong certificate.

    The actual scenario we are trying to resolve is one I hope will be fixed with CPANEL-13308 anyway. We have the primary domain, domain.com, pointing to a different server that hosts a webapp for that domain. But the cPanel server still handles mail, and we want the customer to be able to use webmail.domain.com. AutoSSL of course fails to validate the primary domain since it points to another server, but it seems to give up and not try to validate any of the subdomains (which DO point to the cPanel server and would validate just fine).

    Basically, we want customers who have primary domains pointing to other servers to still be able to use their proxy subdomains for things like webmail, with proper certificates (preferably through AutoSSL, but purchasing is fine too). Am I correct in my understanding that CPANEL-13308 will allow this when fixed?

    Thanks again.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,427
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    A resolution has not yet been decided in CPANEL-13308, but yes, it's opened to report the exact issue you have described. I'll update the other thread with more information on the status of that case as it becomes available.

    Thank you.
     
Loading...

Share This Page