Mail Server SSL cert

M

Monto

Member
Jul 5, 2017
16
2
3
Australia
cPanel Access Level
Root Administrator
I am using autoSSL on my server, cpanel 66.

On a domain which had an Autossl DV cert installed, I installed a purchased EV cert.

However, it doesn't cover mail.domain.com, only domain.com and the EV is the only cert still active.

I have found that my email works by using domain.com instead of mail.domain.com as the mailserver hostname in my email client.

Is this good practice, or is there any reason not to, being as how all tutorials seem to show using a FQDN like mail.domain.com or server.domain.com?

Or am I better off creating a subdomain called mail.domain.com so I can have a separate DV cert on that subdomain, and if so will autossl do that?

Thanks for any advice.
 
Nicholas-MAH

Nicholas-MAH

Member
Sep 13, 2017
20
2
3
Brisbane, Queesland Australia
cPanel Access Level
Root Administrator
Twitter
@Monto an EV SSL is a much higher level of SSL than standard SSls as I am sure you know. The reason why you are now having to use domain.com instead of mail.domain.com is due to the fact that the EV SSL is unable to support sub-domains by default.

In order to support mail.domain.com, you would require a Wild Card SSL, however for an EV Wild Card, no such SSL exists but a great workaround is by using an EV UCC SSL, more info can be found here.

Also in regard to is this good practice or not, I have customers that prefer to use mail.domain.com however in my personal opinion I do not believe that it affects much at all.

Regards,
Nick.
 
M

Monto

Member
Jul 5, 2017
16
2
3
Australia
cPanel Access Level
Root Administrator
Hi Nick,

Thanks for that. You last sentence is the most helpful - I am really just trying to make sure there are no gotchas using only the domain name as mail server name in an email client, I previously thought it always had to be a three part name, as in something.something.com rather than something.com

But something.com is receiving and sending mail for me. If someone can show cause that this is a problem I can revert to using the server hostname instead.

Thanks for your input.
 
cPanelMichael

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,880
2,267
463
Hello,

Yes, to confirm, it's acceptable to use "domain.tld" in your email client instead of "mail.domain.tld". Additionally, in cPanel version 66, you can now exclude subdomains such as "mail.domain.tld" from AutoSSL using the SSL/TLS Status option in cPanel:

SSL TLS Status - Version 66 Documentation - cPanel Documentation

Thank you.
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
Rogerio SSL errors receiving emails from other servers Email 8
J Mailserver does not enforce SSL ciphersuite order preference Email 3
L Configure server so domains are using their own domains for mail over SSL? Email 8
E Installing SSL for Email server Email 1
Arvy Correct way to configure email programs (SSL + moving servers) Email 3
Similar threads
SSL errors receiving emails from other servers
Mailserver does not enforce SSL ciphersuite order preference
Configure server so domains are using their own domains for mail over SSL?
Installing SSL for Email server
Correct way to configure email programs (SSL + moving servers)
Top Bottom