Purchasing OV/EV SSL on account with Alias Domains

rinkleton

Well-Known Member
Jul 16, 2015
108
4
68
Cleveland
cPanel Access Level
Root Administrator
I'm sure this has been asked before, but after an hour of searching I couldn't find anything about it... so sorry if it's a duplicate.

If you have an account example1.com and parked on it is example2.com, then you purchase a OV/EV for example1.com - this will cause https://example2.com to get an insecure warning, correct? This will happen even if example1.com is excluded from autossl since they are in the same VHOST and that can only have 1 ssl in it.

Is the only solution to unpark all the alias domains and re-add them as addon domains so they get their own VHOST? My concern with this is that you will lose any custom DNS entries for example2.com and you'll have to re-add those too. What else will be lost? As far as I can tell email accounts will persist.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,216
463
Hello,

For a third-party commercial SSL certificate, yes, you'd need to remove the alias and add the domain name as an addon domain so it has it's own virtual host. DNS zone data would need to be noted/backed up if it's been customized, but email account data will remain per the information at:

Aliases - Documentation - cPanel Documentation

Note this doesn't apply to certificates issued via the AutoSSL feature, as AutoSSL will automatically includes alias domain names as part of the list of domain names the certificate covers.

Thank you.
 

rinkleton

Well-Known Member
Jul 16, 2015
108
4
68
Cleveland
cPanel Access Level
Root Administrator
Thanks. That clears a lot up. But when you say "third-party," you're also including cpanel's OV and DV certs in that group too? Would it be more accurate to say "all non-autossl" certs?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,216
463
Thanks. That clears a lot up. But when you say "third-party," you're also including cpanel's OV and DV certs in that group too? Would it be more accurate to say "all non-autossl" certs?
That's correct. Non-AutoSSL certificates is a better term in this case.

Thanks!