SSL certificate for mail server only (A record is pointed elsewhere)

Operating System & Version
CentOS v7.9.2009 STANDARD
cPanel & WHM Version
106.0.15
M

Mothership

Member
Apr 9, 2012
6
1
53
cPanel Access Level
Root Administrator
We have a cPanel account where the A record and WWW are pointed elsewhere. Currently, there's a LetsEncrypt certificate that is expiring in 7 days, that covers the domain and all subdomains. AutoSSL will not renew the certificate, because the A and www fail DCV.

Is there a way we can still use AutoSSL to provide a certificate for the remaining subdomains? mail.*domain*.com and cpanel.*domain*.com are the most important.

Also; if I probe the mail server for SSL for mail.*domain.com*,

openssl s_client -showcerts -connect mail.*domain.com*:993

it serves up the server's own hostname certificate, rather than the certificate for mail.*domain.com*. Is this expected behaviour?

Thanks for any and all help.
 
Last edited by a moderator:
F

ffeingol

Well-Known Member
PartnerNOC
Nov 9, 2001
855
366
363
cPanel Access Level
DataCenter Provider
Is it failing because the "A" and "www" fail or is it failing because of "reduced coverage" (i.e. the cert used to cover more things that it does not)? If it's reduced coverage, try going to SSL/TLS Coverage in the cPanel account and disabling the things you don't host. Then try running auto-SSL again.
 
  • Like
Reactions: cPRex
M

Mothership

Member
Apr 9, 2012
6
1
53
cPanel Access Level
Root Administrator
The error is:

The web server responded with the following error: 404 (Not Found). A DNS (Domain Name System) or web server misconfiguration may exist. The domain “*domain.com*” resolved to an IP address “xx.xx.xx.xx that does not exist on this server.

I can't find SSL/TLS Coverage in cPanel. I'm sure I've seen it previously, but can't see it any longer. There is:

SSL/TLS
SSL/TLS Wizard
SSL/TLS Status

None of which seem to have SSL coverage.

Thanks.
 
F

ffeingol

Well-Known Member
PartnerNOC
Nov 9, 2001
855
366
363
cPanel Access Level
DataCenter Provider
Sorry, it's SSL/TLS Status On that page you should see all the domain/sub-domain names. There should be checkboxes in front of them and you can Exclude (disable) the ones that you don't host.
 
  • Like
Reactions: cPRex
M

Mothership

Member
Apr 9, 2012
6
1
53
cPanel Access Level
Root Administrator
I may have to open a ticket for this one. There's no checkbox for each subdomain - only the parent one, and the 'exclude' button is grayed out.

If I check other domains, they do have the expected checkboxes.

Thanks for the help. Appreciated.
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
S Email and FTP broken after notification of free cPanel-signed hostname SSL certificate installation Security 3
N Configure AutoSSL to exclude mail. and www. certificates? Security 4
I SSL Certificates for Mail Only clients Security 3
S SOLVED Thunderbird Email - SSL Certificate error with Lets Encrypt Security 3
W Stop AutoSSL notification emails - "The SSL certificate expires on ..." Security 10
Similar threads
Email and FTP broken after notification of free cPanel-signed hostname SSL certificate installation
Configure AutoSSL to exclude mail. and www. certificates?
SSL Certificates for Mail Only clients
SOLVED Thunderbird Email - SSL Certificate error with Lets Encrypt
Stop AutoSSL notification emails - "The SSL certificate expires on ..."
Top Bottom