Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

SSL subdomain issue

Discussion in 'Security' started by SBGD, Feb 14, 2018.

Tags:
  1. SBGD

    SBGD Registered

    Joined:
    Feb 14, 2018
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    UK
    cPanel Access Level:
    Root Administrator
    I've installed a paid-for SSL certificate for one of the account domains on my VPS. I previously had the AutoSSL certificate on the domain, but I deleted this in order to force the proper certificate to show up. This SSL is not a wildcard certificate.

    My issue now is that the subdomains for cpanel, mail, web disk and webmail are not accessible without getting a security warning.

    I don't see any way to be able to install the SSL certificate on just the www and non-www version of the domain without selecting those subdomains.

    I understand why this is happening, but can I install either an AutoSSL or Lets Encrypt certificate to cover these subdomains, or do we always have to buy a Wildcard SSL?

    Also, I'm now unable to use ftp with this account, it appears to log in but it won't load the directory. Not sure if this is related...

    I'm using CPanel version 68.0.29 on CentOS 6.9.

    Thanks!
     
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,749
    Likes Received:
    1,885
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. SBGD

    SBGD Registered

    Joined:
    Feb 14, 2018
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    UK
    cPanel Access Level:
    Root Administrator
    Thanks, I hadn't seen that screen in CPanel before.

    So I have clicked on the Run AutoSSL button for the subdomains and... nothing happens.

    If I go to Manage AutoSSL screen in WHM, and look at the pending queue, there's nothing there. The messages I get suggest that an AutoSSL certificate will not be issued. There's simply no way to tell what's happening.
     
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,749
    Likes Received:
    1,885
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    Do you see any additional information for this account under the "Logs" interface in "WHM >> Manage AutoSSL"?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. SBGD

    SBGD Registered

    Joined:
    Feb 14, 2018
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    UK
    cPanel Access Level:
    Root Administrator
    Hi here's the log report from the last time I ran AutoSSL

    Code:
    2:09:23 PM This system has AutoSSL set to use “cPanel (powered by Comodo)”.
     2:09:23 PM Checking websites for “myaccount” …
     2:09:23 PM WARN The certificate for the website “mydomain.co.uk” will not contain the domains “mydomain.co.uk” and “www.mydomain.co.uk” because the current configuration excludes these domains. at /usr/local/cpanel/Cpanel/SSL/Auto/Report.pm line 125.
     2:09:23 PM This website’s SSL certificate lacks the following domains: mail.mydomain.co.uk, cpanel.mydomain.co.uk, cpanel.mydomain.co.uk, webdisk.mydomain.co.uk, webdisk.mydomain.co.uk, webmail.mydomain.co.uk, webmail.mydomain.co.uk. AutoSSL will not replace a certificate that an installed AutoSSL provider did not generate unless it expires within 3 days.
     2:09:23 PM The website owned by “myaccount” has a valid SSL certificate.
     2:09:23 PM The system has completed the AutoSSL check for “myaccount”.
     
  6. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,749
    Likes Received:
    1,885
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    Could you open a support ticket using the link in my signature so we can take a closer look at that account?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,749
    Likes Received:
    1,885
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    To update, per the support ticket, in this case the exclusion of the subdomains using "cPanel >> SSL TLS Status" is not a valid solution because the subdomains in-question are actually considered aliases (setup as part of the proxy subdomain feature). Internal case CPANEL-11839 is open to report the issue where AutoSSL doesn't cover aliases if the certificate for the primary domain isn't an AutoSSL certificate. I'll monitor the case and update this thread with more information as it becomes available.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. SBGD

    SBGD Registered

    Joined:
    Feb 14, 2018
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    UK
    cPanel Access Level:
    Root Administrator
    Sorry, I've just spent 15 minutes trying to navigate your support but it just won't let me give you access to the server. I've now lost all the text I've just typed out
    Thank you for updating the thread. If anyone else is ever looking at this, then the issue is that, at this time, if you wish to install a non-AutoSSL certificate and need subdomains such as mail.mydomain.com (for secure email connections) then you will need to install a wildcard SSL.

    For me, I just didn't realise this would be an issue when my client bought their SSL certificate. Lesson learned!
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice