Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Sub domain required for LE certs to be issued?

Discussion in 'Security' started by Kent Brockman, Oct 10, 2017.

Tags:
  1. Kent Brockman

    Kent Brockman Well-Known Member

    Joined:
    Jan 20, 2008
    Messages:
    1,178
    Likes Received:
    6
    Trophy Points:
    168
    Location:
    Buenos Aires, Argentina
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello Michael, I was about to post this as a followup on this thread, but decided that it could become a long talk and may be better to have it separated.

    I'm looking an answer to one specific thing:
    Why does LE require that you have www.sub.domain.com pointing to the same IP when you only need to use sub.domain.com. That's specially an issue when you have to host remote subdomains in a server that is not the DNS manager. When the remote provider points sub.domain.com it's almost logic that they don't point www.sub.domain.com to your IP. So, the AutoSSL logs will fill with a lot of:

    12:05:07 AM WARN The domain “www.sub.domain.com” failed domain control validation: “www.sub.domain.com” does not resolve to any IPv4 addresses on the internet.

    This is also a nightmare that use to happen with domains using lots of subdomains set on Cloudflare.

    Is there any way to skip this requirement for www.sub.domain.com in order to allow issuance of certs for only sub.domain.com?

    Thanks in advance
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,633
    Likes Received:
    1,787
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    The "www" alias is setup by default, and thus AutoSSL attempts to setup a certificate for it. As of cPanel version 66, you can exclude subdomains and aliases from the AutoSSL feature for a specific account using the following option in cPanel:

    SSL TLS Status - Version 66 Documentation - cPanel Documentation

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    Kent Brockman likes this.
  3. Kent Brockman

    Kent Brockman Well-Known Member

    Joined:
    Jan 20, 2008
    Messages:
    1,178
    Likes Received:
    6
    Trophy Points:
    168
    Location:
    Buenos Aires, Argentina
    cPanel Access Level:
    Root Administrator
    Twitter:
    Thanks for the info, I was unaware of such a functionality. It's great.

    Anyway, and given the previous tests I did, I reached the LE threshold of max requested certs by domain/IP/week :) , so I have to wait a couple more days until I can request the new ones.

    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    cPanelMichael likes this.
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice