Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Sub domain required for LE certs to be issued?

Discussion in 'Security' started by Kent Brockman, Oct 10, 2017.

Tags:
  1. Kent Brockman

    Kent Brockman Well-Known Member

    Joined:
    Jan 20, 2008
    Messages:
    1,160
    Likes Received:
    5
    Trophy Points:
    68
    Location:
    Buenos Aires, Argentina
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello Michael, I was about to post this as a followup on this thread, but decided that it could become a long talk and may be better to have it separated.

    I'm looking an answer to one specific thing:
    Why does LE require that you have www.sub.domain.com pointing to the same IP when you only need to use sub.domain.com. That's specially an issue when you have to host remote subdomains in a server that is not the DNS manager. When the remote provider points sub.domain.com it's almost logic that they don't point www.sub.domain.com to your IP. So, the AutoSSL logs will fill with a lot of:

    12:05:07 AM WARN The domain “www.sub.domain.com” failed domain control validation: “www.sub.domain.com” does not resolve to any IPv4 addresses on the internet.

    This is also a nightmare that use to happen with domains using lots of subdomains set on Cloudflare.

    Is there any way to skip this requirement for www.sub.domain.com in order to allow issuance of certs for only sub.domain.com?

    Thanks in advance
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,424
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    The "www" alias is setup by default, and thus AutoSSL attempts to setup a certificate for it. As of cPanel version 66, you can exclude subdomains and aliases from the AutoSSL feature for a specific account using the following option in cPanel:

    SSL TLS Status - Version 66 Documentation - cPanel Documentation

    Thank you.
     
    Kent Brockman likes this.
  3. Kent Brockman

    Kent Brockman Well-Known Member

    Joined:
    Jan 20, 2008
    Messages:
    1,160
    Likes Received:
    5
    Trophy Points:
    68
    Location:
    Buenos Aires, Argentina
    cPanel Access Level:
    Root Administrator
    Twitter:
    Thanks for the info, I was unaware of such a functionality. It's great.

    Anyway, and given the previous tests I did, I reached the LE threshold of max requested certs by domain/IP/week :) , so I have to wait a couple more days until I can request the new ones.

    Thanks!
     
    cPanelMichael likes this.
Loading...

Share This Page