Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Why doesn't SSL cover webmail, mail, cpanel, whm subdomains?

Discussion in 'General Discussion' started by MrCanada, Jan 29, 2018.

  1. MrCanada

    MrCanada Registered

    Joined:
    Dec 23, 2017
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Canada
    cPanel Access Level:
    Root Administrator
    Hello. I installed SSL on my domain (example.com) which also works if you go to www.example.com. My problem is, when I try to go to the following subdomains which I need for management and sending emails, it will throw a security warning because SSL is not working on them. Here is a picture of it in my cpanel:

    [​IMG]

    I thought when I installed SSL it would at least cover the standard subdomains like cpanel, whm, webmail, mail.

    cpanel.mydomain.com
    whm.mydomain.com
    webmail.mydomain.com
    mail.mydomain.com

    What are my options? Do I really have to buy an expensive wildcard SSL just to put SSL on these subdomains so I can do things like access cpanel, whm, webmail, mail securely?
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    41,455
    Likes Received:
    1,608
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
  3. linux4me2

    linux4me2 Well-Known Member

    Joined:
    Aug 21, 2015
    Messages:
    185
    Likes Received:
    38
    Trophy Points:
    28
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    I'm still using WHM 68, but I have noticed lately that when a new account is added in WHM, and AutoSSL is enabled for the user in Manage AutoSSL, the main domain is provided with a certificate, but the subdomains webdisk, webmail, cpanel, and autodiscover are not. If I look at the AutoSSL logs, there will be an error regarding the subdomains not being resolved, and the red, unlocked padlocks appear by the domains in Manage SSL Hosts as the OP shows in his image.

    The workaround I use is to edit the DNS zone for the affected user, adding A records for each unsecured subdomain (they are apparently not added to the DNS record when the user account is created) using the IP for the domain. The next time AutoSSL runs, the certificates are added, the errors in the logs go away, and all is good.

    I think the issue is not with AutoSSL, but that the subdomains aren't being added to the DNS Zones when an account is created, so when AutoSSL tries to add the certificates, it is unable to resolve the subdomains.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    41,455
    Likes Received:
    1,608
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Check to make sure the following options are enabled under the "Domains" tab in "WHM >> Tweak Settings" on this system:

    Proxy subdomains
    Proxy subdomain creation


    Additionally, for your existing domain names, you can run the following command to add the missing DNS entries:

    Code:
    /scripts/proxydomains add --ifenabled
    Note that in cPanel version 70, we automatically complete a one time check on the server to check for missing proxy subdomain entries:

    Fixed case CPANEL-17258: Do a one time check for missing proxy subdomains.

    Thank you.
     
    linux4me2 likes this.
  5. linux4me2

    linux4me2 Well-Known Member

    Joined:
    Aug 21, 2015
    Messages:
    185
    Likes Received:
    38
    Trophy Points:
    28
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    In my case, proxy subdomain creation was disabled in WHM -> Tweak Settings -> Domains.
     
    cPanelMichael likes this.
Loading...

Share This Page