Why doesn't SSL cover webmail, mail, cpanel, whm subdomains?

M

MrCanada

Member
Dec 23, 2017
11
1
3
Canada
cPanel Access Level
Root Administrator
Hello. I installed SSL on my domain (example.com) which also works if you go to www.example.com. My problem is, when I try to go to the following subdomains which I need for management and sending emails, it will throw a security warning because SSL is not working on them. Here is a picture of it in my cpanel:

- Removed -

I thought when I installed SSL it would at least cover the standard subdomains like cpanel, whm, webmail, mail.

cpanel.mydomain.com
whm.mydomain.com
webmail.mydomain.com
mail.mydomain.com

What are my options? Do I really have to buy an expensive wildcard SSL just to put SSL on these subdomains so I can do things like access cpanel, whm, webmail, mail securely?
 
L

linux4me2

Well-Known Member
Aug 21, 2015
259
80
78
USA
cPanel Access Level
Root Administrator
I'm still using WHM 68, but I have noticed lately that when a new account is added in WHM, and AutoSSL is enabled for the user in Manage AutoSSL, the main domain is provided with a certificate, but the subdomains webdisk, webmail, cpanel, and autodiscover are not. If I look at the AutoSSL logs, there will be an error regarding the subdomains not being resolved, and the red, unlocked padlocks appear by the domains in Manage SSL Hosts as the OP shows in his image.

The workaround I use is to edit the DNS zone for the affected user, adding A records for each unsecured subdomain (they are apparently not added to the DNS record when the user account is created) using the IP for the domain. The next time AutoSSL runs, the certificates are added, the errors in the logs go away, and all is good.

I think the issue is not with AutoSSL, but that the subdomains aren't being added to the DNS Zones when an account is created, so when AutoSSL tries to add the certificates, it is unable to resolve the subdomains.
 
cPanelMichael

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,880
2,260
463
Hello,

Check to make sure the following options are enabled under the "Domains" tab in "WHM >> Tweak Settings" on this system:

Proxy subdomains
Proxy subdomain creation

Additionally, for your existing domain names, you can run the following command to add the missing DNS entries:

Code: 
/scripts/proxydomains add --ifenabled
Note that in cPanel version 70, we automatically complete a one time check on the server to check for missing proxy subdomain entries:

Fixed case CPANEL-17258: Do a one time check for missing proxy subdomains.

Thank you.
 
  • Like
Reactions: linux4me2
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
M Sectigo AutoSSL doesn't renew domain Security 3
F SOLVED AutoSSL doesn't work Security 3
BlueSteam [CPANEL-22039] AutoSSL doesn't cover Service Subdomains when parent domain uses third-party cert Security 12
B Potential reduced AutoSSL coverage for subdomain that doesn't exist? Security 4
B SOLVED AutoSSL doesn't pick up my hostname? Security 2
Similar threads
Sectigo AutoSSL doesn't renew domain
SOLVED AutoSSL doesn't work
[CPANEL-22039] AutoSSL doesn't cover Service Subdomains when parent domain uses third-party cert
Potential reduced AutoSSL coverage for subdomain that doesn't exist?
SOLVED AutoSSL doesn't pick up my hostname?
Top Bottom