The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Wildcard SSL certificate for several subdomains on same IP Address

Discussion in 'General Discussion' started by veronicabend, Jul 9, 2015.

  1. veronicabend

    veronicabend Well-Known Member

    Joined:
    Feb 25, 2005
    Messages:
    52
    Likes Received:
    0
    Trophy Points:
    6
    Hello!

    Is it possible to purchase a certificate for *.domain.com, install it on server for this domain which is on its own ip address, and have the certificate work for all subdomains on that same IP? Will it protect www.domain.com and also a.domain.com and b.domain.com ? In a way that if you access https://b.domain.com it works without redirecting to https://www.domain.com?

    I would like to know if this is possible, and how I should set up SSL for it to work.

    Thanks.
     
  2. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    941
    Likes Received:
    56
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    I haven't set one up in a while, but if correctly installed then yes a wildcard cert is valid for all subdomains.
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,789
    Likes Received:
    665
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  4. swbrains

    swbrains Active Member

    Joined:
    Sep 13, 2006
    Messages:
    40
    Likes Received:
    2
    Trophy Points:
    8
    Hello cPanelMichael,

    I'm also looking into installing a wildcard SSL cert on my cPanel server (Centos 7). I would like to install that wildcard cert once and have it work for all subdomains under my main domain. I was also told by a server admin that it needed to be installed manually for each subdomain, but reading the following thread in which you responded:
    Wildcard SSL certificate on wildcard subdomain (reference your reply to user "vanessa")
    it sounds like it may be possible to create a wildcard DNS entry for "*" in my main domain's DNS and install the wildcard cert once to cover all subdomains.

    Can you clarify if this is indeed possible, and if so, provide additional detail regarding the specific installation steps necessary to have a *single installation* of a wildcard cert work for all current and future subdomains of the main domain?
    Thanks!
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,789
    Likes Received:
    665
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    This is in reference to a wildcard SSL certificate with a wildcard subdomain. Typically, wildcard subdomains are used to direct requests to any subdomain associated with a domain name to a single location. Thus, if you wanted individual subdomains with their own content, you would have to install the wildcard certificate on each individual subdomain.

    Note that you may find interest in the AutoSSL feature in cPanel 58 as an alternative to this, as it installs certificates for subdomains as well:

    Manage AutoSSL - Documentation - cPanel Documentation

    Thank you.
     
  6. swbrains

    swbrains Active Member

    Joined:
    Sep 13, 2006
    Messages:
    40
    Likes Received:
    2
    Trophy Points:
    8
    AutoSSL looks very intriguing, but now I have some additional questions about this feature:

    From what I read, it seems that it will only automatically install a new SSL cert if there is already an expiring one on that account, correct? If this is not the case, will AutoSSL actually generate/install a new SSL cert for all accounts (up to it's limits) after it is enabled, even accounts that don't currently have an SSL cert installed on them?

    It appears there are limits (200 for cPanel-provided certs) to the number of domains that can be provided with a free certificate. What about 300 subdomains using the same wildcard cert? Would that count as one cert or is it based on the number of installations?
    Is there an option to tell AutoSSL to use a single wildcard cert for all subdomain accounts rather than to generate a new cert?
    What if I already have a valid wildcard cert? Can AutoSSL use that to avoid hitting its limit?

    Are the free certs from cPanel/AutoSSL "self-signed" or will they be natively recognized by most major browsers?

    Thanks!
     
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,789
    Likes Received:
    665
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    It will in-fact attempt to install a certificate on domain names without existing SSL certificates. It will not attempt to replace pre-existing valid certificates that expire in more than three days.

    AutoSSL does not utilize wildcard SSL certificates. Domain names that use valid existing SSL certificates (including wildcard SSL certificates) are automatically skipped and not counted towards the limit.

    AutoSSL will not issue wildcard SSL certificates.

    These are signed certificates that major browsers will recognize.

    Thank you.
     
  8. swbrains

    swbrains Active Member

    Joined:
    Sep 13, 2006
    Messages:
    40
    Likes Received:
    2
    Trophy Points:
    8
    Thanks for the quick and thorough response! I guess my use case (600+ accounts with about 400+ using subdomains (rather than registered domains) for their account, I would have trouble if I enabled it as it would hit its limit due to trying to install all the subdomains from new, individually-generated certs for each one.

    So even though AutoSSL won't issue a new wildcard cert, is there a way to have it use the valid wildcard cert I already installed on one of my subdomains (to test it)?
     
  9. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,789
    Likes Received:
    665
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    There's no native option to have it issue your own custom wildcard certificate for each subdomain under the account at this time. However, the following document explains how to install a SSL certificate via the command line using WHM API 1:

    https://documentation.cpanel.net/display/SDK/WHM+API+1+Functions+-+installssl

    You could develop a custom script that installs the certificate for multiple subdomains using this API function if you are comfortable doing so.

    Thank you.
     
  10. swbrains

    swbrains Active Member

    Joined:
    Sep 13, 2006
    Messages:
    40
    Likes Received:
    2
    Trophy Points:
    8
    Thanks. I have written cPanel API code before so I could generate a script that installs my cert on the subdomain accounts initially.

    But I imagine I'll still run into trouble when it expires, as AutoSSL will generate a new cert for the first 200 subdomains and then stop updating, leaving me with some accounts up to date, and others expired, with potentially no easy way to determine quickly which ones were not updated successfully due to the limit.
     
  11. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,789
    Likes Received:
    665
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    You can disable the AutoSSL feature on an account to prevent this from happening via:

    "WHM Home » SSL/TLS » Manage AutoSSL >> Manage Users"

    Thank you.
     
Loading...

Share This Page