Wildcard SSL certificate not working for email

cyberchimps

Member
Mar 18, 2011
11
0
51
I purchased a wildcard SSL certificate for one of the domains on our server thinking it would also cover the mail.domain.com as well. That account is running on a dedicated static IP and our server is using a shared IP. After getting that SSL cert installed for that domain I discovered that the mail server is still using the shared IP of the server so my presumptions were obviously false.

I did some searching around and found out that you can install certs for individual services (IMAP, POP, SMTP, FTP), but that just raised more questions than answers for me.

Seeing as the server is using a shared IP can I still install certificates for these services so our mail server won't generate a warning? I was under the impression that SSL certs require a non-shared IP. Also, would I have to use unique certificates for each service (POP, IMAP, etc)?

Furthermore, accessing domain.com:2083 for cPanel is also throwing warnings saying the cert cannot be verified.

Any help/documentation you could refer me to would be very helpful, thank you.
 
Last edited:

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,607
40
348
somewhere over the rainbow
cPanel Access Level
Root Administrator
The non-Apache services using SSL certificates are handled in WHM > Manage Service SSL Certificates area. This includes cPanel/WHM/Webmail, FTP, Dovecot / Courier, and Exim. If the certificate is not for the main hostname of the machine or a wildcard off the main domain which has the hostname, then you would not want to install it there for that domain. Of note, only one SSL can be installed for each of these non-Apache services at this current time.
 

cyberchimps

Member
Mar 18, 2011
11
0
51
Thank you for the response, this is starting to make sense for me now. Perhaps if I explain the exact setup I have going on here you can help point me in the right direction.

The server's hostname is centos and the main IP we'll call IP1. IP1 has a couple cpanel accounts using it in addition to being the access point to WHM/cPanel. IP2 is a second dedicated static IP we got from Rackspace (our hosting company) to use for the main website we run on this server. This is the domain I got the wildcard SSL cert for thinking it would cover mail.domain.com

Our hosts file is as follows (I keep changing it but the second line keeps getting overridden by some service so perhaps this file isn't set up properly either).

127.0.0.1 localhost localhost.localdomain
# IP2 centos centos
IP1 centos centos

So to summarize the IP usage:

IP1 shared server IP, used to access cPanel/WHM and hosts two cPanel accounts
IP2 dedicated static IP used for the cpanel account that hosts our company website, has wildcard SSL cert installed.

Now that I've explained the setup, how can I go about getting these non-Apache services using SSL certificates? How I can I get an SSL certificate for IP1 seeing as it's currently being shared? One of the cpanel accounts using the shared IP can be deleted but we need the other one and now I can't move it to IP2 because of the SSL cert being used for the domain on that cpanel account.

Do I essentially need a third IP to use for everything else so the server's primary IP can be free to use for SSL or is there a way around this?

Also, if I can get an SSL cert for IP1 can that cert be used for all services? Does that have to be a wildcard cert as well?

Thank you very much for your help.
 

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,607
40
348
somewhere over the rainbow
cPanel Access Level
Root Administrator
The service non-Apache SSLs in WHM > Manage Service SSL Certificates uses the shared IP of the machine and that machine's hostname. You do not need a dedicated IP for it and, in fact, it won't use a dedicated IP. These services would normally be using the hostname SSL. You'd install an SSL for the hostname there, which if the wildcard also covered the hostname (centos.yourmaindomain.com) could be used.