Allow to make certificate for subdomains like cPanel.example.com and mail.Example.com

Tim Zandbergen shared this idea 8 months ago
Pre-Release

As a server administrator, and user, I would like to see the cPanel's AutoSSL (including the Let's Encrypt plugin) also add SSLs for each domain on the cPanel-provided proxy subdomains (webmail.example.com, cpanel.example.com and mail.example.com), whether served through Apache or Exim/Dovecot.

I would also like to be able to manually install SSLs that support the proxy subdomains, in the event that I've purchased an SSL that supports the proxy subdomains.

Best Answer
photo

This was implemented in v63/v64 which is now available in EDGE. Additional details will be available in the release notes once v64 is published to the CURRENT tier.

  • Implemented case CPANEL-10694: AutoSSL for proxy subdomains.

Comments (12)

photo
3

This is partially complete in version 60, which just entered the CURRENT tier, with the implementation of SNI support in the cPanel service daemons. Proxy subdomains for cPanel, webmail, and WHM are not yet included, but mail is. You can read more about that here:

https://documentation.cpanel.net/display/ALD/60+Release+Notes

If you have any questions, feel free to follow your typical support path, or send me an email.

photo
3

Is there a timeline for SNI on proxy subdomains? Having https://webmail.domain.tld with no port required, and auto-redirects from /webmail, would be GREAT.

photo
2

+1 for https://webmail.domain.tld

We often have customers who can't access ports above 1024 and give them https://webmail.domain.tld, they then have to accept the certificate.

I would be very nice for https://webmail.domain.tld to work without getting an insecure certificat warning.

photo
1

Not a good idea at all. We sell thousands of dollars a year in SSL certificates. The requirement should be that the cp user have a wildcard cert purchased from their provider before that feature works.

photo
5

You can always disable AutoSSL in your WHM. Requesting a feature NOT to be implemented because someone somewhere charges extra for basic security features is a very bad idea.

photo
5

The idea that security should be held to ransom makes everything less secure for everyone.

photo
1

This feature request also covers manually installing certificates to services. Nobody is forcing you to enable AutoSSL. I hope that you realize that the internet will be a better place if everything is secure, though. And maybe start looking into other sources of revenue to make up for lost SSL revenue.

photo
photo
2

Good news everyone! Proxy subdomains support is nearly completed for v64 and should merge later next week. Once it's in a public build I'll let everyone know!

photo
1

That’s wonderful news indeed! Thanks for letting us know. :)

photo
photo
1

Any update? :)

photo
2

No real update yet! The code was merged in to version 64, but there are no public releases of 64 yet. We're hoping to publish a version of 64 to EDGE this week, but don't have a firm date yet. As soon as we do I'll let everyone know!

photo
photo
2

This was implemented in v63/v64 which is now available in EDGE. Additional details will be available in the release notes once v64 is published to the CURRENT tier.

  • Implemented case CPANEL-10694: AutoSSL for proxy subdomains.