There are two scenarios here:
- A user or reseller purchases an SSL certificate for one of the subdomains (cpanel.theirdomain.test, webmail.theirdomain.test, or whm.theirdomain.test) and wants to install it on the proxy domain.
- A user or reseller purchases a wildcard SSL certificate for their domain (*.theirdomain.test) and wants to use it for their proxy subdomains, but the server host wants to continue using their SSL as the default.
In both cases, what this involves is new virtual hosts placed immediately above the existing SSL proxy domain virtual host. The new virtual hosts will be specific, covering only the domain in question, allowing the other users to fall through to the default proxy domain virtual host.
The new feature would follow this logic:
Does the certificate support one or more of the proxy subdomains?
-- If not, install normally and exit;
-- Else, continue;
For each proxy subdomain (cpanel.domain.tld, whm.domain.tld, webmail.domain.tld)
* Does the certificate support this domain?
-- If not, skip to next in loop.
-- Else, continue.
* Is there an existing (custom/override) non-secure subdomain for this domain?
-- If so, create SSL certificate based on the existing non-secure subdomain.
-- If not, add the domain to the ServerAliases for the SSL host and include the SSL proxy subdomain redirect logic in the virtual host.
The work around currently is to manually manipulate the apache configuration files.