I’m currently using cPanel, but am about to provision a new server with Virtualmin that includes Let’s Encrypt.
I tried using Let’s Encrypt on cPanel a few months ago, but ran across this issue. I have one domain with 53 parked domains, and kept getting an error that LE was trying to create 159 certs… well over the limit of 100.
The problem was that it was creating one cert for example.com, a second for www.example.com, and a third for mail.example.com. And there’s no setting option in cPanel to make it create a single cert for all 3. After several days of no help from Softlayer, the only solution I could find was to switch to Sectigo.
Before I can switch to Virtualmin and rely on Let’s Encrypt, I need to know how to get past this issue. I do have root access, and will have root access on the new server.
The certs were being created via AutoSSL (WHM) on a CentOS 6 server.
I tried to attach some screenshots from WHM, but as a new user I’m limited. So I’m only attaching the one from Options.
When I set Let’s Encrypt as the provider the only option on the main page is to accept the Terms. And then under Options (attached) I can only select about notifications and whether AutoSSL should replace old certs.
I asked on the cPanel message board but no one could suggest a way to change any other options. And sadly, after IBM bought Softlayer their service has become a joke :’-( So I was hoping maybe you guys and gals could suggest some other way to make these modifications, away from WHM/cPanel.
But normally it's terrible to use one of these with a control panel. Control panels have their own rules to manage vHosts, using a client that may break the configuration. Or the control panel blocks /.well-known/acme-challenge.
No, it’s all automated. There’s a function called “AutoSSL”, and if you turn it on then the cert provider creates certificates as needed with no interaction from me.
This is really a huge hold-up for me. I need a new server, but don’t want to pay $45 /month for WHM so I’m wanting to set up something like VirtualMin. But since VirtualMin seems to only support Let’s Encrypt, I desperately need to find a way to make LE work for my domains. I can’t set up the new server until I know if it will work :’-(
I don’t know how accurate that site is, but I just looked at the certificate on my site and “Certification Path” definitely says:
Sectigo (formerly Comodo CA)
cPanel, Inc. Certification Authority
It was installed on 8/2/19.
But you can see on that page that it created 100 certificates, but the list includes with and without the www, and mail. That’s the problem. It shows 100 because that’s the maximum that it would create; after that, the other domains just didn’t get a cert.
I looked at Certbot and that would be a fine solution, but I don’t see any way to change the settings on it, either. I haven’t found anything conclusive that says whether this 100 cert limitation is with Let’s Encrypt or just cPanel.
The main limit is Certificates per Registered Domain (50 per week). A registered domain is, generally speaking, the part of the domain you purchased from your domain name registrar. For instance, in the name www.example.com , the registered domain is example.com . In new.blog.example.co.uk , the registered domain is example.co.uk . We use the Public Suffix List to calculate the registered domain.
If you have a lot of subdomains, you may want to combine them into a single certificate, up to a limit of 100 Names per Certificate .
But no explanation of HOW to combine them into a single cert. I’m dealing with parked domains instead of subdomains, so I’m only guessing that the same logic applies?
This one little detail is keeping me from upgrading my whole server :’-(