53 parked domains tries to create 159 certificates

I’m currently using cPanel, but am about to provision a new server with Virtualmin that includes Let’s Encrypt.

I tried using Let’s Encrypt on cPanel a few months ago, but ran across this issue. I have one domain with 53 parked domains, and kept getting an error that LE was trying to create 159 certs… well over the limit of 100.

The problem was that it was creating one cert for example.com, a second for www.example.com, and a third for mail.example.com. And there’s no setting option in cPanel to make it create a single cert for all 3. After several days of no help from Softlayer, the only solution I could find was to switch to Sectigo.

Before I can switch to Virtualmin and rely on Let’s Encrypt, I need to know how to get past this issue. I do have root access, and will have root access on the new server.

The certs were being created via AutoSSL (WHM) on a CentOS 6 server.

TIA!

Hi @GoNC

I don't use cPanel. But the screenshots I have seen had options: Add www, add mail server.

So it may be a limitation of your hoster -> only your hoster knows the answer.

I tried to attach some screenshots from WHM, but as a new user I’m limited. So I’m only attaching the one from Options.

When I set Let’s Encrypt as the provider the only option on the main page is to accept the Terms. And then under Options (attached) I can only select about notifications and whether AutoSSL should replace old certs.

I asked on the cPanel message board but no one could suggest a way to change any other options. And sadly, after IBM bought Softlayer their service has become a joke :’-( So I was hoping maybe you guys and gals could suggest some other way to make these modifications, away from WHM/cPanel.

It's simple to create such a certificate using Certbot.

But if you use cPanel, normally you shouldn't mix the integrated solution with an own client.

It may work if you use Certbot with certonly, so you have to install the certificate manual.

Why isn't it possible to create one certificate per domain?

That's a good question, and I'm not sure that it's NOT possible. I just haven't found a way in WHM to do so.

How would one usually set it to create one cert per domain away from WHM?

How do you create certificates? Per domain?

There are a lot of clients.

But normally it's terrible to use one of these with a control panel. Control panels have their own rules to manage vHosts, using a client that may break the configuration. Or the control panel blocks /.well-known/acme-challenge.

No, it's all automated. There's a function called "AutoSSL", and if you turn it on then the cert provider creates certificates as needed with no interaction from me.

This is really a huge hold-up for me. I need a new server, but don't want to pay $45 /month for WHM so I'm wanting to set up something like VirtualMin. But since VirtualMin seems to only support Let's Encrypt, I desperately need to find a way to make LE work for my domains. I can't set up the new server until I know if it will work

But then your configuration is wrong.

Looks like you have too much domain names in your vHosts defined. So AutoSSL sees the list of domain names -> and creates the certificates with too much names.

Please share a domain sample.

GoNC.net is one of my main parked domains, parked on top of gonc.co (not “.com”, but “.co”).

The certs are all through Sectigo now, though, so you won’t see any errors. I can provide a bit of my error log from when I used Let’s Encrypt, if you think it would help?

Checked your domain there is a Letsencrypt certificate - https://check-your-website.server-daten.de/?q=gonc.net#ct-logs

With exact 100 domain names, non-www and www, without mail.

So you can manage 50 domain names without an additional setup.

With an own client and skipping cPanel, you can create one vHost per domain and one certificate (with three domain names) per domain + vHost. So there is no limit.

These Control Panels (cPanel, Virtualmin etc.) may have sometimes internal limitations.

I don’t know how accurate that site is, but I just looked at the certificate on my site and “Certification Path” definitely says:

Sectigo (formerly Comodo CA)

• cPanel, Inc. Certification Authority

It was installed on 8/2/19.

But you can see on that page that it created 100 certificates, but the list includes with and without the www, and mail. That’s the problem. It shows 100 because that’s the maximum that it would create; after that, the other domains just didn’t get a cert.

I looked at Certbot and that would be a fine solution, but I don’t see any way to change the settings on it, either. I haven’t found anything conclusive that says whether this 100 cert limitation is with Let’s Encrypt or just cPanel.

There are two certificates.

One from Letsencrypt with exact 100 domain names.

One from cPanel with 159 domain names.

The 100 domain names limit is a Letsencrypt limit. Your cPanel certificate has 159.

Yeah, but... how do I change that?

I found this in the docs:

The main limit is Certificates per Registered Domain (50 per week). A registered domain is, generally speaking, the part of the domain you purchased from your domain name registrar. For instance, in the name www.example.com , the registered domain is example.com . In new.blog.example.co.uk , the registered domain is example.co.uk . We use the Public Suffix List to calculate the registered domain.

If you have a lot of subdomains, you may want to combine them into a single certificate, up to a limit of 100 Names per Certificate .

But no explanation of HOW to combine them into a single cert. I'm dealing with parked domains instead of subdomains, so I'm only guessing that the same logic applies?

This one little detail is keeping me from upgrading my whole server

Create one certificate with max. 100 domain names.

But if cPanel doesn't allow that, that's a cPanel limitation.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.