GreenGeeks doesn’t implement Let’s Encrypt properly so you can take them off your list.
They don't implement it properly. "Wildcard" to them is *.parent.com, but for ..parent.com (i.e. www.blog.parent.com) they demand you get a "premium" certificate. And they don't let you implement it through auto-ssl in cPanel, citing "buggy" auto-ssl...
*.*.domain.tld is not available through Let's Encrypt (or any other commercial CA, AFAIK)--there can only be one wildcard, and it's only allowed in the left-most position. So if this is your concern with GreenGeeks, it is not a failure in their implementation.
In that case, can you provide us a link to the certificate? (For example via https://crt.sh/) Such a certificate should not have been provided by Let’s Encrypt.
1 Like
I agree that green geeks have an incomplete intergration, because currently they still need to request the certificate by contacting their support department.
Are you trying to say that they don't allow you to get a wildcard for *.subdomain.parent.com?
That's because autossl does not support issue wildcard certificate from Let's Encrypt. Fleet SSL for cPanel do, but I don't think Green Geeks purchased them.
Sorry, the markdown broke down. It’s star.star.parent.com
This may be an edge case to 99.9% of the people but say you have a subdomain called newsletters.domain.com. If you write www.newsletters.domain.com it auto redirects you to a non-www version of the url, naturally. But if you’re pedantic like me and re-write www. — it prints out the “this page is unsafe” message, no redirect.
On Webfaction I used to have a wildcard domain that covered sub-sub-domains, both through their admin and manually installed…
And just to be sure I made .htaccess redirects that all point to non-www, https versions of the page. Thus lowering my bounce rate.
GreenGeeks don’t allow star.star.parent.com, they don’t allow any manual attempts to fix that (thus me thinking of auto-ssl, even though your Fleet SSL idea is better). And they don’t allow any redirects from Apache or whatever else.
As danb35 said, CAs are not allowed to issue certificates with "*.*.". If you had one, it must have been several years ago.
If you got one from a CA in the web PKI recently, the misissuance needs to be reported. If the certificate hasn't expired, it needs to be revoked.
It's definitely a problem, but the only solution is putting individual names like www.newsletters.domain.com in your certificates.
I totally agree that one should be able to add a certificate for an individual domain config, however they denied allowing me that too.
Short backstory: Webfaction was bought by GoDaddy so I wanted a new hosting company, and one of my pre-requisites was that the company be eco-friendly (don’t judge, I know it’s not the main reason most people choose a host).
That’s how I found GreenGeeks. Which I now divorced in favour of http://greenhost.net starting tomorrow (which is not on your list but they say they support LE).
Why would you do that? What makes you think that's the "correct" thing to do?
In any event, to repeat, neither LE nor any other CA will issue a cert for *.*.domain.tld. However, LE's perfectly capable of issuing a cert for sub.sub.domain.tld (or *.sub.domain.tld). If Green Geeks doesn't permit either of the latter cases, yes, that's a significant limitation.
All I want is my users to not see that “website is insecure” message. If I can reach it using www then they can too. That’s why I was contempt with either a cert or a redirect, but neither was allowed…
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.