SSL Certificates being generated for Parked (Alias) Domains Only

I’ve enabled AutoSSL in cPanel/WHM along with the ‘Lets Encrypt’ provider.

The SSL websites are working, however if I look at the certificate information it shows a different website to the one being accessed (one of the parked domains). Is there a way to change this ?

It is fine on other domains that don’t have any parked domains against them.

The ones that have parked or alias domains are all showing another name that is parked to the main domain, but surely the SSL should show either the primary domain or the one being accessed at that time.

Thanks in advance,

Happyman

X.509 Certificates have a Common Name (CN) which traditionally for the Web PKI is a DNS name, but the actual web browser software primarily checks what are called Subject Alternative Names or SANs, listed inside the certificate but less prominently.

Most browser software can show you these alternate names, but you may need to click around a bit more inside the UI for examining certificates.

The rules for public CAs in the Web PKI say they must list all names as SANs, but they may choose to show one as the CN. Let’s Encrypt clients can pick which one to give that prominence too, but I don’t know if the cPanel AutoSSL feature exposes that as something you can change in new certificates.

The content of the certificate is fixed when it’s signed, like a signed paper document only more so. So if you have one certificate for both happy.example and parked.example, your server sends that one certificate to people visiting either site, if it has parked.example as the CN, that will show up even if the visitor came to happy.example. But if the name of the site wasn’t listed as a SAN, your browser would prompt saying there’s a problem with the certificate.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.