I have a cpanel reseller account and used Let’s Encrypt to issue SSL certificates for the www, ftp and mail services. Our www service is now hosted by a different server outside of the current providers network and name records at the cpanel reseller account are used to point it that way.
The mail server and our subdomains are hosted on the cpanel reseller account.
The certificate expired two days ago. When I renew I get the following:
The check box for the main domain is greyed out in the issuance interface and will not allow me to select just the mail.domainname.com address. It requires the main domainname.com as well.
Is there a way to issue the certificate to just the mail.domainname.com service? And what would be the best way to do this?
Maybe someone else here will know how to do this with cPanel, but if not, you could ask on the cPanel forums
There are lots of other ways to get Let’s Encrypt certificates, for example using a web-based client like https://www.zerossl.com/ or https://gethttpsforfree.com/. A disadvantage to this is that you’ll have to repeat the process manually at least once every 90 days, which would not be the case if you can automate the certificate issuance with software running on your server. (This also assumes that you have a way to import the externally-generated certificates in your configuration.)
You're using our plugin based on the error message.
And yes, you are right, it is not currently possible to exclude the main domain of the cPanel account in the certificate. This restriction exists due to a previous limitation of cPanel which is now gone, but our implementation still holds onto that restriction.
There is a workaround I can offer you, and that is to create an Addon Domain for your "mail.domainname.com" address.
This has the effect of allowing you to issue a certificate for it independently of the other domains, because all it does is relocate it from being a ServerAlias of "domainname.com" to being an independent VirtualHost of its own.