Subdomain support


#1

I have a cpanel reseller account and used Let’s Encrypt to issue SSL certificates for the www, ftp and mail services. Our www service is now hosted by a different server outside of the current providers network and name records at the cpanel reseller account are used to point it that way.

The mail server and our subdomains are hosted on the cpanel reseller account.

The certificate expired two days ago. When I renew I get the following:

There was a problem processing your request

Error issuing certificate
Failed to issue certificate
The Let’s Encrypt HTTP challenge failed: acme error ‘urn:acme:error:unauthorized’: Invalid response from http://catcountry989.com/.well-known/acme-challenge/BXENwZTRiUcnEGvVv48BxlRK8yOcXa1q0Zc9XC5NlXw: " <meta name=“viewport” "

The check box for the main domain is greyed out in the issuance interface and will not allow me to select just the mail.domainname.com address. It requires the main domainname.com as well.

Is there a way to issue the certificate to just the mail.domainname.com service? And what would be the best way to do this?


#2

My domain is: catcountry989.com

I ran this command: Renewal failed

It produced this output: See Above

My web server is (include version): cpanel

The operating system my web server runs on is (include version): cpanel

My hosting provider, if applicable, is: crocweb.com

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): cpanel


#3

Hi @beaugast,

Maybe someone else here will know how to do this with cPanel, but if not, you could ask on the cPanel forums

There are lots of other ways to get Let’s Encrypt certificates, for example using a web-based client like https://www.zerossl.com/ or https://gethttpsforfree.com/. A disadvantage to this is that you’ll have to repeat the process manually at least once every 90 days, which would not be the case if you can automate the certificate issuance with software running on your server. (This also assumes that you have a way to import the externally-generated certificates in your configuration.)


#4

Hi @beaugast,

You’re using our plugin based on the error message.

And yes, you are right, it is not currently possible to exclude the main domain of the cPanel account in the certificate. This restriction exists due to a previous limitation of cPanel which is now gone, but our implementation still holds onto that restriction.

There is a workaround I can offer you, and that is to create an Addon Domain for your “mail.domainname.com” address.

This has the effect of allowing you to issue a certificate for it independently of the other domains, because all it does is relocate it from being a ServerAlias of “domainname.com” to being an independent VirtualHost of its own.

If you have further questions please get in touch via our website.


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.