Our features site is undergoing a refresh! Be sure to explore the revamped site and discover our latest product roadmap launching here on Monday, March 18th.
New Topic
cPanel & WHM Feature RequestsTopicDomain Management
Properties
Category Domain Management
Tags LetsEncrypt, Cloudflare, SSL, Subdomain, www

Subdomain / AutoSSL Notification Improvements / Cloudflare Integration

Ryan D shared this idea 13 months ago
Needs Review

Hi,


I've been running into multiple issues stemming from how cPanel manages subdomains / custom document root placeholder subdomains and how it incorrectly triggers AutoSSL notifications.


These are all somewhat linked together so I am posting it as one thread.


Subdomain Subdomains...


If you create a subdomain, for some silly reason cPanel decides to automatically create a www. subdomain which ends up leaving you with domains like:

When in reality how many sites have any of you ran into that that append www. to subdomains? cPanel themselves don't even use www. subdomains on their domains so why does cPanel automatically add them?

Just look at the following two... they go nowhere because they aren't setup.

As a result of this:

AutoSSL then automatically attempts to generate SSL certificates for these www. subdomains and as a result of these unnessercery subdomains not being setup in external DNS providers like Cloudflare we get "AutoSSL reduced SSL coverage" emails sent to us.


It also affects 3rd party softwares like CloudLinux's "LVE Manager", specifically their feature called the "Web Monitoring Tool" where it incorrectly attempts to access these subdomains and of course they throw up errors because the subdomains don't actually exist.


Current Options


Your only options are:

  • Create those subdomain records in external DNS providers
  • Manually go through every account/domain and remove the www. prefixes for subdomains
  • Manually go through every account/domain and disable AutoSSL for those www. prefexed subdomains.

Proposals:


It either needs:

  1. An option to disable www. subdomain generation for subdomains
  2. Removal of automatic www. subdomain generation for subdomains
  3. Add an option to disable AutoSSL notifications for failed generation of www. prefixed subdomains.
  4. Add an option to disable AutoSSL attempting to generate SSL certificates for www. prefixed subdomains.
  5. Add an option to disable AutoSSL notifications for DNS records that have no record (blank record, if no IP exists then move on..)
  6. Add an option so if AutoSSL attempts to generate a SSL certificate, only notify the user of a failed certificate IF it had succeeded to generate a SSL certificate previously

I personally would suggest #2 is the best choice because it's not an internet standard.


|----------------------------------------------------------------------------------------------------|


Custom Document Root Placeholder Subdomains


If you add an alias domain and setup a custom document root, you are forced to create a subdomain as a placeholder so the cPanel system can track / assign a document root to the alias domain.


You can see what I am talking about here: https://i.imgur.com/lEPG8BP.png


As a result of this


AutoSSL attempts to generate SSL certificates for these placeholder subdomains, which just like the above are irrelevant and just for cPanel's system purposes. As such because no domain has been setup in Cloudflare we get "AutoSSL reduced SSL coverage" emails sent to us.


It also affects 3rd party softwares like CloudLinux's "LVE Manager", specifically their feature called the "Web Monitoring Tool" where it incorrectly attempts to access these subdomains and of course they throw up errors because the subdomains don't actually exist.


Current Option...


Your only options are:

  • Create those subdomain records in external DNS providers
  • Manually go through every account/domain and disable AutoSSL for those placeholder domains

Proposals:


  1. Change cPanel so that it marks these "document root placeholders" as such, so that AutoSSL, CloudLinux can easily ignore the subdomains from their routines.
  2. Add an option to disable AutoSSL from attempting to generate SSL certificates for these subdomains (This option would likely need to use option 1 as well)
  3. Add an option to disable AutoSSL notifications for failed generation of these placeholder subdomains.
  4. Create a better system of tracking the document roots for alias domains, removing the need for subdomains.
  5. Add an option to disable AutoSSL notifications for DNS records that have no record (blank record, if no IP exists then move on..)
  6. Add an option so if AutoSSL attempts to generate a SSL certificate, only notify the user of a failed certificate IF it had succeeded to generate a SSL certificate previously

I personally would suggest #4 is the best option, however if #2 and #3 could also be done to achieve the same thing


|----------------------------------------------------------------------------------------------------|


Mail Subdomain


If you create a new cPanel account it automatically creates a mail. subdomain, however in my opinion it should NOT create a mail. subdomain by default IF the mail routing is setup to "Remote Mail Exchanger" because most of the time when this is set they'll more than likely be using Office365, GSuite or other comparable offerings which very very rarely have a mail subdomain.

Current Option...


Your only options are:

  • Create a mail subdomain
  • Manually go through every account/domain and delete the mail subdomain.

Proposals:


  1. Change cPanel account creation so if "Remote Mail Exchanger" is setup on the account, the mail subdomains are not automatically created.
  2. Add an option to disable the automatic generation of mail subdomains by default for all accounts.


|----------------------------------------------------------------------------------------------------|


WHM / cPanel Automatic Subdomain UI


Why isn't there an interface that allows WHM administrators to simply define a set of controls and also default subdomains that are generated with each account/domain.


This option would allow for a lot more domain control, optimization and setup ease.


|----------------------------------------------------------------------------------------------------|


Cloudflare API - Integration


Ultimately all of the above, could be solved by cPanel having some pre-made intergrations with major 3rd party DNS providers like Cloudflare, Route53, Azure DNS, Google Cloud DNS... etc.


Considering cPanel & Cloudflare are very commonly used together and the lack of complexity required to use the Cloudflare API this would be a good starting point for system for DNS management.


If cPanel sets up a templating system for integration scripts, you'd soon have lots of community built integrations which could then be made official after some testing.


It would also improve how you add subdomains, instead of having to add a subdomain both on Cloudflare & within cPanel you'd only have to do it in one place and then your DNS would be updated.


It would also let you use LetsEncrypt's DNS Validation because cPanel/AutoSSL would be able to add a DNS record straight to your Cloudflare account and then validate the entry with LE.


Once you add your API key & email address you would then be able to see "Remove Records" and "Local Records", from this screen you would be either able to update the remote record to match the local record or vice versa.


Once all records are matching, all future DNS changes would update both the local records & remote records.

1 I like this idea 0  
Leave a Comment
 
Attach a file

cPanel, WebHost Manager and WHM are registered trademarks of cPanel, L.L.C. for providing its computer software that facilitates the management and configuration of Internet web servers.