There are two scenarios here:
- A user or reseller purchases an SSL certificate for one of the subdomains (cpanel.theirdomain.test, webmail.theirdomain.test, or whm.theirdomain.test) and wants to install it on the proxy domain.
- A user or reseller purchases a wildcard SSL certificate for their domain (*.theirdomain.test) and wants to use it for their proxy subdomains, but the server host wants to continue using their SSL as the default.
In both cases, what this involves is new virtual hosts placed immediately above the existing SSL proxy domain virtual host. The new virtual hosts will be specific, covering only the domain in question, allowing the other users to fall through to the default proxy domain virtual host.
The new feature would follow this logic:
Does the certificate support one or more of the proxy subdomains?
-- If not, install normally and exit;
-- Else, continue;
For each proxy subdomain (cpanel.domain.tld, whm.domain.tld, webmail.domain.tld)
* Does the certificate support this domain?
-- If not, skip to next in loop.
-- Else, continue.
* Is there an existing (custom/override) non-secure subdomain for this domain?
-- If so, create SSL certificate based on the existing non-secure subdomain.
-- If not, add the domain to the ServerAliases for the SSL host and include the SSL proxy subdomain redirect logic in the virtual host.
The work around currently is to manually manipulate the apache configuration files.
I like this idea 
This is now in a public build of version 64, 64.0.4, which is in the CURRENT tier. Update to version 64 now to take a look!
https://documentation.cpanel.net/display/64Docs/Manage+AutoSSL#ManageAutoSSL-DoesAutoSSLcoverproxysubdomains?
This is now in a public build of version 64, 64.0.4, which is in the CURRENT tier. Update to version 64 now to take a look!
https://documentation.cpanel.net/display/64Docs/Manage+AutoSSL#ManageAutoSSL-DoesAutoSSLcoverproxysubdomains?
This is partially complete in version 60, which just entered the CURRENT tier, with the implementation of SNI support in the cPanel service daemons. Proxy subdomains for cPanel, webmail, and WHM are not yet included, but mail is. You can read more about that here:
https://documentation.cpanel.net/display/ALD/60+Release+Notes
If you have any questions, feel free to follow your typical support path, or send me an email.
This is partially complete in version 60, which just entered the CURRENT tier, with the implementation of SNI support in the cPanel service daemons. Proxy subdomains for cPanel, webmail, and WHM are not yet included, but mail is. You can read more about that here:
https://documentation.cpanel.net/display/ALD/60+Release+Notes
If you have any questions, feel free to follow your typical support path, or send me an email.
Is there a timeline for SNI on proxy subdomains? Having https://webmail.domain.tld with no port required, and auto-redirects from /webmail, would be GREAT.
Is there a timeline for SNI on proxy subdomains? Having https://webmail.domain.tld with no port required, and auto-redirects from /webmail, would be GREAT.
+1 for https://webmail.domain.tld
We often have customers who can't access ports above 1024 and give them https://webmail.domain.tld, they then have to accept the certificate.
I would be very nice for https://webmail.domain.tld to work without getting an insecure certificat warning.
+1 for https://webmail.domain.tld
We often have customers who can't access ports above 1024 and give them https://webmail.domain.tld, they then have to accept the certificate.
I would be very nice for https://webmail.domain.tld to work without getting an insecure certificat warning.
Not a good idea at all. We sell thousands of dollars a year in SSL certificates. The requirement should be that the cp user have a wildcard cert purchased from their provider before that feature works.
Not a good idea at all. We sell thousands of dollars a year in SSL certificates. The requirement should be that the cp user have a wildcard cert purchased from their provider before that feature works.
Good news everyone! Proxy subdomains support is nearly completed for v64 and should merge later next week. Once it's in a public build I'll let everyone know!
Good news everyone! Proxy subdomains support is nearly completed for v64 and should merge later next week. Once it's in a public build I'll let everyone know!
Any update? :)
Any update? :)
This was implemented in v63/v64 which is now available in EDGE. Additional details will be available in the release notes once v64 is published to the CURRENT tier.
This was implemented in v63/v64 which is now available in EDGE. Additional details will be available in the release notes once v64 is published to the CURRENT tier.
This is now in a public build of version 64, 64.0.4, which is in the CURRENT tier. Update to version 64 now to take a look!
https://documentation.cpanel.net/display/64Docs/Manage+AutoSSL#ManageAutoSSL-DoesAutoSSLcoverproxysubdomains?
This is now in a public build of version 64, 64.0.4, which is in the CURRENT tier. Update to version 64 now to take a look!
https://documentation.cpanel.net/display/64Docs/Manage+AutoSSL#ManageAutoSSL-DoesAutoSSLcoverproxysubdomains?
Replies have been locked on this page!