Sometimes when you add a new Addon domain in cPanel you may get a browser security security warning like the one below. There can be a variety of reasons why you might see this warning such as the certificate has expired but that likely would not be the case if you just deployed a new site in cPanel which features AutoSSL.
What is cPanel?
The website hosting control panel known as cPanel is quite possibly the industry standard for managing web hosting through a web-based interface. The dashboard provides a graphical interface and icon-based navigation that makes it easy to use, even for beginners. With cPanel, you can easily add or remove domains, email accounts, databases, and FTP accounts with just a few clicks of your mouse. You can also use the control panel to create backups, view detailed statistics about your website, and install scripts such as WordPress with just a few clicks. In short, cPanel is a powerful tool that can help you get the most out of your web hosting account.
Despite all of the automation provided by cPanel sometimes things can still go amiss. If you see the browser security warning above after deploying a new WordPress website in cPanel you should open the certificate properties in your browser and look at the certificate common name and Subject Alternate Names (SAN).
In my experience with WordPress and cPanel, this browser security warning is caused by AutoSSL generating an SSL certificate for a new Addon domain with the common name for subdomain of the primary domain instead of the new FQDN that you just created. This condition can be seen in picture below.
What is an FQDN
An FQDN, or fully qualified domain name, is the complete domain name for a particular website or server. This includes the hostname, as well as the domain name and any subdomains. For example, www.example.com is an FQDN. The hostname is www, the domain name is example, and the top-level domain is com. When you type an FQDN into your web browser, the browser will use DNS to resolve the address and connect you to the correct server. Because of this, it’s important to make sure that your FQDN is correctly configured – otherwise, you might not be able to access your website.
What is AutoSSL
AutoSSL is a native feature in cPanel that automatically encrypts your website with an SSL certificate. This helps to ensure that your visitors’ information is safe from hackers and other online threats. In order to enable AutoSSL, you simply need to log into your cPanel account and navigate to the “SSL/TLS Manager” section. From there, you can select the “AutoSSL” option and choose which domain you would like to encrypt.
When you add a new FQDN in cPanel by design it creates both the new FQDN and a subdomain of the primary domain. The primary domain is the domain name you used when you created your cPanel account. For example if your primary domain is abc.com and then you setup an Addon domain called 123.com on your account, cPanel by design will create both 123.com and 123.abc.com. And when you consider AutoSSL runs on a scheduled cycle creating certificates for all the domains in your cPanel account it’s easy to see how the wrong hostname could be included in your new SSL certificate. As mentioned above simply checking the certificate properties will easily determine if the browser security warning is caused by this issue condition or not.
Fix cPanel AutoSSL issues
An additional clue to solving hostname certificate issues is to view the currently installed certificates in cPanel by clicking on SSL/TLS from the dashboard.
Next click on Manage SSL Sites.
In the list you’ll see which hostnames have been have been included in an AutoSSL certificate designated by the green lock icon. Hostnames with the red icon have not been included. This is an additional clue to the issue described above with a hostname mismatch in the site’s certificate. From this screen you can view certificates assigned to a site, uninstall a certificate, or update the certificate with a new Certificate Signing Request (CSR).
To fix the hostnames included in an AutoSSL certificate click on SSL\TLS Status from the cPanel dashboard. Search for the Addon domain that you recently added. Like the other screen you’ll see a list of all the hostnames included in the AutoSSL certificate. However, from this screen you can include or exclude hostnames in the certificate.
In the example below you can see the hostname in red is not included in the AutoSSL certificate and the hostname in green is included. The hostname in green is a subdomain of the primary domain on the hosting account and not the FQDN we want to include in the certificate. To fix this issue just click Include during AutoSSL next to the FQDN in red and then click Exclude from AutoSSL next to the FQDN in green. The next time AutoSSL runs the hostnames in the certificate will be updated. Alternatively if you don’t want to wait click Run AutoSSL at the top of the page. If for some reason this still does not fix your issue then go back to the previous screen for Manage SSL Sites, delete the certificate, repeat the steps above, and then run AutoSSL again.
Cpanel is an industry-leading hosting control panel that helps users manage their web hosting account with ease. Cpanel provides a user-friendly interface that makes it simple to perform common tasks such as creating WordPress websites, MySQL databases, FTP accounts, email accounts, and managing certificates created by AutoSSL. Despite all the automation offered by cPanel you may get a browser security warning after creating a WordPress site for an Addon domain. Fortunately cPanel makes it easy to manage the common name and subject alternate names encrypted in AutoSSL certificates. Thanks for reading!