In a world where IPv4 addresses have run out SNI came along to allow multiple SSL certficates to be installed on 1 IP address. The protocol allowing this is SNI. cPanel is quite far behind the rest of the world and browsers in supporting this, however a basic implementation of this is now active in their stable releases. Below I will outline some of the issues I found.
What names should I have in my certificate
Beacause of the way cPanel handles subdomains and parked domains, a type of virtual host, you can only add a single SSL certificate per cPanel account and this only really supports www and non-www names. I have only verified the following occurs with subdomains but there is a high chance it is the same for parked domains.
When you make any HTTPS request to you website/account then the primary domain, with no subdomain, will be served irrespective of the domain name. This mean that only the content from the primary domain name i.e. https://quantumwarp.com/ will be served and by an accident https://www.quatumwarp.com/ would show the same content which is great for most peopel so they can choose between www and no-www version of their site without have ing to worry. https://search.quantumwarp.com/ would also show the content from https://quantumwarp.com/. Another note about this is that if you goto to https://search.quantumwarp.com/ to stop SSL errors, your SSL certificate need search.quantumwarp.com in its alternate names.
cPanel has support for SNI on mail services which is great but after research it onnly uses the primary domain name i.e. https://quantumwarp.com/.cPanel is going to add support for https://mail.quantumwarp.com/ in future versions.
StartSSL recommends that you set the non-www as the common name of your certificate and add the www version next.
What would I do
create a SSL certificate with the following names. This allows for all HTTPS features to work in cPanel.
quantumwarp.com = Common Name
www.quantumwarp.com
Other names
These are just some of my domain name ideas for the day cPanel properly supports SNI for multiple domains on one account.
- quantumwarp.com
- www.quantumwarp.com
- cpanel.quantumwarp.com
- whm.quantumwarp.com
- mail.quantumwarp.com
- webmail.quantumwarp.com
- search.quantumwarp.com
- demo.quantumwarp.com
Notes
- Authentication is required for IMAP, POP3, and SMTP.
- mail.quantumwarp is not allowed. You can use quantumwarp.com.
- You cannot use www.quantumwarp.com for SNI (it is a subdomain)
- you cannot use your own certificate for protected subdomains.
- You can only use your primary domain name for SNI
- sni support www and non-www domains for https
- There are a lot of updates in cpanel 60 ( i think they are adding mail.domain.com support)
- I dont know if SNI uses the common name or the non-www version. Good change it is the common name
- Always use root domain as common name.
- currently there is no support in cpanel for SNI sub domains
- "issue free DV certificates from Comodo" this is getting added in 58/60
- if you use a subdomain with a matching entry in the SSL certificate then when you access in on a https you r main site will display.
- if i just use quantumwarp.com as the common name then there will be no issue with using the subdomain for SNI
- the www domain is an alias of the main site but with the ability to use a vaild https entry much like any other subdomain. https subdomians will never show their own content the main site is always shown.
- only question is, is it the common anme that is used or specifically the non-www entry in which case the common name does not matter. a small issue. ( i could use lambretta innovation to test this at some point as their common name is www version)
You can use SMTP 465 and SSL || SMTP 587, 25, 26 TLS (remember this is starttls)