Author Topic: AutoSSL for mail only  (Read 1211 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
AutoSSL for mail only
« on: November 17, 2020, 07:22:04 PM »
Hey folks!

I'm using Cloudflare, therefore the A record for the domain and its subdomains have a SSL origin certificate from the server > Cloudflare, I do not wish to use AutoSSL for this as it will fail renewal (AutoSSL checks the IP address for the domain when issuing, this resolves at Cloudflare).

The mail.domain.com is sent via Cloudflare but not proxied/cached and just uses them for DNS.
I wish to use AutoSSL for every mail.domain.com record on every domain I have thats set up with Cloudflare, yet CWP seems to require the main domain on the certificate.

Is there a workaround for this?
Please do not suggest removing Cloudflare or temporarily disabling the DNS proxy on the main record for renewal each time, I'm looking for an automated solution that needs no interference!

It sounds like a 'must have' for CWP, I've used CWP for months now (i love it!) but the above is definitely holding CWP back.

Suggestions welcome :)

Offline
*
Re: AutoSSL for mail only
« Reply #1 on: November 19, 2020, 04:33:18 PM »
BUMP! :)

I cant see how CWP can be a viable hosting solution if this is not possible, it must be!
What am I missing here? I'm sure someone has done it!

Just to reiterate, imagine that you have your domain on a different server but want to create a CWP account just for mail.
You cant issue a mail.yourdomain.com certificate because the main domain A record doesn't point there, or you cant create mail.domain.com subdomain manually to then issue a certificate to just mail.domain.com only as CWP wont allow the manual creation of a mail.domain.com subdomain :(

I'm really stumped here, any advice?

Offline
*
Re: AutoSSL for mail only
« Reply #2 on: November 19, 2020, 08:05:25 PM »
you should only allow proxy for mail subdomain to cwp and that is it and for manual configuration you need to check postfix/dovecot conf this is regular postfix/dovecot conf so any sysadmin should be able to set sni ssl for it.
VPS & Dedicated server provider with included FREE Managed support for CWP.
http://www.studio4host.com/

*** Don't allow that your server or website is down, choose hosting provider with included expert managed support for your CWP.