Us administrators eventually come to the realization that when you have a wildcard SSL certificate for 40 subdomains, you can’t practically have separate IPs and cPanel accounts for all of them. If you have a wildcard SSL certificate for all your subdomains, you can easily install the certificate on a single IP address for all the subdomains. For this particular scenario to work:

• All subdomains must be on the same IP and cPanel account
• You must have a wildcard SSL qualifying for *.tld.com

Keep in mind that for a wildcard SSL to work, it really does have to be installed for each subdomain. You can’t install it once and have it automatically work in the fly like wildcard DNS does – Apache just doesn’t work that way.  Luckily, we’ve scripted an easy solution for you.

Create the following files:

• /etc/ssl/certs/tld.crt

This file will contain the actual certificate, and should be named off of your top-level domain. For example, if the certificate is for *.mydomain.com, name the file mydomain.com.crt

• /etc/ssl/certs/tld.cabundle

This file will be the CA bundle for your wildcard certificate, if you have one.  If the certificate is for *.mydomain.com, name the file mydomain.com.cabundle

Now download the install script from here.

This is basically just a bash script that you can use to install a wildcard SSL for a domain. Running it will install the certificate on all subdomains of the domain passed to the script:

chmod 755 wildcardssl.sh

./wildcardssl.sh $domain

After it runs, all you need to do is restart Apache. Please make a copy of /var/cpanel/userdata before running the script for the first time, until you’ve verified that it works on your setup.  Please note that this script would need to be run again if more subdomains are added later on.

From time to time I’ve had users ask me to install an SSL certificate for their MySQL server. Currently this support is not enabled in cPanel automatically, nor is there an option to use it in WHM > Manage Service SSL Certificates at the time this article was written. However, you can install a certificate manually by following a few simple steps.

It was kind of annoying in the midst of cPanel 11′s release when cPanel discontinued the ability to install an SSL certificate on a shared IP.  Sure, you can do it as ‘nobody’, but this tends to mess up things when you have open_basedir set up or you’re using suPHP. Sometimes you might not have another IP to use, or you’re using an IP-based monitoring system and don’t want to complicate things. I, personally, prefer to install my shared SSL certificates on the shared IP. But that’s just me…and I’m right about everything.

There is a crafty way to get around this limitation, though it does require root access and it can be a little annoying when it’s something you have to do on a normal basis. Come on cPanel, just let us do this again so we don’t have to keep coming up with workarounds. I assume at this point that you already know how to use WHM to install a certificate, and you’re aware that the hostname for the certificate has to correspond with a user already on the server. Duh.