understanding commercial TLS configuration for cPanel add-on domains
I want to use a commercial certificate for an add-on domain in cPanel. How do I go about purchasing and setting this up?
Configuring SSL to work with multiple domains served from the same IP address can be tricky, but there are ample resources which describe this process. Since many of the decisions that you'll make are specific to your application and business needs, it's good to understand the different options available.
Generally speaking, you'll want to do the following:
1: Obtain a commercial SSL certificate: Determine which type of SSL certificate meets your needs. Commercial SSL services often provide additional functionality with the certificate you get. Commercial certificate authorities will often bundle other services, like support, extra validation, and insurance against downtime.
2: Install the certificate: Luckily, cPanel's robust documentation has you covered.
Our documentation describes how this is done through their interface:
In the case that you wish to have different certificates for separate domains, you will need to use a SSL/TLS extension called SNI. This feature will allow you to use different certificates for different hostnames served from the same IP address. cPanel/WHM support SNI, as described in their documentation:
- Manage SSL Hosts | cPanel & WHM Documentation
- SSL FAQ and Troubleshooting - Version 76 Documentation - cPanel Documentation
3: Optionally, configure auto-renewal. You can use an ACME client, to handle this. The ACME protocol does not support some types of commercial SSL certificates (as it only handles DV certs by default), However, some SSL providers will configure this for you so you can set this up with EV and OV certs, as well. For example:
If you decide to update your certs manually, set a reminder so that you don't face any unplanned downtime when your cert expires.
I hope that this helps! Public Key Infrastructure decisions are important to get right on the modern web, and there are a lot of different ways to use encryption on the Internet. Choosing the right solution for you can save you time and effort down the road.