Incorrect handling of SSL generation for sub-domains

When you try to create a website in CybperPanel, for example, for sub.domain.com, it ends up trying to request certificates for www.sub.domain.com as well as sub.domain.com, and generally, in this case, the www.sub.domain.com does not exist, which leads to the SSL certificate request failing.

It would be a good idea to give the user a choice to review and edit the sub-domains list CybperPanel is going to request SSL for through LetsEncrypt.

The odd part is even though the SSL request fails, CyberPanel reports that the SSL was successfully generated.

Here is another person stuck with the same problem.

Or another suggestion is to provide a checkbox saying “Also request for a certificate for www.[domain]” so that a user can decide to not request it.

in cyberpanel first we check for ww and no ww and after this if www is not there we issue SSL for non www only as well so this is already there

:thinking: Thanks, I checked once more, and you are right, the issue was with mod_security, and I noticed it was mainly happening with .com domains because file LetsEncrypt file-based verification creates a file that ends with a .com extension, which ends up being blocked by ModSecurity. (I am assuming that the .com extension is seen as an executable by ModSecurity)

Is there a way to configure mod security to configure to ignore the related rule for files in /.well-known/ ? (Would that be good practice, though?)

It might be a safer idea to change the verification process such that the verification file is called {domain}.txt e.g., example.com.txt, if that is technically possible in the acme client.