This article is intended for Web Site Administrators with full control of a dedicated server, running Apache, WHM, and cPanel for account management. Setting up an SSL Certificate for a Domain should always be performed by a knowledgable web server administrator. If you are not the server administrator, please submit a ticket requesting the installation of your new SSL certificate.
The goal of this article is to explain a process for installing an SSL certificate for a website subdomain, where the primary domain already has a valid certificate. Because each certificate requires having a unique IP address, and typically one one IP address is assigned to a domain (including subdomains), the process for installing the SSL certificate is a liittle complicated.
How to Setup an SSL Certificate for a Subdomain using a Standard Single-Site SSL Certificate.
For this example, our website is DOMAIN.COM, which already has a SSL cert. We want another cert for the subdomain. Every cert requires a unique IP address in order to function / install. We assume in these steps that you have:
- A functioning DOMAIN.COM
- "Generated" a CSR for SUBDOMAIN.DOMAIN.COM
- Bought your SSL certificate for SUBDOMAIN.DOMAIN.COM
- Received your "CA BUNDLE" from the company issuing the SSL Certificate
- Step 1: In the DOMAIN.COM cPanel, Create the subdomain you are going to use ( SUBDOMAIN.DOMAIN.COM )
- Step 2: In Servers WHM, "Add a DNS Zone" by specifying a unique IP address and the full subdomain URL ( SUBDOMAIN.DOMAIN.COM ). You MUST use a UNIQUE IP address for every SSL certificate you install, even if they are for the same DOMAIN.
- Step 3: In Servers WHM, "Edit DNS Zone" edit the DNS zone you just created and remove the CNAME records (mail, www, and ftp)
- Step 4: Login using SHELL access to your server and edit your Apache "httpd.conf" file ( /usr/local/apache/conf/httpd.conf ). Search for the line that reads "SUBDOMAIN.DOMAIN.COM" and edit the VirtualHost tag to read the correct IP address. VirtualHost XX.XX.XX.XX:80
- Step 5: Restart your Apache by typing "httpd restart". At this point, you should be able to load SUBDOMAIN.DOMAIN.COM in your browser. If that doesn't work, try pinging the address SUBDOMAIN.DOMAIN.COM and debug from there. With the DNS zone created, and the httpd.conf file modified, you should have a unique IP address resolving on the server, and the public html being served from the primary domain account (subdomain folder - ie: /home/domain/public_html/subdomain)
- Step 6: In Servers WHM, "Install a SSL Certificate and Setup the Domain" - paste the .CRT code you received from your Certificate Issuer. The server should find the certificate for the domain that you previously created (before purchasing) and locate the appropriate .key and ca bundle data. Submit to Install.