How to Use the Mail Queue Manager in WHM

Posted on by Ryan Smith
Category: Common Fixes, WHM + cPanel | Tags: , , ,
Reading Time: 3 minutes

The Mail Queue Manager feature in WHM allows you to view, delete, and attempt to deliver queued emails that have not yet left the server. It can be a handy tool for diagnosing a variety of issues with mail deliverability, such as spotting signs of a compromised account sending spam from the server.

Accessing Mail Queue Manager in WHM

If you are unfamiliar with how to access WebHost Manager (WHM), you can take a look at our article Getting Started with WHM.

Once logged into WHM, you can navigate to the Mail Queue Manager page by inputting the text “mail queue” into the search box above the left menu, then click the Mail Queue Manager option:

mail queue manager link in WHM

Searching for Queued Emails

From the Mail Queue Manager main page you will see a section for searching through these queued emails. You can input either a Sender, Recipient, or Message ID (a unique identifier the mail server gives each email sent and received) to filter through the queued messages.

Once you input a search for one of these options, select the corresponding option from the Select Query dropdown menu next to the text box: Search Sender, Search Recipient, or Search Message ID.

You can also select No Filter if you do not want to restrict the search to one of these specific options.

The search filter also includes a section to select a particular time frame by entering a Start Date and End Date. This will filter the search results down to emails that fall within this time frame. Please note: WHM only retains this data for 10 days, so email outside of that time frame will not be included in the search results.

Once you’ve input the text to search, and selected the filter options, click the Run Report button.

Below is an example of a search for all messages in which the sender of the email matches “user@domain.com”:

mail queue search screenshot

Viewing Queued Emails

To view an email currently in the queue, under the Actions column, click the magnifying glass icon:

example of email in the mail queue

This will display the email’s simple headers, text content, and provide you with options to delete the email, attempt delivery, download the email in .eml format (which you can open in mail client applications such as Microsoft Outlook), or view the email’s extended headers and control data:

example of email header detail in the mail queue

Delivering Queued Emails

As shown above, you can view a specific email and click Deliver Message Now to attempt delivery of the message. You can also select messages from the main page of the Mail Queue Manager and click Deliver Selected:

detailed view of the mail queue

The option Deliver All will attempt to send out all emails currently in the queue.

Deleting Queued Emails

To delete an email currently in the queue, you can view a specific email using the instructions above and then click Delete Message.
Multiple emails can be deleted from the queue using the main page of the Mail Queue Manager. You can either select each email you’d like to remove and then click Delete Selected, or you can remove all queued emails by clicking Delete All.

Unfreezing Frozen Queued Emails

You may see emails listed as Frozen under the Status column. These are emails that failed to deliver after multiple attempts, so in order to help the queue continue to run efficiently, the system will ‘freeze’ these emails. To unfreeze an email, you can click the second icon under actions:

frozen email in the mail queue

Once unfrozen, the email will attempt to send during the next queue run. Forcing a delivery attempt of a frozen email will also unfreeze the selected email.

Multiple frozen emails in the queue may indicate an issue that requires further investigation, such as a remote mail server blocking the mail transaction.

For more information on diagnosing email deliverability issues, you can take a look at our article entitled Troubleshooting: RBLs and Email Delivery Problems (Rejected Email Messages).

How To List Users in CentOS 7

Posted on by Echo Diaz
Category: Common Fixes | Tags: ,
Reading Time: 2 minutes

Adding a user in CentOS is a common task for most Linux admins. User’s have unique username’s and occassionally you may wonder if a username is in use or need other details about the user (like their group ID). We’ll show you how to see a list of users by logging into your Liquid Web CentOS 7 server. Once you’ve logged in via SSH, you’ll be able to run the commands below and get the information you need. Let’s get started!

To get a simple list of user names, enter the command below and press Enter.

getent passwd | cut -d: -f1

This command gives us a list of users assigned to this CentOS server. If you’d like a more detailed list of user you can use the command below. Using the command will provide you with the username, UID, GID, User Details, their home directory path, and the Default Shell for the user.

getent passwd

Example Output:

In our example you’ll see each field is separated by colons. Let’s breakdown the sections to provide more information on the user.

  • Username-the user example is root. Other users include bin, daemon, systemd-network, among many others. These are for when these entities need to access the system.
  • Password-indicated by the letter x, you can also find this encrypted password in the /etc/shadow file.
  • UID-this is the user’s ID, indicated by number starting at 1000. The root user is special as its UID is 0.
  • GID-like the user ID, the group ID shows us the the group that a user belongs to. The GID also starts at 1000 and for root user the group number is 0.
  • User Details – usually you’ll find the user’s first name. Sometimes this field can also be left blank.
  • Home Directory- this is the path that a user is in when logging into the server. You can alter this path by chrooting a user’s path.
  • Default Shell- A shell allows for an environment where users interact with the server and the type of shell assigned allows for different usage. The /bin/bash shell allows for text files to run commands.

How to Set Up Multiple SSLs on One IP With Nginx

Posted on by Andrej Walilko
Category: Common Fixes | Tags: , , , , , , , , ,
Reading Time: 6 minutes

With the shortage of available address space in IPv4, IPs are becoming increasingly difficult to come by, and in some cases, increasingly expensive. However, in most instances, this is not a drawback. Servers are perfectly capable of hosting multiple websites on one IP address, as they have for years.

But, there was a time when using an SSL certificate to secure traffic to your site required having a separate IPv4 address for each secured domain. This is not because SSLs were bound to IPs, or even to servers, but because the request for SSL certificate information did not specify what domain was being loaded, and thus the server was forced to respond with only one certificate. A name mismatch caused an insecure certificate warning, and therefore, a server owner was required to have unique IPs for all SSL hosts.

Luckily, IPv4 limitations have brought new technologies and usability to the forefront, most notably, Server Name Indication (SNI).

 

Why Do I Need an SSL?

Secure Socket Layer (SSL) certificates allow two-way encrypted communication between a client and a server. This allows any data protection from prying eyes, including sensitive information like credit card numbers or passwords. SSLs are optionally signed by a well-known, third-party signing authority, such as GlobalSign. The most common use of such certificates are to secure web traffic over HTTPS.

When browsing an HTTPS site, rather than displaying a positive indicator, modern browsers show a negative indicator for a site that is not using an SSL. So, websites that don’t have an SSL will have a red flag right off the bat for any new visitors. Sites that want to maintain reputation are therefore forced to get an SSL.

Luckily, it is so easy to get and install an SSL, even for free, that this is reduced to a basic formality. We’ll cover the specifics of this below.

 

What is SNI?

Server Name Indication is a browser and web server capability in which an HTTPS request includes an extra header, server_name, to which the server can respond with the appropriate SSL certificate. This allows a single IP address to host hundreds or thousands of domains, each with their own SSL!

SNI technology is available on all modern browsers and web server software, so some 98+% of web users, according to W3, will be able to support it.

 

Pre-Flight Check

We’ll be working on a CentOS 7 server that uses Nginx and PHP-FPM to host websites without any control panel (cPanel, Plesk, etc.). This is commonly referred to as a “LEMP” stack, which substitutes Nginx for Apache in the “LAMP” stack. These instructions will be similar to most other flavors of Linux, though the installation of Let’s Encrypt for Ubuntu 18.04 will be different. I’ll include side-by-side instructions for both CentOS 7 and Ubuntu 18.04.

For the remainder of the instructions, we’ll assume you have Nginx installed and set up to host multiple websites, including firewall configuration to open necessary ports (80 and 443). We are connected over SSH to a shell on our server as root.

Note
If you have SSLs for each domain, but they are just not yet installed, you should use Step 3a to add them manually. If you do not have SSLs and would like to use the free Let’s Encrypt service to order and automatically configure them, you should use Step 3b.

 

Step 1: Enabling SNI in Nginx

Our first step is already complete! Modern repository versions of Nginx will be compiled with OpenSSL support to server SNI information by default. We can confirm this on the command line with:

nginx -V

This will output a bunch of text, but we are interested in just this line:

...
TLS SNI support enabled
...

If you do not have a line like this one, then Nginx will have to be re-compiled manually to include this support. This would be a very rare instance, such as in an outdated version of Nginx, one already manually compiled from source with a different OpenSSL library. The Nginx version installed by the CentOS 7 EPEL repository (1.12.2) and the one included with Ubuntu 18.04 (1.14.0) will support SNI.

Step 2: Configuring Nginx Virtual Hosts

Since you have already set up more than one domain in Nginx, you likely have server configuration blocks set up for each site in a separate file. Just in case you don’t, let’s first ensure that our domains are set up for non-SSL traffic. If they are, you can skip this step. We’ll be working on domain.com and example.com.

vim /etc/nginx/sites-available/domain.com

Note
If you don’t happen to have sites-enabled or sites-available folders, and you want to use them, you can create /etc/nginx/sites-available and /etc/nginx/sites-enabled with the mkdir command. Afterward,  inside /etc/nginx/nginx.conf, add this line anywhere inside the main http{} block (we recommend putting it right after the include line that talks about conf.d):

include /etc/nginx/sites-enabled/*;

Otherwise, you can make your configurations in /etc/nginx/conf.d/*.conf.

At the very least, insert the following options, replacing the document root with the real path to your site files, and adding any other variables you require for your sites:

server {
listen 80;
server_name domain.com;
root /var/www/domain.com;
...
}

A similar file should be set up for example.com, and any other domains you wish to host. Once these files are created, we can enable them with a symbolic link:

ln -s /etc/nginx/sites-available/domain.com /etc/nginx/sites-enabled/

ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/

Now, we restart Nginx…

systemctl reload nginx

This reloads the configuration files without restarting the application. We can confirm that the two we just made are loaded using:

nginx -T

You should see your server_name line for both domain.com and example.com.

Note
The listen line included in the server block above will allow the site to listen on any IP that is on the server. If you would like to specify an IP instead, you can use the IP:port format instead, like this:

server {
listen 123.45.67.89:80;
...
}

Step 3a: Add Existing SSLs to Nginx Virtual Hosts

Now that we have valid running configurations, we can add the SSLs we have for these domains as new server blocks in Nginx. First, save your SSL certificate and the (private) key to a global folder on the server, with names that indicate the relevant domain. Let’s say that you chose the global folder of /etc/ssl/. Our names, in this case, will be /etc/ssl/domain.com.crt (which contains the certificate itself and any chain certificates from the signing authority), and /etc/ssl/domain.com.key, which contains the private key. Edit the configuration files we created:

vim /etc/nginx/sites-available/domain.com

Add a brand new server block underneath the end of the existing one (outside of the last curly brace) with the following information:

server {
listen 443;
server_name domain.com;
root /var/www/domain.com;
ssl_certificate /etc/ssl/domain.com.crt;
ssl_certificate_key /etc/ssl/domain.com.key;
...
}

Note the change of the listening port to 443 (for HTTPS) and the addition of the ssl_certificate and ssl_certificate_key lines. Instead of rewriting the whole block, you could copy the original server block and then add these extra lines, while changing the listen port. Save this file and reload the Nginx configuration.

systemctl reload nginx

We again confirm the change is in place using:

nginx -T

For some setups you’ll see two server_name lines each for domain.com and example.com, one using port 80 and one using port 443. If you do, you can skip to Step 4, otherwise continue to the next step.

Step 3b: Install and Configure Let’s Encrypt

Let’s next set up the free SSL provider Let’s Encrypt to automatically sign certificates for all of the domains we just set up in Nginx. On Ubuntu 18.04, add the PPA and install the certificate scripts with aptitude:

add-apt-repository ppa:certbot/certbot

apt-get update

apt-get install certbot python-certbot-nginx

In CentOS 7, we install the EPEL repository and install the certificate helper from there.

yum install epel-release

yum install certbot python2-certbot-nginx

On both systems, we can now read the Nginx configuration and ask the Certbot to assign us some certificates.

certbot --nginx

This will ask you some questions about which domains you would like to use (you can leave the option blank to select all domains) and whether you would like Nginx to redirect traffic to your new SSL (we would!). After it finishes it’s signing process, Nginx should automatically reload its configuration, but in case it doesn’t, reload it manually:

systemctl reload nginx

You can now check the running configuration with:

nginx -T

You should now instead see two server_name lines each for domain.com and example.com, one using port 80 and one using port 443.

Let’s Encrypt certificates are only valid for 90 days from issuance, so we want to ensure that they are automatically renewed. Edit the cron file for the root user by running:

crontab -e

The cron should look like this:

45 2 * * 3,6 certbot renew && systemctl reload nginx

Once you save this file, every Wednesday and Saturday at 2:45 AM, the certbot command will check for any needed renewals, automatically download and install the certs, followed by a reload of the Nginx configuration.

Step 4: Verify Installation and Validity

We should now check the validity of our SSLs and ensure that browsers see the certificates properly. Visit https://sslcheck.liquidweb.com/ and type in your domain names to check the site’s SSL on your server. You should see four green checkmarks, indicatating SSL protection.

We hope you’ve enjoyed our tutorial on how to install SSLs on multiple sites within one server. Liquid Web customers have access to our support team 24/7.  We can help with signed SSL or ordering a new server for an easy transfer over to Liquid Web.

How to Edit Your Hosts File in Windows 10

Posted on by Eric Kloeckner | Updated:
Category: Common Fixes | Tags: , , , ,
Reading Time: 1 minute

Editing your \etc\hosts file is a common task for troubleshooting issues or for developing a site that you aren’t quite ready to launch.  By editing this file, you’ll be able to bypass DNS to view a site at a declared IP address.

In Windows 10, your hosts’ file is located at: C:\Windows\System32\drivers\etc\hosts. You will need to edit the file with administrative privileges.

  1. Click the Windows button and type Notepad in the search bar.
  2. Right click on Notepad and then Run as Administrator.
  3. You’ll be asked, “Do you want to allow this app to make changes to your device?”.
    Choose Yes.
  4. In Notepad, choose File then Open
  5. Navigate to C:\Windows\System32\drivers\etc\hosts or click the address bar at the top and paste in the path and choose Enter.  If you don’t readily see the host file in the /etc directory then select All files from the File name: drop-down list, then click on the hosts file.
  6. Add the appropriate IP and hostname at the end of your hosts’ file, select save and close the file.
  7. Finally, you will want to flush your DNS cache for your computer to recognize changes to the file. Click the Windows button and search command prompt.
  8. Right-click on Notepad and then Run as Administrator.
  9. You’ll be asked, “Do you want to allow this app to make changes to your device?”.
    Choose Yes.
  10. Type the following command in the terminal and press Enter

ipconfig /flushdns

Troubleshooting: Can’t Resolve Hostname

Posted on by Echo Diaz
Category: Common Fixes | Tags: , , , , , ,
Reading Time: 2 minutes

You may find the “can’t resolve hostname” or “temporary failure in name resolution” error when using retrieval command like wget, cURL, ping or nslookup. There are many reasons why these commands can cause an error, including file corruption.  For the sake of brevity, we look towards commonalities between these commands to solve the issue.

These commands connect to the Internet using gateways to communicate and provide information.   If the connection from your local machine, in this case, a CentOS server, is disconnected you’ll likely run into issues trying to access the world wide web. In this troubleshooting tutorial, we’ll show you some common solutions to connectivity issues.

Step 1: Amongst many other configuration tasks, the resolv.conf file is used to resolve DNS requests. Manually editing the resolv.conf file to configure name resolution will only do so temporarily. The Network Manager controls this essential /etc/resolv.conf file to create permanent changes. So, we’ll first stop and disable the Network Manager:

Note
Be sure to run these commands as the root user, or a privileged user using sudo before each command.

chkconfig NetworkManager off; service NetworkManager stop

 

Step 2: The method for permanent changes is to edit the /etc/sysconfig/network-scripts/ifcfg-eth0 file instead of resolv.conf file. Open the file:

vim /etc/sysconfig/network-scripts/ifcfg-eth0

Next, we’ll set our DNS IP’s to use Google’s Public DNS (8.8.8.8 & 8.8.4.4).

DEVICE="em1"
BOOTPROTO="static"
DNS1="127.0.0.1"

DNS2="8.8.8.8"

DNS3="8.8.4.4"
GATEWAY="some_ip"
HWADDR="hwid"
IPADDR="some_ip"
IPV6INIT="yes"
NETMASK="255.255.255.0"
NM_CONTROLLED="yes"
ONBOOT="yes"
TYPE="Ethernet"

Save and quit the file using ESC and :wq.

 

Step 3: Enable and restart your network, using the commands associated with your server version.

CentOS 6, CloudLinux 6, RHEL 6:

chkconfig network on

service network start

 

CentOS 7, CloudLinux 7, RHEL 7:

systemctl enable network.service

systemctl start network.service

 

Step 4: Test the reachability of a host by using ping, curl, wget or any testing tool of your choice. In our example, we’ve successfully ping’d Google!  

ping google.com
PING google.com (172.217.4.46) 56(84) bytes of data.
64 bytes from lga15s46-in-f14.1e100.net (172.217.4.46): icmp_seq=1 ttl=57 time=6.65 ms
64 bytes from lga15s46-in-f14.1e100.net (172.217.4.46): icmp_seq=2 ttl=57 time=6.68 ms
64 bytes from lga15s46-in-f14.1e100.net (172.217.4.46): icmp_seq=3 ttl=57 time=6.68 ms

You don’t have to rack your brain over connectivity issues!  Liquid Web customers enjoy 24/7 support for our Managed products. Our knowledgable team of support techs have experience with solving errors of this nature.  Access our support team through a ticket, chat or phone call!

How to Revert a Windows Update

Posted on by Denise Lasky
Category: Common Fixes | Tags: , , , , ,
Reading Time: 2 minutes

Windows periodically checks for the latest updates and security features for your devices. Automatic updates are implemented with the intention of running your device smoothly and securely. With top security in mind, most Liquid Web servers are set to automatically install these updates thus saving you the task of remembering to implement critical updates or patches.

The vast majority of the times, windows updates complete successfully, keeping you and your customers safe.  These updates rarely cause any server issues, but you may find that you want to roll back an update due to an unforeseen server change.  Fear not, in this tutorial we’ll show you how to easily undo a Windows update on 2016, 2008R2 and 2012R2 servers.

Note
Liquid Web customers have the option to install automatic updates themselves. In these cases, security patches are updates fall under the responsibility of the account owner.

 

Server 2016 with Windows 10

  1. Click on the Start button, search for Windows Update and hit Enter.
  2. Go to View Update History and select Uninstall Updates.  Click the update you are wanting to uninstall/remove. (Generally, these are the most recent installs.)
  3. When the installed update window comes up, you can see the updates by name, KB number, type of program, version, and even the date of installation.
  4. Select the update and choose Uninstall.  Follow the on screen instructions.
  5. Depending on the update, there may be a need to reboot the server to complete removal.
  6. While you are still in the Windows Update screen, select the offending update and click Hide Update.  ** Once the Update is fixed and it is safe to install, then you can go in and manually install it on your system.

Complete the removal of the update by rebooting the server.

 

Server 2008R2 and 2012R2 with Windows 7/8

  1.           Go to the Start button and select Control Panel.
  2.           Go to Programs >> Uninstall a program.
  3.           Select the program and right-click to Uninstall.
  4.          Select the update you would like to revert.
  5.           Select Yes to uninstall the selected update.
  6.           Select the Restart Now button.
  7.           While you are still in the Updates screen, select the offending update and right-click, to select Hide Update.  ** To re-instate the update you can manually install it on your system.

Complete the removal of the update by rebooting the server.

Still having issues with reverting a Windows update? Liquid Web customers enjoy 24/7 support with our Managed Dedicated and VPS servers. Find out today why we are the most loved in hosting!

 

How to Change Your Hostname in Ubuntu 16.04

Posted on by Kurtis Foley
Category: Common Fixes | Tags: , , , ,
Reading Time: 5 minutes
Image result for ubuntu logo

Times are changing, and possibly your hostname is too if you are reading this article.  You may have come across a scenario within your business that requires you to change your hostname.  You might ask yourself why you would need to change your hostname? The most common scenarios would be due to a domain name change, your business has changed its course, or because you have thought of something better.

Sometimes you might forget to renew the domain names before they expire. Unfortunately, this can be a time where a domain brokers purchases you domain name.  These are agencies who take popular sites and purchase with the intent of holding the domain until their inflated price is met.  As unfortunate as this may be, sometimes it is best to purchase a new domain name for cost efficiency.

Note
When purchasing domains from Liquid Web you can always select the option to Auto Renew within our portal Domains >> My Domains

 

Benefits to using a Fully Qualified Domain Name for your Hostname

It is good practice to use your FQDN Fully Qualified Domain Name as your hostname. Following this practice creates more options for securing your hostname with an SSL.  This will allow services like email to function using a secured connection. Using a hostname with a registered domain will allow you to add a corresponding DNS entry.  This will prevent unpredictable behavior by some services that use the hostname. This would allow you to set up a reverse lookup DNS entry. It can be very important especially with services like email verfication.  For example, when an email is sent the receiving server runs a reverse lookup on the sender’s hostname. The reverse lookup allows receivers server to ensure the hostname resolves to the matching IP address. This is just one preventive measure servers now use to reduce email spoofing incidents.

By using a unique domain name, you can reduce editing time. You may have a script that calls to the servers IP, instead of the hostname, to correctly function.  Best practice is to use the hostname because future migrations may change IP addresses/ranges.  Using the hostname can save you a lot of time in the long run, depending on your infrastructure and coding.

 

Using SSH for Windows 10, 7/8, and Mac OS X

We’ll need to connect to your server.  For this article, we will be using SSH “Secure Shell” to access the server and issues commands.  SSH is a powerful tool that will allow us to establish a secure connection with your server, diagnose, and issue remote commands.  For more information on the SSH protocol, you can visit the following links.

There are a few ways to use SSH depending on your operating system. We’ve have included some examples below followed by links with more information.

Windows 10

Using SSH client in Windows 10

Note
Note: Because the OpenSSH client was introduced in the Windows 10 Fall Creators Update, you’ll need to first update to at least that version of the operating system.

Windows 7/8

Unfortunately, for older versions of Windows, it is not exactly possible to set up an SSH natively to connect to your server.  Thankfully, applications were created to assist. We like to use MobaXterm, but Putty is a safe choice as well. Both of these applications are free to use and simple to set up. We’ve included links below with more information on these applications.

Mac OS X

Newer Mac operating systems come with an excellent utility to access SSH called Terminal. To access Terminal navigate to your Applications folder >> Utilities folder >> Terminal.

In case Terminal is inefficient for your preference, there are other options available in the App store or through a quick search on Google . Putty is also available on Mac!

 

Changing the Hostname in Ubuntu 16.04

At this point, you should be able to access your server using SSH.  Once you have accessed your server, you will want to either switch to the root user or run these commands using sudo.  The files you will be accessing are owned by root. Because of this, you will need root privileges.

To start things off, we will want to edit /etc/hostname and the /etc/hosts files.  You can do so by using a text editor of your choice. We will demonstrate how to accomplish this task using the text editor called VIM.  Some of these command line text editors can seem complicated, we will include the “sed” command to make things even easier.

Switching to root user:

# su – root  

Editing the hostname and hosts file:

# vim /etc/hostname  

# vim /etc/hosts  

Once you have opened these files, you will need to change your hostname as follows:

  1. Press the i key to insert.  This will allow you to edit.  You will notice the editor says “Insert” at the bottom of the page.
  2. Use the arrow keys to navigate the cursor to your old hostname.
  3. Backspace to delete single characters
  4. Replace with the new hostname.  Be sure the syntax is correct.
  5. When done editing hit the ESC key to exit insert mode.
  6. Then hold shift andpress the : key
  7. Finally, type wq and press enter key. This will write to the file and quit the editor
  8. Repeat for /etc/hostname                                                            

As we mentioned earlier, the command line text editors can appear to be overly complicated, especially when you’re used to programs like Word and the Window’s text editor.  Because of this, we have included the command below.

Note
Change host.example.com to your old hostname. Change host.newhostname.com to your new hostname

# sed -i 's/host.example.com/host.newhostname.com/g' /etc/hosts

# sed -i 's/host.example.com/host.newhostname.com/g' /etc/hostname

After editing these files, you’ll need to reboot the server. If you wish to reboot at a later time but still want your new hostname to take immediate effect click on this sentence to skip ahead. Otherwise, you can do so by running

# reboot

Your SSH session should be terminated.  Depending on your server it can take a few minutes to boot back up.  Once the server is back online you can check your changes by running the following command:

# hostname  

If all went well, the terminal should output your new hostname.

If you wish to reboot at a later time but still want your new hostname to take immediate effect, you can use the hostname command to temporarily set the hostname until the next reboot.  From there, the changes in /etc/hosts and /etc/hostname will take permanent effect.

# hostname host.newhostname.com

There is also an alternative available.  The hostnamectl command is default for both Desktop and Server versions. They combine setting the hostname via the hostname  command, editing  /etc/hostname and setting the static hostname. Unfortunately, editing /etc/hosts  still has to be done separately.

Example:

# hostnamectl set-hostname host.newhostname.com

 

Common Issue after Hostname Update

The “Failed to start hostname.service: Unit hostname.service is masked” error can happen when there is a syntax error within the /etc/hostname, or /etc/hosts file, or when the hostname does not match between these two files.  Be sure to check both of these files for mistakes and correct them as needed. In newer versions of Ubuntu, you will also want to use the hostnamectl command mentioned earlier.  

# hostnamectl set-hostname host.newhostname.com

Once corrected, be sure to start the hostname service to see if the issue has been corrected. You can do so by running the command that we have included below. Afterward, we would recommend rebooting your server.  This is not always necessary, but in some cases, it is required.

# systemctl restart hostname  

As always, Liquid Web customer’s enjoy 24/7 technical support with changing your hostname. Reach out to our sales team to see how you can get into our lightening fast servers today!

 

Website Performance Tool

Posted on by Echo Diaz | Updated:
Category: Common Fixes | Tags: , , , , , , , , ,
Reading Time: 3 minutes

Liquid Web has developed a Hosting Toolkit that provides web developers and curious technophiles a Performance Tool for website testing. We make it easier than ever to optimize and troubleshoot by providing connectivity tests from different geographical locations accompanied with an easy to read grading system for site performance. Continue reading “Website Performance Tool”

What’s My DNS?

Posted on by David Richards
Category: Common Fixes | Tags: , , , , , , , ,
Reading Time: 3 minutes

What is DNS?

If you are new to web hosting, you may have heard the term DNS, but you might not be sure what it means or how it is essential to you. DNS is short for Domain Name System, and it is the process by which the whole Internet organizes and easier way for humans to reach websites. Numbers or IP addresses identify all of the computers/websites connected to the Internet. While computers have no trouble identifying each other using these strings of numbers, it would be challenging for humans if we had to remember a set of numbers for every website we wanted to visit! Fortunately, DNS translates domain names like liquidweb.com to an IP address and back, so all we need to know to find a website is the name. For a more in-depth discussion of the DNS system, see Understanding the DNS Process.

You can use the DNS Tree for a quick, visual comparison of the records that exist on all of your nameservers. Making sure your records match across nameservers and that they match your server is an essential part of troubleshooting possible website issues. If you’re error messages like “This site can’t be reached” or “webpage is not available”, the DNS Tree may help you figure out where the problem exists.

 

How Do I Check My DNS?

Verifying accurate DNS records is essential for navigating traffic to the correct web server. You can use Liquid Web’s Internet Webhosting Toolkit to view your current, authoritative DNS records. Just go to the toolkit’s site, click on the DNS Tree tab, enter your domain name, and click Submit.

Note
Our servers will query your domain’s nameservers for the most common DNS record types. If a domain is not registered or if no DNS records exist for the domain, you’ll receive an error message indicating that the records are not available. This may suggest that your nameservers are unavailable for some reason, especially if you are hosting those nameservers on a private server.

If you have registered your domain and set DNS records our tool will display the results in an easy to see “tree” of records, organized from most general to most specific.

In our example, we are looking up the records for liquidweb.com, so the tree begins with that domain at the far left of the screen.

The next set of records displayed are the Authoritative Nameservers for the domain. These are the servers designated as the holders of the records for this domain. If you want to change the records for this domain, you must change them on these servers. Changing records anywhere else won’t make reflect DNS changes. Your domain can have one, two, or as many Authoritative Nameservers as you would like but most websites use at least two for redundancy and stability.

 

The next set of entries in the DNS Tree show the Types of records that are available. DNS record types are unique for each kind of DNS function.

  • An “A Record” is used to identify primary IP addresses of given domains.
  • MX Records” are used for email routing and delivery.
  • TXT records” hold additional information about the domain, like SSL validations, DKIM entries, or SPF records.

For more information about DNS record types, see DNS Record Types.

The final “column” of entries displays the actual DNS record. This is typically an IP address for an “A record”, and domain name for an “MX record”, or a string of text for a “TXT record”. Hovering the mouse over a circle will display all of the information for the record in a pop-out window, including the TTL, Type, and Data.

 

 

 

 

 

 

 

 

If you’ve made recent changes to your DNS records, the toolkit may be showing an older, or cached, version of the records. The TTL portion of the record indicates how frequently the DNS system should update its records. TTL is shown in seconds, so a typical setting of 3600 means that servers will be asked to update your records every 6 minutes. The delay that occurs during this period is referred to as propagation. Some DNS changes, like nameserver changes, can up to 72 hours to propagate, so if you are going to be making changes to your DNS records, you’ll want to lower your TTL values for a quick update. For more information on reducing your TTLs, see How To: Lowering Your DNS TTLs.

If you need additional help, Liquid Web customer’s can contact the Most Helpful Humans in Hosting via ticket, chat, or phone at any time and we’ll do our best to make sure everything is working correctly.

 

SSL Checker Tool

Posted on by David Richards
Category: Common Fixes | Tags: , , , , ,
Reading Time: 4 minutes

The security of your website is vital to the success of your Internet business. One way you can protect your data (and your customers) is through the use of encrypted communication protocols. Secure Socket Layer (or SSL) was the original method of providing for basic encryption between servers and clients. The industry mostly uses Transport Layer Security (or TLS) protocols now, but the process is basically the same, and most users refer to this kind of encryption by the old name: SSL.  As part of our Web Hosting Toolkit, Liquid Web provides and SSL Tool to help you verify that your SSL is installed correctly and up-to-date.  Below is an insight on how to use this tool and as well as some core concepts and certificates types to know when dealing with SSL.

 

SSL Certificate Checker

You’ll want to confirm that everything is functioning correctly on the server once you’ve successfully ordered and installed your SSL. At this time, you’ll want to check on your domain SSL’s to confirm expiration dates, covered subdomains, or other information. While you can use various third-party SSL checkers on the Internet, Liquid Web makes gathering this information about your domain simple. Just go to the Liquid Web Internet Webhosting Toolkit page and click on SSL Tool.

How Do I Check If My SSL Certificate is Valid?

Enter your domain name in the box provided and click on Submit. You can enter either your primary domain name (like mydomain.com) or any of the subdomains you may have created SSL certificates for (like blog.mydomain.com). If an SSL certificate is installed on the server for the domain, the page will display the status of the certificate and additional information.

In this example, you can see that the certificate is valid and trusted by browsers and that the tested domain matches the certificate.

You can also see which Certificate Authority issued the certificate and the dates for which the certificate is valid.

Finally, you can see which signing algorithm was used to generate the certificate (indicating how complex and secure the certificate is) and which domains and subdomains are covered by the certificate.

How SSLs Work

SSL connections work through a series of tools that exist on your server and on a client’s web browser. At the simplest level, the server and a client computer exchange information and agree on a secret “handshake” that allows each computer to trust the other computer. This handshake is established through the use of private and public SSL certificate keys. The private key resides on the server, and the public key is available to a client computer. All information passed between the computers is encoded and can only be decoded if the keys match. These keys are generated by a Certificate Authority (like GlobalSign) and can vary in complexity and expiration date. These matched keys exist to prevent what are known as “man in the middle” attacks when a third-party intercepts the Internet traffic for the purpose of stealing valuable data (like passwords or credit card information). Because the third-party doesn’t possess the matching keys, they will be unable to read any of the intercepted information.

By using a trusted certificate your website user can enter their information with full confidence that their data is safe. Certificate Authorities only grant SSL certificates to operators who can prove that they are the legitimate owner of a domain and that the domain is hosted on the server for which the certificate is being issued. This proof is usually obtained by modifying the DNS records for a domain during the verification process of the certificate ordering transaction. To learn more about how to order an SSL through your Liquid Web account, see How To Order or Renew an SSL Certificate in Manage.

 

Types of SSL Certificates

While SSL certificates all provide the same essential functions, there are several different types of certificates to choose from. You’ll want to establish which certificate meets your needs before you decide to order one for your domain. The types we’ll discuss here are Self-Signed Certificates, Standard Domain Certificates, Wildcard Certificates, Extended Validation Certificates.

Self-Signed Certificates

Most servers have the capability of generating a Self-Signed SSL certificate. These certificates provide the same kinds of encrypted communication that certificate provided by Certificate Authorities provide. However, because they are self-signed, there is no proof that the server is the “real” server associated with a website. Many control panels use self-signed certificates because the owner of the server knows the IP address of the server and can trust that they are connecting to the correct site when using that IP address. The advantage of self-signed certificates is that they are easy to generate and are free to use for as long as you want to use them.

Standard Domain Certificates

If you only need to secure a single domain or subdomain, a standard domain SSL certificate is appropriate. Standard certificates are generally the least expensive option from Certificate Authorities and are designed to cover one domain or subdomain (generally both domain.com and www.domain.com are covered by a standard certificate).

Wildcard Certificates

If you have multiple subdomains, you may be able to save time and money by getting a wildcard SSL certificate. Wildcard certificates cover a domain and all of its subdomains. For instance, if you have a domain website that also has a mail subdomain, a blog, a news site, and a staging site that you want to be protected by SSL communication, a single wildcard would protect all of the sites.

Note
A wildcard certificate will only protect one level of subdomains. So, blog.mydomain.com is covered, but new.blog.mydomain.com would not be covered.
Extended Validation Certificates

SSL certificates are generally issued to companies that can prove they have the right to use a domain name on the Internet (normally because they can modify the DNS records for that domain). While that level of verification is sufficient for most companies, you may need to have additional evidence that your company is a reliable entity for business purposes. Organizational SSL certificates require additional vetting by a Certificate Authority, including checks about the physical location of your company and your right to conduct business. Organizational SSL details can be visible on your website if you install a Secure Site Seal. Additional vetting is available for companies that choose Extended Validation SSL certificates. Extended Validation processes are often used by banks and financial institutions to provide extra reassurance to their customers that their website is legitimate. EV SSLs will turn the address bar of the client’s browser green and display the company’s name on the right side of the address bar.

If you need help determining which type of SSL is right for your business, chat with our Solutions team for additional information.

Now that you’ve checked the details of your SSL certificate and confirmed that all of the information is correct, you’ll be sure that the communications between your server and your customer’s computers are secure as that information travels over the Internet. For more information about improving the overall security of your server, see Best Practices: Protecting Your Website from Compromise.