How to Use Let’s Encrypt with Cloudflare

Reading Time: 3 minutes

Cloudflare is an excellent and well-known content delivery network. A CDN can increase site speed by utilizing Cloudflare’s global caching network to deliver content closer to a visitor’s location. You can also easily attach Cloudflare as an add-on product to your existing Liquid Web server, but there are some configurations to consider.

In this article, we will be covering how to use Cloudflare in conjunction with Let’s Encrypt SSL. Cloudflare will act as the CDN while Let’s Encrypt performs the SSL (HTTPS) encryption (in lieu of Cloudflare’s Universal SSL). Let’s Encrypt is an amazing open-service for creating free SSL certs for your site and for this tutorial you should already have Let’s Encrypt installed on your server.  While there are correct ways to use Cloudflare with Let’s Encrypt there are also configuration settings that could cause connection errors to appear. So, it’s important to know which options to selecting when setting up these entities.

Step 1: First, you will need a Cloudflare account and will need to generate a Let’s Encrypt x3 cert on your server.

Note:
Our Managed WooCommerce and Managed WordPress plans will automatically generate a valid Let’s Encrypt SSL cert for your primary domain set in the manager when your site goes live or if you rename your primary domain in the manager.

If an incorrect SSL mode is selected in Cloudflare it will not load and instead will display an invalid SSL cert.  This is a common error and one that can be avoided to ensure that your customer’s have a positive and trusted experience with your site.

A key part is to make certain the correct SSL mode is set in Cloudflare since it offers a number of different SSL modes:

  • Off
  • Flexible SSL
  • Full SSL (Recommended Setting)
  • Full SSL (Strict)

Step 2: SSL Modes can be accessed from the Crypto section in the Cloudflare dashboard.

Now that you are in the settings of Crypto you will need to go through these specific settings in Cloudflare; these changes will take maybe 30 – 50 seconds to make.

Note:
When using Cloudflare, Cloudflare’s universal SSL is what browsers would see, unless you manually upload your own SSL certificate, which requires the $200/month business plan. Most customers will be fine with utilizing Cloudflare’s universal SSL.

Step 3: Select the domain you want to work with, then select “Crypto” top menu option in Cloudflare. Under SSL select – Full.  Scroll down to see Always use HTTPS and set it to ON.

Step 4: On the HTTP Strict Transport Security (HSTS) section select Enable HSTS

You will need to select the “I understand” checkbox and click on the Next button.

You will need to select the “I understand” checkbox and click on the Next button.

Step 5: A pop up box will appear, here you’ll set:

  • Max-Age: 3 months
  • Apply HSTS policy to subdomains (includeSubDomains): Off
  • Preload: Off

Now click Save

Step 6: Set to Minimum TLS Version to TLS 1.2

Step 7: Opportunistic Encryption: ON

Step 8: TLS 1.3: Enabled

Step 9: Automatic HTTPS Rewrites: On

Step 10: Disable Universal SSL by selecting this option you are no longer using Cloudflare Universal SSL certificate. You will only use SSLs stored in your server, in this case, Let’s Encrypt. Click “I understand” and select Confirm.

These simple changes made in Cloudflare, will help you to avoid any dreaded downtime when using Let’s Encrypt with Cloudflare. Meaning that your customer’s can fully trust that their data is securely transferred with HTTPS through Let’s Encrypt’s.

Still need help setting up Cloudflare and Let’s Encrypt on your server?  Reach out to us!  Our Liquid Web servers come with 24/7 assistance from our knowledgable support team.  Get the support you deserve today!

Troubleshooting Microsoft SQL Server Error 18456, Login failed for user

Reading Time: 4 minutes

Login errors with Microsoft SQL Server (MSSQL) are a fairly common issue and can be easily solved with some basic troubleshooting steps. Before we dig in, let’s take a look at the details of the error to try and determine the cause.

Solutions to Microsoft SQL Server Error 18456

Sometimes, the error presents as “login failed for user ‘<username>’,” this information will help us as we identify the user we need to troubleshoot. From the message, we’ll know the error number as a reference to search for next steps. In this case, it is Microsoft SQL Server, Error: 18456.

Other times, we may only see “Microsoft SQL Server Error 18456” along with severity and state number. On its own, a state number might not mean much, yet it can offer more details as to what is wrong and where to look next.

These states of the error, 18456, are the most common. The descriptions and potential solutions offer a quick explanation and potential troubleshooting guide.

For Microsoft SQL Server Error 18456, there are several solutions for solving the issue.

Step 1:  Log In with Remote Desktop

The troubleshooting and solutions require you to login to the server or at least be able to make a Windows Authentication connection to MSSQL using Microsoft SQL Server Management Studio. The most common and easiest method is to connect directly to the server with a Remote Desktop Connection. If you need more information about Remote Desktop Connection, these Knowledge Base articles will help you get connected:

Step 2: Run Microsoft SQL Server Management

Once you are logged into the server, you’ll want to run Microsoft SQL Server Management Studio (SSMS). SSMS is the tool best suited to configure, manage, and administer MSSQL.

When you start SSMS, you will be asked to log in to the server. By default, most MSSQL servers have Windows Authentication enabled, meaning you must log in with the Windows Administrator or the account specified as the SQL Administrator when MSSQL was installed and configured.

In addition to Windows Authentication, MSSQL supports SQL Server Authentication. Depending on the version of MSSQL and how it was installed and configured, you may or may not have SQL Server Authentication enabled by default.

Step 3: Checking the Server Authentication Mode

Once we login to SSMS using Windows Authentication, we need to check the security settings to confirm whether MSSQL is set up to allow both Windows and SQL Authentication.

In SSMS, right-click the Server Name at the top of the Object Explorer window and choose Properties.

Next, click the Security page.

If you find Windows Authentication is the only mode configured, this is the likely cause of Error 18456, Login failed for user ‘<username>’.

Setting the Server authentication mode to allow SQL Server and Windows Authentication, you will be able to login to MS-SQL with a SQL user and password or a Windows user and password. After making this change, you will need to restart the SQL Server service.

 

Step 4: Restart the SQL Service

In SSMS, right-click the Server Name at the top of the Object Explorer window and choose Restart to apply the new authentication mode settings.  

In the above example, Windows Authentication mode was the only mode configured, and the Error 18456 occurred because the user ‘sa’ is a SQL user and SQL Server Authentication was not permitted.

 

Step 5: Checking SQL User Permissions

As we check the SQL user permissions, we need to answer the following questions:

  • Is the user allowed to log in?
  • Does the user have a valid password set up?
  • Does the user have the needed permissions for access to the desired database?

In SSMS Object Explorer, expand Security, Logins. Locate the user that was failing to log in. A red x on the user indicates this user has login disabled.

To allow the user to login, right-click the user and choose Properties, then click the Status page. Enabling login for the user and click OK.

After refreshing the list user logins, we can confirm the user no longer has a red x present. This should allow the user to log in. In this example, the SQL user ‘sa’ failed to log in because there was no permission to log in. 

Continuing with user troubleshooting, right-click the user and choose Properties, then click the General page. Here you can enter a new password and then enter the confirmation password. Click OK to save the new password. We set a new password for the user so that we are certain of the password when we attempt to log in.

Step 6: Mapping the User to the Database

Our last step in troubleshooting a user is to check user mapping to verify the user has access to the desired database and to set or verify their role for the database. Right-click the user and choose Properties, then click the User Mapping page. Select the Database from the list of databases. From the database role memberships, select the desired/required memberships. Click OK.

In this example, we mapped the user ‘ProdX709’ to the database Production X709.2019 and granted them database role db_owner. In many cases, you only need a user to have db_datareader and db_datawriter roles to be able to read and write to the database.

 

In this troubleshooting article, we learned how to identify specifics of Error 18456 to help us track down the root cause of the issue. Still looking for support?  Our MSSQL database solutions come with assistance from our technical support team. Find out how our high-availability database can work for you!

How To Check a MySQL Database for Errors in cPanel

Reading Time: 1 minute

This tutorial assumes you’ve already logged in to cPanel, and are starting on the home screen. Now let’s learn how to check a database for errors.

  1. Click the “MySQL Databases” icon.cpanel-pl-mysql-9-check-02
  2. Under “Modify Databases”, and in the “Check Database” drop-down box, select the database you want to check.cpanel-pl-mysql-9-check-03
  3. Then click “Check Database”.cpanel-pl-mysql-9-check-04
  4. That’s it! The check has been completed, and no errors were found.cpanel-pl-mysql-9-check-05

 

Error: Login without a password is forbidden by configuration (see AllowNoPassword) [SOLVED]

Reading Time: 1 minute

This error relates to logging into phpMyAdmin, an open source tool used for the administration of MySQL.

Once in awhile, perhaps on a Development server, MySQL won’t be setup with a root password. The aforementioned configuration is generally thought of as against best practices however, if it is what you’re dealing with, then it could also interfere with phpMyAdmin.

Pre-Flight Check

  • These instructions are intended specifically for solving the error: Login without a password is forbidden by configuration (see AllowNoPassword).
  • I’ll be working from a Liquid Web Self Managed Ubuntu 15.04 server, and I’ll be logged in as root.

The Error

The error will read “Login without a password is forbidden by configuration (see AllowNoPassword)” as shown below.

Error Login without a password is forbidden by configuration (see AllowNoPassword) [SOLVED]
Continue reading “Error: Login without a password is forbidden by configuration (see AllowNoPassword) [SOLVED]”

How to Install Logwatch on Fedora 21

Reading Time: 1 minute

Logwatch is a Perl-based log management tool for analyzing, summarizing, and reporting on a server’s log files. It is most often used to send a short digest of server’s log activity to a system administrator.

What are log files? Logs are application-generated files useful for tracking down and understanding what has happened in the past.

Pre-Flight Check

  • These instructions are intended specifically for installing the Logwatch on Fedora 21.
  • I’ll be working from a Liquid Web Self Managed Fedora 21 server, and I’ll be logged in as root.

Continue reading “How to Install Logwatch on Fedora 21”

Error: 500 OOPS: vsftpd: refusing to run with writable root inside chroot() [SOLVED]

Reading Time: 1 minute
Pre-Flight Check
  • These instructions are intended specifically for solving the error: 500 OOPS: vsftpd: refusing to run with writable root inside chroot().
  • I’ll be working from a Liquid Web Self Managed Fedora 20 server, and I’ll be logged in as root.

Continue reading “Error: 500 OOPS: vsftpd: refusing to run with writable root inside chroot() [SOLVED]”

Error: 500 OOPS: priv_sock_get_cmd [SOLVED]

Reading Time: 1 minute
Pre-Flight Check
  • These instructions are intended specifically for solving the error: 500 OOPS: priv_sock_get_cmd.
  • I’ll be working from a Liquid Web Self Managed Fedora 20 server, and I’ll be logged in as root.

Continue reading “Error: 500 OOPS: priv_sock_get_cmd [SOLVED]”