How To Order or Renew an SSL Certificate in Manage

Pre-Flight Check

  • This article assumes that you wish to order an SSL certificate through your Manage customer dashboard, or renew a certificate which you previously ordered through Manage.
  • For new certificates (non-renewals), you will first need to obtain a Certificate Signing Request (CSR). If you prefer, you can easily generate a CSR through cPanel or Plesk.

Ordering an SSL Certificate in Manage

Log into your Manage dashboard at https://manage.liquidweb.com and click on the Create button at the top left, then select SSL Certificate from the list of options.

Order an SSL from Your Manage Dashboard

You then can paste your CSR into the Manual field on the Order an SSL Certificate screen, select the length of time for which you’d like the certificate to be valid and finally click the Purchase SSL Certificate button to order the certificate and have it charged to your card on file.

Adding a CSR in Manage

Should automatic verification fail, you will need to verify the certificate manually.

There are three ways to do this:

  • DNS Record: This method requires you to add a text record (TXT) to the authoritative DNS zone file for the domain. If the site is using Liquid Web nameservers you can do this in Manage by clicking on Domains in the left menu and then selecting the DNS tab.
  • HTML Meta Tag: Requires you to add a meta tag into the head section of the index page on your web site.
  • E-Mail: An automated email will be sent to an authoritative address for the domain containing a link which you can click on to verify the certificate. Please note that the email verification option does not allow you to specify a custom address to which the verification email will be sent, you must choose from among a list of addresses considered to be authoritative, such as webmaster@, admin@, administrator@, etc.

To use one of the manual verification methods, you will need to obtain the verification data to add to the site’s DNS record or site code, or specify the email address to which the verification link will be sent.

To do that, click on Overview in the left menu of your Manage dashboard, click on SSL Certificates under the Services section and then click the Dashboard button.

Click on your domain name and change the Method under the Verification section to your desired method: DNS Record, HTML Meta Tag or E-Mail.

Changing the verification type will show you the record expected for that method, or allow you to select the email address to which the verification link will be sent. Again, please note that the email verification option does not allow you to specify a custom address to which the verification email will be sent, you must choose from among a list of addresses considered to be authoritative, such as webmaster@, admin@, administrator@, etc.

Once verified, the SSL certificate will need to be installed on your domain. To do so, follow our guides for cPanel or Plesk.

Renewing an SSL Certificate in Manage

To renew an SSL certificate which you previously ordered via Manage, log in and click SSL Certificates under Services near the bottom of the page. Then click the “Dashboard” button:

managessldashboard

A “Renew” button will be located to the far right of the domain name covered by the SSL Certificate.

Manage SSL Renew

As with new a new order, select the length of time for which you’d like the certificate to be valid and complete the order.

Once the SSL has been renewed, it will need to be installed on your domain. To do so, follow our guides for cPanel or Plesk.
 

How to Add or Modify DNS Records in Manage

Pre-Flight Check

To manage a domain’s DNS records in your account management interface, it must use one of our nameservers, which are:

  • ns.liquidweb.com and ns1.liquidweb.com
  • ns.sourcedns.com and ns1.sourcedns.com

If you already know that your site is using Liquid Web’s nameservers, skip ahead to Step #2: Adding or Editing a DNS Entry.

Step #1: Where is DNS hosted?

There are several methods to determine which nameservers are considered authoritative for your domain. You can either:

  • Use a web-based WHOIS lookup tool such as ICANN WHOIS and noting the listings under Name Servers
  • Query WHOIS from a terminal by running the command “whois yourdomainname.com” and noting the listings under Name Servers
  • Log into your Manage interface, select Domains from the left menu and click on the DNS tab. Scroll down to the CURRENT DNS ZONES section and look at the Delegation column. If you see a green button labeled “Delegated”, your domain is using our nameservers and you can click the [+] the the left of the domain name to expand its record and start managing entries immediately.

    CurrentDNSZones

If your domain is not using our nameservers but you do want to be able manage DNS records through your Liquid Web account interface, you will need to log into your account at the registrar and update the nameservers to one of the pairs noted at the top of this article.

Note: It is not necessary to transfer a domain name simply to specify different nameservers or move its authoritative DNS record. You can continue to use your preferred registrar for domain name renewal and management even if you update the domain to use our nameservers.

 

Step #2: Adding or Editing a DNS Entry

  1. From your Manage interface, click on Domains in the left menu and then select the DNS tab in the Domains Dashboard and click the [+] to the left of the domain name to expand its DNS record.

    Add a DNS record in Manage

  2. To add a new record, click the blue Add New Record button at the bottom. To edit an existing record, click the Edit button to the right of the entry you wish to change. Each entry has four fields:

    Add new DNS record

    • Name: This field allows you to append a prefix (or more accurately, a suffix, since domain names are resolved from right to left) to the main domain name. If you’re adding a record for a subdomain, such as shop.example.com, you would enter “shop” in this field. Note: The Name field is also called “Host” or “@” at some registrars and hosting companies.
    • TTL: This specifies, in seconds, how long the DNS entry should be cached by a resolver before it’s considered outdated and checked again. A higher setting will reduce load on the DNS server, but will extend the time it takes for the new entry or value to propagate. Generally, you will want to set a lower value prior to changing a record (300 or 3600 for 5 minutes or one hour, respectively), and then raise the TTL back after 24 to 48 hours once your change has had a chance to fully propagate.
    • Type, and Data: Manage allows you to enter and edit multiple record types. Remember that only A, AAAA, and NS records take an IP address in the Data field.
      • A and AAAA records resolve a domain to an IP address (IPv4 for A, IPv6 for AAAA). Without these records, a site will not resolve. In addition to the main domain name, you likely will want to add an A record for your hostname, as well as any subdomains which resolve to a different server.
      • CNAMEs are aliases pointing an entry back to the main domain. Once a browser requests a page from that subdomain from your web server, the server will route the request to the proper directory. If you find yourself frequently creating records for subdomains, you may wish to add a wildcard CNAME to cover any requests for subdomains without their own records. You can do so by entering an asterisk in the Name field.
      • MX records determine how mail is handled for the domain. When selecting an MX record type, Data will contain two fields: Priority and Exchange.
        • Priority always will be a number. Mail will be routed to the lowest numbered (highest priority) MX entry. Use the settings recommended by your control panel or email provider.
        • Exchange is the server to which mail will be directed.
      • NS Nameserver records specify the nameservers for the domain. Remember that the authoritative nameservers are specified at the registrar — if a WHOIS search returns different nameservers than what you’ve entered here, your entries in Manage will have no effect.
        Note: When using your own private or custom nameservers, their nameserver entries must be added at the domain’s registrar. When using custom nameservers, you will not be able to use Manage to add or edit DNS entries; that will be done via your server’s control panel.
      • SRV, or Service, records are used to configure services for your domain. When configuring an SRV record in Manage, the Name field should begin with an underscore, then the name of the service, a period, an underscore, and finally the protocol. For instance, a SRV record for Office 365’s Session Initiation Protocol over TLS would contain “_sip._tls” in the Name field. An SRV record contains four Data fields, each of which should be filled out according to the service’s instructions:
        • Priority: As with MX records, the lower the number the higher the priority.
        • Weight: Is used to distribute requests based on capacity.
        • Port: Directs requests to a specific port.
        • Target: Specifies the destination. For the example Office 365 SRV record above, the target would be “sipdir.online.lync.com”.
      • TXT records contain, as the name suggests, text. They can be used for SPF and rDNS entries, as well as domain verification information.
  3. Once you click the green checkmark button, the record will be added and DNS will begin to propagate. Typically only a few hours is needed for this, but it technically can take up to 24 hours to 48 hours for a DNS change to fully propagate globally.

 

How To Unblock Your IP Address in Manage

Liquid Web has introduced a new feature designed to simplify the removal of errant IP address blocks in the firewall, and allow customers to quickly remove their own address from within their Manage dashboard. In this manner, customers can remove blocks on their IP addresses even when they are unable to access WebHost Manager itself due to the block.

Pre-Flight Check

  • The cPanel Quick IP Address Unblock feature is designed for servers using the ConfigServer Firewall (CSF).
  • The feature does not apply to any server utilizing a different firewall.
  • You must have access to your Manage dashboard to use the IP delist feature.
    Note: Customers with Dedicated, Storm, or VPS servers which are not currently using the CSF firewall can request an upgrade from support to take advantage of this Manage feature. There is no charge, it typically takes only a few minutes and the only service that needs to be restarted as a result is the firewall itself. Our support technicians also can port your existing APF rules to CSF. If requesting an upgrade, please be sure to indicate whether your server uses the Guardian backup service so that its rules also can be configured.

Step #1: Log into Your Manage Interface

  1. In Manage, click on the [+] next to your server’s hostname to expand its details.
  2. Now click on the Dashboard button to open the Server Dashboard.

    Dashboard

Step #2: Unblock the IP Address

  1. Click on the Network tab to bring up the Networking pane.
  2. You will see your current IP address, as reported by your web browser, pre-populated in the cPanel Quick IP Address Unblock field. If you wish to unblock a different IP address, simply replace the address shown in the field with the IP address you wish to unblock.
    If you’re attempting to unblock the IP address of a client, developer, or other party who does not know their public IPV4 address, you can direct them to http://ip.liquidweb.com to obtain their address for you.
  3. Click the Unblock IP button to attempt to automatically remove the IP address in the CSF firewall.

    Unblock

  4. The Unblock IP button will change to Working… while it attempts to delist the IP address. Once the process completes, you should see a banner indicating whether the delisting was successful.

    Success

Step #3: I Got Blocked Again. Why?

There are many reasons why an IP address can be blocked in the firewall, but the two most common are:

  • The use of an incorrect username or password combination when connecting to the server or a service such as email, ftp, ssh, or cPanel/WHM
  • A mod_security rule violation

If you are unable to determine the cause for the block, feel free to contact Heroic Support®. You also may wish to consult the following Knowledge Base articles: Unblocking an IP Address or Opening a Port in the Firewall and How to Manage the CSF Firewall in WHM/cPanel.
 
 

How To Add a DNS Record For Your Hostname in Manage

Pre-Flight Check

  • These instructions are intended for domain names using Liquid Web’s nameservers.
  • If the main domain uses other nameservers, such as at a registrar, you will need to log in there and add an “A” record for the hostname in the main domain’s DNS zone file. The record should point to the server’s primary IP address.

Whenever you create a new server (or change the name of an existing one) you will need to add (or update) the DNS record for its parent domain.

If the hostname does not resolve, you will not be able to:

  • access WHM, cPanel, or Webmail via the hostname
  • send or receive email over a secure (SSL) connection using a mail client
  • verify the authenticity of email sent by the server (which could result in mail being rejected or flagged as junk by the recipient’s server)

Fortunately, adding the record is a simple process, and you can add the record in your Manage dashboard.

  1. Once logged into your Manage interface at https://manage.liquidweb.com/manage, click on Domains in the left menu and then select the DNS tab in the Domains Dashboard.

    DNS zones

  2. Now, click the [+] next to the main domain name to expand the domain’s DNS record and click the Add New Record button at the bottom. For the host.examplesite.com server, we’ll be editing the DNS record for the main domain, examplesite.com.

    Add a DNS record in Manage

  3. Your hostname will need an “A” record pointing to the IP address of the server itself. In this case, because the server has only one IP address, it is the same as the IP address of the site.

    Add new DNS record

  4. Once you click the green checkmark button, the record will be added and DNS will begin to propagate. Typically only a few hours is needed for this, but it technically can take up to 24 hours to 48 hours for a DNS change to fully propagate globally.

 

How to Enable Two-factor Authentication (2FA)

Pre-Flight Check

  • These instructions are intended specifically for enabling two-factor authentication for Manage users.

What is Two-factor Authentication (2FA)?

Two-factor authentication (also known as 2FA) means that instead of just a password (one factor), you will need two factors (password, plus a rotating authentication token) to login to your Manage account. Only the correct combination of the first and second factors will allow you to log in. Two-factor authentication is more secure than one-factor authentication.

How to Enable Two-factor Authentication (2FA)

Continue reading “How to Enable Two-factor Authentication (2FA)”

How to Reboot a Server via Manage

Rebooting a server in Manage has been made incredibly easy, and only takes a few clicks. Further simplifying the process, multiple servers can be rebooted at the same time!

Pre-Flight Check

Continue reading “How to Reboot a Server via Manage”