Redirect to Https

Google just announced that starting July 2018 Chrome, their very popular web browser, will start alerting for all websites which are not using Secure Sockets Layer, or SSL encryption. This is huge. The ramifications of such an alert could be quite impactful to traffic, to websites, and especially for the average user. So, what does that mean for you? More importantly, what can you do about it? No worries! Liquid Web has you covered.

In today’s post, we’ll be detailing some of the finer points of SSL encryption including what it is, what it means, and how to employ it. Let’s get started!

What is Secure Sockets Layer (SSL)?

Secure Sockets Layer, or SSL, is a means to encrypt traffic. That’s it! They’re no mystery, and there’s no reason to feel daunted by the technical term. The best part is that you’ve probably been making use of SSL encrypted traffic forever and haven’t even noticed it. If you’ve ever browsed to a website and noticed the prefix https:// or a little padlock in the browser bar, you’re using Secure Sockets Layer encryption.

Unencrypted: non-SSL

Insecure Site
Encrypted: Secure SSL
Secure Site

At a very high level, it’s referred to as a key-cert pair, and it’s super easy. The key file and certificate files are installed on your web server. Once installed your visitors browse to the https:// prefix and that’s it! Their traffic is encrypted end to end. If you’re unsure whether or not you’re currently using an SSL, there are some handy tools like  Why No Padock that can help identify your usage.

How does SSL work?

The more technical portions revolve around an encryption algorithm and are a little specific for the average user. At its base, an encryption key and certificate are installed on your web server, as we mentioned earlier. This key is comprised of details about the website. Nothing scary, though! It’s just enough to ensure the site is who it claims to be. Details such as the domain name, the company’s name, the company’s business address; that kind of thing. You know, aspects you’d like to know about a legitimate company with whom you’re choosing to do business and, as a business owner, are proud to announce to the public.

Finally, that information is submitted to a known certificate authority who’ll encrypt the data into the key-cert pair we talked about already. You’ll install the key-cert pair on your server. Then, whenever someone tries to access https on your site, their browser will receive that public cert and compare it to public records for your domain. The browser will verify that your business is legitimate, –because it is!– and will use that certificate to encrypt all the data that’s passed between them and your web server.

This means, whenever there is data moving between them and you, if any bad guys try to inspect or steal it, all they’ll get is a bunch of garbled junk. Your data and your clients’ data are both safe and secure!

Liquid Web has a detailed step by step instruction on server setup at our Knowledge BaseOnce you have an SSL installed on your site, your clients still have two means by which to connect to your site. The HTTP method, which is unencrypted, and the HTTPS method, which is encrypted by your new SSL. The choice is usually denoted by how your clients or your referral traffic structures their link.

Redirecting to Https

Note
This process assumes you’ve already installed an SSL on your site.

The process is referred to as “Forcing SSL Redirection.” Ultimately, you’ll use code to make sure, whenever someone goes to HTTP, their traffic is directed over to HTTPS. Click on the tabs below to learn how the different ways to implement SSL onto your site.

cPanelWordpress.htaccessPlesk
If you’re using cPanel, you’ll need to access your cPanel account and navigate to the “Redirects” menu from the “Domains” group.

You’ll notice the Wild Card Redirect check box. This is a unique function that forces all links to HTTPS, not just the primary domain. I’m very much a fan of this option as it ensures all links will be directed to the SSL secured version which has you covered if someone links to a specific page of your site and not the home page.

Click “ADD” and you’re done!

No need to use cPanel, Plesk or the command line with the very popular Content Management Software, WordPress! Editing can be done straight from the WordPress Admin interface. Log into your WordPress Admin interface navigate to the Settings menu. From there you can simply set your WordPress and Site Address to use the https:// prefix, like so:

Wordpress Admin Section in Settings

Easy Peasy! One last test to make sure you’re using your SSL will show that you are! You could use an SSL checker like SSLShopper, or clear your cache on your browser and reload! See our article on how to clear your browser cache if you are having trouble.

You should be able to see the little green padlock in the browser bar that gives your clients that warm, fuzzy feeling. Even better, the upcoming alert from Google Chrome about unencrypted traffic is no longer a worry.

More advanced users who aren’t using a control panel can use some simple rules in their .htaccess file.

From the command line, navigate to the document root of your domain and use your favorite editor to open or create your .htaccess file. Then add the following lines:

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%(REQUEST_URI) [L,R=301]

Here’s an output of mine:

Example of Redirection Code

The method is very similar for Plesk: Log into your Plesk interface and navigate to the “Hosting Settings” for your domain:

Locating Hosting Settings in Plesk

From the Security subheading of the Hosting Settings, check the SSL/TLS support and Permanent 301 redirect checkboxes. Also, make sure you select the correct certificate. Lastly, click the “Apply” button and you’re done!

Redirection Settings Within Plesk

Mixed Content (Insecure Content)

There is one last part. SSLs are installed on your server. So they can only encrypt and protect objects that are on your server. This means, if you happen to be linking to off-server content, like Facebook posts, YouTube links, or images or other content from some else’s sites, you have to make sure they’re using an SSL too. If they’re not, you’re technically hosting insecure content on that page and Chrome will alert your clients as such (characterized by having https but not the green lock). If you’re unsure about the content on your site, you can use a site like Why No Padlock to check. It’ll give you a nice readout and will list any issues with unencrypted content under the “Mixed Content” heading in the report.

Luckily, big names like YouTube and Facebook are already on board and use SSLs. But there are still a lot of sites on the internet who do not. It’s up to you to help the internet’s security and be diligent in our pursuit to be good net-citizens together.

You’re now familiar with SSLs, Forced SSL Redirection and the upcoming Google Chrome alert. As always, if ever you need help or have issues, our Knowledge Base is here for you to peruse and our Helpful Support Humans are happy to help.

 

Editing MX Records

How to Edit MX Records in DNS

Perhaps you are moving from using your web server for e-mail to a new service that offers advanced features such as Liquid Web’s Premium Business Email Hosting, or maybe you want your e-mail address to better reflect the business you conduct with your inbox. Either way, when changing mail servers, you will find yourself editing MX records. Each time you send a message, these records help an e-mail server figure out how to get your message where it needs to go. Once the message is ready to leave the server you send it from, it looks up the record for the domain where your receiver checks their mail. By the end of this article, you will be able to edit your domain’s MX records in cPanel or Plesk.

Preparation

This step is necessary whenever editing DNS entries such as the MX record. Before starting, you’ll want to make sure that the server you are editing the MX records with is the “name server.” The name server is the server responsible for letting browsers (and e-mail servers) know where your domain “lives” on the internet by providing the list of DNS records associated with the domain. DNS records provide information about domains to computers that need to interact with them to provide you with services. The key thing to note here is that you can only effectively edit the MX record at the name server for your domain. To look up your name server, you can use easyWhois. Once you get to the site, simply enter your domain and hit enter. Once the list of details loads, look for the “Name Server” lines. Usually, there is a ‘ns’ part with a number after it. That part after that tells you the server, and this is where you will login to cPanel or Plesk. For a refresher on how to login to your cPanel or Plesk server, you can look here: Logging Into cPanel or Logging Into Plesk.

Editing Plesk MX Records

Part 1: Removing The Old Records

  1. Once logged into Plesk, click the “Websites & Domains” tab on the left hand side.
  2. Find the section for the domain that you want to change an MX record for.
  3. If you see a bar with an arrow that points downward and reads “Show More” click that button, then click “DNS Settings,” otherwise just click “DNS Settings” in the section for your domain.
  4. Look at the “Record Type” column in the list, and find any entries that read “MX” (with a number after it). Click the checkbox on the left hand side for each of these entries.
  5. Towards the top of the page select the “Remove” button.
  6. At the “Remove the selected DNS records?” dialogue box that appears, select “Yes.”

Part 2: Adding Your New MX Records

  1. Towards the top of the page click the “Add Record” button.
  2. Next to “Record Type” click the dropdown box, and select “MX”.
  3. Ensure that the “Mail domain” section shows everything that comes after the “@” symbol for your e-mail address here. Most of the time this blank should be left empty. However, if your e-mail address is less common such as francis@research.example.com (instead of francis@example.com), you’ll want to make sure ‘research’ appears in the blank at the left. The domain (example.com part in this example) is listed automatically.
  4. At the “Mail Exchange Server” blank, enter the entire mail server you are changing your MX record to point to (Example: mail.example.com).
  5. At the next section, “Specify the priority of the mail exchange server”, click the dropdown box and select “5.” Most of the time that should be perfectly adequate, however if your new MX record has a number in the middle that does not match, you may change it from “5” to match the new record you wish to use.
  6. Click the “OK” button to proceed.
  7. You will now see a box at the top of the page that reads “The changes you made to DNS records are not saved yet. The changes are marked in the list of records. Click Update to apply the changes to the DNS zone. Click Revert to cancel the changes.”
    Click “Update.”
  8. Click the button marked “Apply DNS Template.”

You have now set up your new MX record(s) for your domain in Plesk.

Editing cPanel MX Records

  1. Once logged into cPanel for the domain you wish to set the MX record for, find the “Domains” section and click “Zone Editor.”
  2. Click “Manage.”
  3. Look at the “Type” column and find the entries with “MX” under that section.
  4. Select “Edit” next to the first MX entry.
  5. Under the “Record” section, set the priority to match the number given in the MX entry you wish to add, then place the server name at the right side of your entry in the “Destination” blank.
  6. If you have a second (or third, etc.) MX record line to add, click the arrow next to the “Add Record” button, and select “Add MX Record.” then repeat step 5.

If you want to set up or change MX records for multiple domains, you can use WHM. For a guide, check out step 2 of our Knowledge Base article “cPanel – How to Change a Domain’s MX Record”.

Additional Notes:

  • If you can spare 24-48 hours, it’s a great idea to reduce the TTL (Time To Live) for each MX record already in place BEFORE adjusting the other values for the MX record. These are given in seconds, and you’ll want to make sure they’re reasonably low (around 300 is a good value) to ensure that when you are ready to make your MX record changes they will spread throughout the internet without a long delay. After changing these TTL values, allow 24-48 hours before completing your final MX record changes.
  • Most of the time you will have the new mail server’s “hostname” (the server address in text form), however if you have only an IP address see this article for a procedure that will show you what to do before following the previous steps in this guide.
  • For a more detailed look at DNS records in general you can check out What is DNS.

Useful Links:

For instructions on how to look up an MX record and what it looks like, see Understanding MX Records.

This guide is not intended to be comprehensive, and if you need more detail about what we’ve gone over, this article is a great resource.

 

How to Use Disk Quotas in Dedicated Linux Servers for Plesk Servers

Using Disk Quotas on Plesk Servers

Plesk servers come in a variety of underlying operating systems like: Windows, CentOS and Ubuntu. These systems address disk quotas in different ways. However, they all use the same tools within the Plesk interface. Plesk servers can assign quotas on an individual domain basis or through the Service Plans & Subscriptions system. We will go over both of these methods below.

Continue reading “How to Use Disk Quotas in Dedicated Linux Servers for Plesk Servers”

Upgrading PHP on Windows

Performing an upgrade to PHP on Windows Server

Keeping your software and applications up to date is a crucial part of maintaining security and stability in your web hosting systems. Unfortunately, updating system components and back-end software can sometimes be a frustrating and a difficult process. However, thanks to Microsoft’s Web Platform Installer, upgrading PHP on a Windows server with IIS is as simple as a few clicks.

Continue reading “Upgrading PHP on Windows”

How to Use a Remote Desktop

Remote Desktop Protocol or RDP provides access to your Windows Server’s operating system from your desktop, workstation machine, mobile device or laptop. The connection to your server will be encrypted and it offers some enhancements that allow you to attach local drives and devices.

Most modern Operating Systems have support for Remote Desktop. A Remote Desktop Client made by Microsoft is available in the Apple Appstore, the MacOS store, Google Play, the Chrome Web Store for ChromeOS and of course in the Windows Store. On Linux you may need to download a 3rd party option such as RDesktop or FreeRDP which you can get through a repository or it will be pre-installed on some distro’s.

Continue reading “How to Use a Remote Desktop”

The 8 Step Checklist to a better migration

8 Tips to a Smooth Migration

A recent Liquid Web survey revealed that businesses are often held back from choosing a better hosting partner by the “what-if” situation when a migration presents. Nearly a quarter of consumers who decide not to switch to a new provider cited fear of the migration as the biggest reason for maintaining the status quo. Even if they believe that the new hosting provider would be better. Continue reading “The 8 Step Checklist to a better migration”

Database Backup and Restore in Plesk 12.5

Earlier versions of Plesk required the use of database management tools to dump databases, but Plesk 12.5 allows you to back up (by exporting a database dump as an SQL file) and restore them (by importing a database dump as an SQL file) without having to leave the control panel.

Step #1: Export a Database

  1. Select Websites & Domains from Plesk’s main menu.
  2. Select Databases, then scroll down to the panel for the database you wish to export.
  3. In the panel for your desired database, click the Export Dump icon and select a destination for the backup file. By default, it will be stored in the selected subscription’s home directory.

Step #2: Import a Database

  1. Select Websites & Domains from Plesk’s main menu.
  2. Select Databases, then scroll down to the panel for the database you wish to export.
  3. In the panel for your desired database, click the Import Dump icon browse to the backup file’s location (locally or on the server), and click the OK button.
Note: To avoid potential data loss, never attempt to restore a database without first backing up the existing database with a unique filename.

How To Add Users and Assign Roles in Plesk

You can add or edit users, and create and assign roles via Plesk’s user settings page. The method for accessing user settings is slightly different in various Plesk views:

Access the User Accounts page

  • In Service Provider View
    If you’ve elected to use Plesk’s Service Provider view:

    • Select the Subscriptions setting in Plesk’s main menu to bring up the Subscriptions page.
    • Click on the desired domain name in the Subscription column to bring up hosting details for that domain.
    • Select the Users tab from the uppermost row of menu tabs to load user settings.

      1PleskSPVUsers

  • In Power User View
    If you’ve elected to use Plesk’s Power User view, you can simply click the Users button in the main menu to bring up a list of user accounts:

    2Users

From the user settings page, you can use add or delete users, assign and edit user roles, or add custom user roles. You can use the links below to quickly navigate to each section:

Create a New User Account

  1. Click the Create User Account button and provide the necessary information:

    Create User Account

  2. When assigning a User role, Plesk provides the following four default roles. If you have created any custom roles, they will be listed here as well:
    • Administrator: Users with an Administrator role have full access to the Plesk control panel and server management functions.
    • Webmaster: The Webmaster role allows users to manage most aspects of the subscriptions to which they are assigned, including creating new sites and configuring services such as DNS, mail, and FTP. Webmasters cannot, however, create new Plesk users or manage roles.
    • Application User: Limited access
    • Accountant: The Accountant role is the most limited in Plesk. Users with this role can see details of the subscriptions to which they’ve been given access, such as resources used and current hosting options, but they are unable to modify any settings.
  3. In the Subscriptions field, select the primary domain name associated with the subscription to which you want the user to have access, or select All to allow them to access all subscriptions.
  4. The user will be added once you click the OK button.

Remove a User Account

On the user settings page, simply check the box next to an existing account and use the Remove button to delete the selected user account.

Create a New User Role

  1. To create a new user role, select the User Roles tab and then click the Create User Role button.
  2. Enter a name for the new user role, select the desired roles, and then click the OK button once you’re done.

    Create New User Role

    Note: For a detailed explanation of each user role, see the official documentation.

Edit an Existing User Role

Click the user name listed in the Contact Name column to edit roles for that user.

Note: For a detailed explanation of each user role, see the official documentation.

Add an additional administrator account

Plesk allows you to add additional administrator-level accounts for users, such as your IT staff or developer, who will be performing administrative tasks on your behalf. An additional administrator account can perform most of the same tasks as the primary administrator.

To add (or edit or remove) an additional administrator account, click on Additional Administrator Accounts under the Tools & Settings menu, and specify the information for the new administrator account.

xAddAddlAdminUserToolsSettings

How To Generate and Renew Let’s Encrypt SSL Certificates in Plesk 12.5

Let’s Encrypt is a free, automated, and open certificate authority from the Internet Security Research Group (ISRG). It enables anyone to install a free trusted SSL certificate on their website and benefit from the enhanced security an encrypted connection provides. Unlike a self-signed SSL certificate, which also is free and secure (but not verified), a Let’s Encrypt certificate is recognized as fully verified and will display the padlock icon in the address bar of modern browsers.

Beginning with version 12.5, Plesk provides access to both a plugin which interfaces with the Let’s Encrypt CLI client and an extension for use within Plesk. Please note that Plesk’s support for Let’s Encrypt applies to some Linux distributions as well as Windows, and while these instructions may also apply to a Linux server running CentOS 6 or higher, additional configuration beyond the scope of this article may be necessary. Continue reading “How To Generate and Renew Let’s Encrypt SSL Certificates in Plesk 12.5”

How to Generate a CSR and Install an SSL in Plesk

Pre-Flight Check

  • This article is specifically intended for generating a Certificate Signing Request and installing a standard SSL certificate on a Windows server running Plesk.
  • We’ll walk through ordering the SSL via Liquid Web’s Manage interface, but you can use the CSR you generate in Plesk to purchase an SSL from the vendor of your choice.
  • If your Windows server is running Plesk 12.5 or higher, you can check out our tutorial on Using Let’s Encrypt SSL Certificates with Plesk 12.5.

Step #1: Generate a Certificate Signing Request in Plesk

  1. Log into Plesk.
  2. Select Domains from the main menu and click on the domain name to access its settings page.
  3. Click on SSL Certificates to bring up the SSL certificate page:

    WinPleskSSL1

  4. Now click the blue Add SSL Certificate button:

    WinPleskSSL2

  5. Fill out the request form and then press the Request button:

    WinPleskSSL3

    While the fields are self-explanatory, pay special attention to these three required fields:

    • Certificate name: This is how the certificate will be displayed in Plesk. To make it easier to identify later, you’ll likely want to use the domain name.
    • Domain name: If you want your SSL certificate to cover the domain with and without the “www”, you must enter the “www” version here.
      • A certificate for www.yourdomainname.com will cover both yourdomainname.com and www.yourdomainname.com.
      • A certificate for yourdomainname.com will only apply to yourdomainname.com.
    • Email: Plesk will email the CSR and details to this address, although we will walk through retrieving the CSR directly from Plesk in the next step.
  6. Upon submitting the form, you’ll be redirected to the domain’s SSL Certificates page. Click on the certificate name (“Sample” in this example) to return to the certificates page, where you’ll be able to copy the CSR:

    WinPleskSSL4

  7. On the SSL Certificates page for the domain, scroll down to the section labeled CSR, and copy all the text contained in that field:

    WinPleskSSL5

    Important: Leave this window up, as you will return to it once you have ordered and obtained the certificate. You will paste the certificate into the Upload the certificate as text field just above the CSR section on this same page.

Step #2: Order the SSL Certificate in Manage

  1. In a new browser window or tab, log into your Liquid Web Manage dashboard.
  2. Click on the Create button near the top left of the page and select SSL Certificate:

    WinPleskSSL6

  3. On the Order an SSL Certificate page, paste the CSR you copied from Plesk into the Certificate Signing Request (CSR) field.

    WinPleskSSL7

    The CSR Details section will populate with the information you entered in Plesk.

    • Review the CSR details. If you need to correct any errors, go back to Step One and re-generate the CSR.
    • Select the length of time for which you’d like the certificate to be valid.
    • Select a Verification Method. Typically you will want to leave this set to “Automatic”.
    • Click the Purchase SSL Certificate button to order the certificate and have it charged to your card on file.

Step #3: Verify and Obtain your SSL Certificate

  1. Your SSL certificate is accessible from your Manage dashboard.
    • Click on Overview in the left menu of your Manage dashboard.
    • Click on SSL Certificates under the Services section.
    • Click the [ + ] button next to the domain name to expand the window.
    • Click the Dashboard button to access the SSL dashboard.
  2. If automatic verification was successful, you will see a green button next to Verified in the Status column. If automatic verification failed, follow the instructions for verifying the SSL via DNS record, HTML meta tag, or email at Installing an SSL Certificate.
  3. Once the certificate status is displayed as Verified, click the link labeled X509 Certificate to pop up a window containing the certificate. You will need to copy the contents of the certificate in that popup before returning to your Plesk browser window or tab.
    Important: Leave this window up, as you may need to return to it to copy and paste the Intermediate Bundle from this screen into the CA Certificate field in Plesk.

    WinPleskSSL8

Step #4: Install the SSL Certificate in Plesk

  1. Now return to the Plesk browser window or tab you left open in Step #1, and paste the certificate into the Upload the certificate as text field just above the CSR.

    If the CA certificate does not fill in automatically, you will need to copy the Intermediate Bundle from the Manage browser window or tab you left open in Step #3 into the CA certificate field.

    WinPleskSSL9

  2. Now click the Upload Certificate button to add the certificate.

Step #5: Configure the Domain to Use SSL

Now that the SSL certificate is uploaded, all that remains is to enable SSL support for the domain.

  1. In the Plesk menu, click on Websites & Domains.
  2. Click on the domain name.
  3. Click on Hosting Settings.
  4. Scroll down to the Security section, select the certificate to use and check the box next to SSL support.

    WinPleskSSL9