Featured Video: Setup an SSL Site with Managed WordPress

There was once a time on the Internet where there were many valid reasons to avoid using an SSL all the time. For example, using an SSL sometimes meant your website isn’t indexed as thoroughly. Or maybe certain types of caching were broke.

It’s 2017 now though and those days are long since passed. Almost any reason to not use an SSL on your site has been changed or fixed. In this Knowledge Base article we feature a video provided by Chris Lema to show how quick you can setup an SSL on Managed WordPress.

 In just under 2 minutes Chris shows that you can login to your Managed WordPress, create a new WordPress site, and get the SSL certificate setup! Doing the same thing manually could take up to a few hours. There’s no doubt that Managed WordPress makes hosting your WordPress securely quick and simple.

To learn more, or signup, take a look on our Managed WordPress page.

How does an SSL work?

httpVShttps

Every single day 100s of terabytes of data is being transferred across the internet. In fact, based on Intel’s 2012 report, nearly 640K Gb of data is transferred every single minute. That’s more than 204 million Emails, 47,000 app downloads, 1.3 million YouTube videos watched and 6 million Facebook views.

We’re talking about a seriously massive amount of data here. So how do we know if that data is being transferred securely? Enter the SSL/TLS protocols.
Continue reading “How does an SSL work?”

Enabling Let’s Encrypt for AutoSSL on WHM based Servers

With the recent release of cPanel & WHM version 58 there has been the addition of an AutoSSL feature, this tool can be used to automatically provide Domain Validated SSLs for domains on your WHM & cPanel servers.

Initially this feature was released with support provided for only cPanel (powered by Comodo) based SSL certificates, with the plans to support more providers as things progressed. As of now, cPanel & WHM servers running version 58.0.17, and above, can now also use Let’s Encrypt as an SSL provider. More information on Let’s Encrypt can be found here.

Pre-Flight Check

  • These instructions are intended specifically for a managed Liquid Web server with cPanel.
  • The server should be running cPanel & WHM version 58.0.17, or higher.
  • Command line and root level access via SSH will be necessary to follow this tutorial.

Step #1: Enable Let’s Encrypt Auto SSL provider!

In order to install the Let’s Encrypt AutoSSL provider plugin you will simply log in to the server as the root user via SSH and execute the following command:

# /scripts/install_lets_encrypt_autossl_provider

Running this will add and install the necessary RPM files in order to support Let’s Encrypt as an AutoSSL provider. The command should yield results similar to the following:

Installed the cpanel-letsencrypt RPM! AutoSSL can now use Let’s Encrypt.

Step #2: Verify your work

To double check that this has been successful you can simply pull up WHM and load the ‘Manage AutoSSL’ page. Upon loading this page you should see a list similar to the following screenshot.

WHM AutoSSL w/ Let's Encrypt
If your server’s ‘Manage AutoSSL’ page shows the same options as above you have successfully enabled Let’s Encrypt for AutoSSL.

One thing to keep in mind is that there are some domain and subdomain limits that are enforced by Let’s Encrypt. More details on that can be found in cPanel documentation here: Manage AutoSSL – Domain and rate limits.

How To Verify That Your Server Meets PayPal SSL Requirements

As part of an industry-wide effort to adopt strict security standards, PayPal is upgrading the SSL certificates it uses to secure its sites and API endpoints. By June 17, 2016, SSL certificates will need to be signed using the SHA-256 algorithm and VeriSign’s 2048-bit G5 Root Certificate.

At that time, PayPal’s service will discontinue the use of SSL connections that rely on the VeriSign G2 Root Certificate.

You can easily determine whether your server supports this new standard by logging into your server via SSH and running a single command:

openssl s_client -connect api-3t.sandbox.paypal.com:443 -showcerts | egrep -wi "G5|return"

If your server complies with the requirements, you will see a result similar to the following:

i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. – For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority – G5
Verify return code: 0 (ok)

In that output, you will want to note the presence of two specific items:

  • A Certification Authority containing “G5”. Note that you may see several CA lines in your output; as long as G5 is included, your server is compliant.
  • A Verify return code of “0 (ok)”.

If both are present, your server is compliant and no further action needs to be taken.

If neither is present, then your server will need to have the G5 certificate bundle installed. All Managed customers may feel free to contact Heroic Support® to have it installed.

NOTE: CentOS 5 (and earlier) is not capable of supporting the new standard. If your server runs CentOS 5 (or earlier), it will need to be upgraded. A member of Heroic Support® will be able to assist.

 

How To Order or Renew an SSL Certificate in Manage

Pre-Flight Check

  • This article assumes that you wish to order an SSL certificate through your Manage customer dashboard, or renew a certificate which you previously ordered through Manage.
  • For new certificates (non-renewals), you will first need to obtain a Certificate Signing Request (CSR). If you prefer, you can easily generate a CSR through cPanel or Plesk.

Ordering an SSL Certificate in Manage

Log into your Manage dashboard at https://manage.liquidweb.com and click on the Create button at the top left, then select SSL Certificate from the list of options.

Order an SSL from Your Manage Dashboard

You then can paste your CSR into the Manual field on the Order an SSL Certificate screen, select the length of time for which you’d like the certificate to be valid and finally click the Purchase SSL Certificate button to order the certificate and have it charged to your card on file.

Adding a CSR in Manage

Should automatic verification fail, you will need to verify the certificate manually.

There are three ways to do this:

  • DNS Record: This method requires you to add a text record (TXT) to the authoritative DNS zone file for the domain. If the site is using Liquid Web nameservers you can do this in Manage by clicking on Domains in the left menu and then selecting the DNS tab.
  • HTML Meta Tag: Requires you to add a meta tag into the head section of the index page on your web site.
  • E-Mail: An automated email will be sent to an authoritative address for the domain containing a link which you can click on to verify the certificate. Please note that the email verification option does not allow you to specify a custom address to which the verification email will be sent, you must choose from among a list of addresses considered to be authoritative, such as webmaster@, admin@, administrator@, etc.

To use one of the manual verification methods, you will need to obtain the verification data to add to the site’s DNS record or site code, or specify the email address to which the verification link will be sent.

To do that, click on Overview in the left menu of your Manage dashboard, click on SSL Certificates under the Services section and then click the Dashboard button.

Click on your domain name and change the Method under the Verification section to your desired method: DNS Record, HTML Meta Tag or E-Mail.

Changing the verification type will show you the record expected for that method, or allow you to select the email address to which the verification link will be sent. Again, please note that the email verification option does not allow you to specify a custom address to which the verification email will be sent, you must choose from among a list of addresses considered to be authoritative, such as webmaster@, admin@, administrator@, etc.

Once verified, the SSL certificate will need to be installed on your domain. To do so, follow our guides for cPanel or Plesk.

Renewing an SSL Certificate in Manage

To renew an SSL certificate which you previously ordered via Manage, log in and click SSL Certificates under Services near the bottom of the page. Then click the “Dashboard” button:

managessldashboard

A “Renew” button will be located to the far right of the domain name covered by the SSL Certificate.

Manage SSL Renew

As with new a new order, select the length of time for which you’d like the certificate to be valid and complete the order.

Once the SSL has been renewed, it will need to be installed on your domain. To do so, follow our guides for cPanel or Plesk.
 

How To Generate and Renew Let’s Encrypt SSL Certificates in Plesk 12.5

Let’s Encrypt is a free, automated, and open certificate authority from the Internet Security Research Group (ISRG). It enables anyone to install a free trusted SSL certificate on their website and benefit from the enhanced security an encrypted connection provides. Unlike a self-signed SSL certificate, which also is free and secure (but not verified), a Let’s Encrypt certificate is recognized as fully verified and will display the padlock icon in the address bar of modern browsers.

Beginning with version 12.5, Plesk provides access to both a plugin which interfaces with the Let’s Encrypt CLI client and an extension for use within Plesk. Please note that Plesk’s support for Let’s Encrypt applies to some Linux distributions as well as Windows, and while these instructions may also apply to a Linux server running CentOS 6 or higher, additional configuration beyond the scope of this article may be necessary.

Pre-Flight Check

  • This article is specifically intended for enabling the Let’s Encrypt extension in Plesk 12.5 on a Windows server.
  • You will need to log into Plesk as an Administrator. In this tutorial, we’re using Plesk’s Power User view, but instructions for the Service Provider view are included alongside each step.
  • The domain name on which you want to install a Let’s Encrypt SSL certificate must resolve in a browser (even if it has no content). You won’t be able to obtain a Let’s Encrypt on a domain name that does not pass validation.
  • If you prefer to use a standard paid SSL certificate, you may refer to our article Windows: How to Generate a CSR and Install an SSL in Plesk.

Step #1: Enable the Let’s Encrypt Extension

  1. Log into Plesk as an Administrator and click on the Extensions menu item, then click the Extensions Catalog button.
    If you’re using the Service Provider view, Extensions is under the Server Management menu item.
  2. In the Extensions Catalog, click the Install button next to Let’s Encrypt to install the extension:

    1ExtMgmtCatalogLetsEncrypt

  3. Once the extension has installed successfully, you will be returned to the main Extensions page, where you’ll see Let’s Encrypt listed:

    2LEInstalled

Step #2: Install the Let’s Encrypt SSL Certificate on Your Domain

  1. Click the Websites & Domains item in Plesk’s main menu, and click on the Let’s Encrypt menu item:
    If you’re using the Service Provider view, Domains is listed under the Hosting Services menu item. You’ll need to click on the domain name to access the screen below.

    3OnSite

  2. Enter a valid email address in the field and check the box next to Include www … if you want the SSL certificate to cover the domain both with and without the “www” prefix, and then click the Install button.
    Note: If you do not check the Include www … box, then your certificate will be valid only for yourdomain.com. If you do check the box, both yourdomain.com and www.yourdomain.com will be covered.

    4InstallSSL

  3. Once installed, you will be returned to the previous page where a success message will let you know the process is completed.

    5certinstalled

    If the process was not successful, check that the domain name you entered is valid. The domain name you entered in the Let’s Encrypt request form must:

    • be spelled correctly.
    • be registered and active.
    • resolve in a browser.

    If you have just created or added the domain to your server, make sure that you also have added the appropriate DNS records (an A record pointing to your server IP, at a minimum), and give any recent DNS changes time to propagate.

  4. From the Websites & Domains menu page, click on the Hosting Settings link for your domain and ensure that the SSL support box is checked under the Section, and that the Let’s Encrypt SSL certificate is selected as shown below:
    If you’re using the Service Provider view, Domains is listed under the Hosting Services menu item. You’ll need to click on the domain name, then Hosting Settings.

    6hostingsettings

Step #3: Renewing Your Let’s Encrypt SSL Certificate in Plesk

Plesk’s Let’s Encrypt extension makes renewals easy. As long as you generated and installed the SSL certificate using the extension as outlined above, Plesk will automatically renew the certificates with no further action on your part.

By default, Let’s Encrypt SSL certificates are valid for 90 days, but Plesk will automatically renew them once a month as recommended by Let’s Encrypt’s developers. The shorter renewal period helps guarantee your security and the process should be completely transparent to you and your site’s visitors. As a bonus, should a renewal attempt fail for any reason, you won’t run the risk of having to race the clock while troubleshooting the failure.

Should you ever need to renew a certificate manually, you can do that from the domain’s Let’s Encrypt menu item under Websites & Domains; the Install button text will change to read Renew if a certificate is already installed.
 

How to Generate a CSR and Install an SSL in Plesk

Pre-Flight Check

  • This article is specifically intended for generating a Certificate Signing Request and installing a standard SSL certificate on a Windows server running Plesk.
  • We’ll walk through ordering the SSL via Liquid Web’s Manage interface, but you can use the CSR you generate in Plesk to purchase an SSL from the vendor of your choice.
  • If your Windows server is running Plesk 12.5 or higher, you can check out our tutorial on Using Let’s Encrypt SSL Certificates with Plesk 12.5.

Step #1: Generate a Certificate Signing Request in Plesk

  1. Log into Plesk.
  2. Select Domains from the main menu and click on the domain name to access its settings page.
  3. Click on SSL Certificates to bring up the SSL certificate page:

    WinPleskSSL1

  4. Now click the blue Add SSL Certificate button:

    WinPleskSSL2

  5. Fill out the request form and then press the Request button:

    WinPleskSSL3

    While the fields are self-explanatory, pay special attention to these three required fields:

    • Certificate name: This is how the certificate will be displayed in Plesk. To make it easier to identify later, you’ll likely want to use the domain name.
    • Domain name: If you want your SSL certificate to cover the domain with and without the “www”, you must enter the “www” version here.
      • A certificate for www.yourdomainname.com will cover both yourdomainname.com and www.yourdomainname.com.
      • A certificate for yourdomainname.com will only apply to yourdomainname.com.
    • Email: Plesk will email the CSR and details to this address, although we will walk through retrieving the CSR directly from Plesk in the next step.
  6. Upon submitting the form, you’ll be redirected to the domain’s SSL Certificates page. Click on the certificate name (“Sample” in this example) to return to the certificates page, where you’ll be able to copy the CSR:

    WinPleskSSL4

  7. On the SSL Certificates page for the domain, scroll down to the section labeled CSR, and copy all the text contained in that field:

    WinPleskSSL5

    Important: Leave this window up, as you will return to it once you have ordered and obtained the certificate. You will paste the certificate into the Upload the certificate as text field just above the CSR section on this same page.

Step #2: Order the SSL Certificate in Manage

  1. In a new browser window or tab, log into your Liquid Web Manage dashboard.
  2. Click on the Create button near the top left of the page and select SSL Certificate:

    WinPleskSSL6

  3. On the Order an SSL Certificate page, paste the CSR you copied from Plesk into the Certificate Signing Request (CSR) field.

    WinPleskSSL7

    The CSR Details section will populate with the information you entered in Plesk.

    • Review the CSR details. If you need to correct any errors, go back to Step One and re-generate the CSR.
    • Select the length of time for which you’d like the certificate to be valid.
    • Select a Verification Method. Typically you will want to leave this set to “Automatic”.
    • Click the Purchase SSL Certificate button to order the certificate and have it charged to your card on file.

Step #3: Verify and Obtain your SSL Certificate

  1. Your SSL certificate is accessible from your Manage dashboard.
    • Click on Overview in the left menu of your Manage dashboard.
    • Click on SSL Certificates under the Services section.
    • Click the [ + ] button next to the domain name to expand the window.
    • Click the Dashboard button to access the SSL dashboard.
  2. If automatic verification was successful, you will see a green button next to Verified in the Status column. If automatic verification failed, follow the instructions for verifying the SSL via DNS record, HTML meta tag, or email at Installing an SSL Certificate.
  3. Once the certificate status is displayed as Verified, click the link labeled X509 Certificate to pop up a window containing the certificate. You will need to copy the contents of the certificate in that popup before returning to your Plesk browser window or tab.
    Important: Leave this window up, as you may need to return to it to copy and paste the Intermediate Bundle from this screen into the CA Certificate field in Plesk.

    WinPleskSSL8

Step #4: Install the SSL Certificate in Plesk

  1. Now return to the Plesk browser window or tab you left open in Step #1, and paste the certificate into the Upload the certificate as text field just above the CSR.

    If the CA certificate does not fill in automatically, you will need to copy the Intermediate Bundle from the Manage browser window or tab you left open in Step #3 into the CA certificate field.

    WinPleskSSL9

  2. Now click the Upload Certificate button to add the certificate.

Step #5: Configure the Domain to Use SSL

Now that the SSL certificate is uploaded, all that remains is to enable SSL support for the domain.

  1. In the Plesk menu, click on Websites & Domains.
  2. Click on the domain name.
  3. Click on Hosting Settings.
  4. Scroll down to the Security section, select the certificate to use and check the box next to SSL support.

    WinPleskSSL9

 

How to Install Varnish on Fedora 21

Varnish is a proxy and cache, or HTTP accelerator, designed to improve performance for busy, dynamic web sites. By redirecting traffic to static pages whenever possible, varnish reduces the number of dynamic page calls, thus reducing load.

Pre-Flight Check
  • These instructions are intended specifically for installing the Varnish on Fedora 21.
  • I’ll be working from a Liquid Web Self Managed Fedora 21 server with HTTPD and PHP already installed, configured, and running, and I’ll be logged in as root.

Continue reading “How to Install Varnish on Fedora 21”

How to Install Varnish on Fedora 20

Varnish is a proxy and cache, or HTTP accelerator, designed to improve performance for busy, dynamic web sites. By redirecting traffic to static pages whenever possible, varnish reduces the number of dynamic page calls, thus reducing load.

Pre-Flight Check
  • These instructions are intended specifically for installing the Varnish on Fedora 20.
  • I’ll be working from a Liquid Web Self Managed Fedora 20 server with HTTPD and PHP already installed, configured, and running, and I’ll be logged in as root.

Continue reading “How to Install Varnish on Fedora 20”