How To Order or Renew an SSL Certificate in Manage

Pre-Flight Check

  • This article assumes that you wish to order an SSL certificate through your Manage customer dashboard, or renew a certificate which you previously ordered through Manage.
  • For new certificates (non-renewals), you will first need to obtain a Certificate Signing Request (CSR). If you prefer, you can easily generate a CSR through cPanel or Plesk.

Ordering an SSL Certificate in Manage

Log into your Manage dashboard at https://manage.liquidweb.com and click on the Create button at the top left, then select SSL Certificate from the list of options. Continue reading “How To Order or Renew an SSL Certificate in Manage”

How To Set up Domain Redirects in cPanel

  1. This tutorial assumes you’ve already logged in to cPanel, and are starting on the home screen.cpanel-paperlantern-24-redirect--01
  2. Now let’s learn how to setup domain redirects.cpanel-paperlantern-24-redirect--02
  3. Click the “Redirects” icon.cpanel-paperlantern-24-redirect--03
  4. Choose whether you want this redirect to be temporary or permanent.cpanel-paperlantern-24-redirect--04
  5. Then enter the URL you want to redirect.cpanel-paperlantern-24-redirect--05
  6. Then enter the destination URL… where you want visitors to be redirected to.cpanel-paperlantern-24-redirect--06
  7. When ready, click “Add”.cpanel-paperlantern-24-redirect--07
  8. That’s it! The redirect has been created.

 

How To Generate and Renew Let’s Encrypt SSL Certificates in Plesk 12.5

Let’s Encrypt is a free, automated, and open certificate authority from the Internet Security Research Group (ISRG). It enables anyone to install a free trusted SSL certificate on their website and benefit from the enhanced security an encrypted connection provides. Unlike a self-signed SSL certificate, which also is free and secure (but not verified), a Let’s Encrypt certificate is recognized as fully verified and will display the padlock icon in the address bar of modern browsers.

Beginning with version 12.5, Plesk provides access to both a plugin which interfaces with the Let’s Encrypt CLI client and an extension for use within Plesk. Please note that Plesk’s support for Let’s Encrypt applies to some Linux distributions as well as Windows, and while these instructions may also apply to a Linux server running CentOS 6 or higher, additional configuration beyond the scope of this article may be necessary. Continue reading “How To Generate and Renew Let’s Encrypt SSL Certificates in Plesk 12.5”

How to Generate a CSR and Install an SSL in Plesk

Pre-Flight Check

  • This article is specifically intended for generating a Certificate Signing Request and installing a standard SSL certificate on a Windows server running Plesk.
  • We’ll walk through ordering the SSL via Liquid Web’s Manage interface, but you can use the CSR you generate in Plesk to purchase an SSL from the vendor of your choice.
  • If your Windows server is running Plesk 12.5 or higher, you can check out our tutorial on Using Let’s Encrypt SSL Certificates with Plesk 12.5.

Step #1: Generate a Certificate Signing Request in Plesk

  1. Log into Plesk.
  2. Select Domains from the main menu and click on the domain name to access its settings page.
  3. Click on SSL Certificates to bring up the SSL certificate page:

    WinPleskSSL1

  4. Now click the blue Add SSL Certificate button:

    WinPleskSSL2

  5. Fill out the request form and then press the Request button:

    WinPleskSSL3

    While the fields are self-explanatory, pay special attention to these three required fields:

    • Certificate name: This is how the certificate will be displayed in Plesk. To make it easier to identify later, you’ll likely want to use the domain name.
    • Domain name: If you want your SSL certificate to cover the domain with and without the “www”, you must enter the “www” version here.
      • A certificate for www.yourdomainname.com will cover both yourdomainname.com and www.yourdomainname.com.
      • A certificate for yourdomainname.com will only apply to yourdomainname.com.
    • Email: Plesk will email the CSR and details to this address, although we will walk through retrieving the CSR directly from Plesk in the next step.
  6. Upon submitting the form, you’ll be redirected to the domain’s SSL Certificates page. Click on the certificate name (“Sample” in this example) to return to the certificates page, where you’ll be able to copy the CSR:

    WinPleskSSL4

  7. On the SSL Certificates page for the domain, scroll down to the section labeled CSR, and copy all the text contained in that field:

    WinPleskSSL5

    Important: Leave this window up, as you will return to it once you have ordered and obtained the certificate. You will paste the certificate into the Upload the certificate as text field just above the CSR section on this same page.

Step #2: Order the SSL Certificate in Manage

  1. In a new browser window or tab, log into your Liquid Web Manage dashboard.
  2. Click on the Create button near the top left of the page and select SSL Certificate:

    WinPleskSSL6

  3. On the Order an SSL Certificate page, paste the CSR you copied from Plesk into the Certificate Signing Request (CSR) field.

    WinPleskSSL7

    The CSR Details section will populate with the information you entered in Plesk.

    • Review the CSR details. If you need to correct any errors, go back to Step One and re-generate the CSR.
    • Select the length of time for which you’d like the certificate to be valid.
    • Select a Verification Method. Typically you will want to leave this set to “Automatic”.
    • Click the Purchase SSL Certificate button to order the certificate and have it charged to your card on file.

Step #3: Verify and Obtain your SSL Certificate

  1. Your SSL certificate is accessible from your Manage dashboard.
    • Click on Overview in the left menu of your Manage dashboard.
    • Click on SSL Certificates under the Services section.
    • Click the [ + ] button next to the domain name to expand the window.
    • Click the Dashboard button to access the SSL dashboard.
  2. If automatic verification was successful, you will see a green button next to Verified in the Status column. If automatic verification failed, follow the instructions for verifying the SSL via DNS record, HTML meta tag, or email at Installing an SSL Certificate.
  3. Once the certificate status is displayed as Verified, click the link labeled X509 Certificate to pop up a window containing the certificate. You will need to copy the contents of the certificate in that popup before returning to your Plesk browser window or tab.
    Important: Leave this window up, as you may need to return to it to copy and paste the Intermediate Bundle from this screen into the CA Certificate field in Plesk.

    WinPleskSSL8

Step #4: Install the SSL Certificate in Plesk

  1. Now return to the Plesk browser window or tab you left open in Step #1, and paste the certificate into the Upload the certificate as text field just above the CSR.

    If the CA certificate does not fill in automatically, you will need to copy the Intermediate Bundle from the Manage browser window or tab you left open in Step #3 into the CA certificate field.

    WinPleskSSL9

  2. Now click the Upload Certificate button to add the certificate.

Step #5: Configure the Domain to Use SSL

Now that the SSL certificate is uploaded, all that remains is to enable SSL support for the domain.

  1. In the Plesk menu, click on Websites & Domains.
  2. Click on the domain name.
  3. Click on Hosting Settings.
  4. Scroll down to the Security section, select the certificate to use and check the box next to SSL support.

    WinPleskSSL9

 

Is Your cPanel Server Protected Against CVE-2016-0800 (DROWN)?

Overview

A new flaw has been found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker could theoretically exploit this vulnerability to bypass RSA encryption, even when connecting via a newer protocol version, if the server also supports the older SSLv2 standard.

Impact

As a result of several similar but unrelated vulnerabilities, including POODLE, most server administrators already have removed support for SSLv2 and other weak ciphers. For instance, cPanel removed SSLv2 support on core services by default beginning with version 11.44 in 2014.

Servers running older, End-of-Life operating systems may still support SSLv2.

Test: Does Your Server Support SSLv2?

To test whether your web server supports SSLv2, you can run this command from a terminal on a Linux or Mac OS X, substituting your domain name for the example below:

openssl s_client -connect www.yourdomainname.com:443 -ssl2

If the server is not vulnerable, the output of that command should include “ssl handshake failed” as seen in the example below. Note that your output will be different, but as long as you see ssl handshake failed somewhere in the output, you’re protected:

[root@host]# openssl s_client -connect www.yourdomainname.com:443 -ssl2
CONNECTED(00000003)
95090:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-59/src/ssl/s2_pkt.c:427:

You can test SSLv2 support on other services by substituting the secure http port (443 in the command above), with the appropriate port for the service you’re testing (note that these are the default ports; if you’ve changed the port a service runs on, you’ll want to use that value):

  • WHM: 2087
  • cPanel: 2083
  • Secure SMTP (Exim): 465
  • Secure IMAP: 993
  • Secure POP3: 995
  • Secure Webmail: 2096
  • Secure WebDisk: 2078

If you’re using a different operating system or are otherwise unable to check the server directly, you also may visit a test site such as drownattack.com and enter your site’s URL into the test field.

If your server fails any of the tests listed above and you’re not able to update cPanel to the latest version, feel free to contact Heroic Support® for assistance.
 

How To Modify an Existing Email Account in Thunderbird

Pre-Flight Check

  • These instructions are intended specifically for setting up an email account in Mozilla Thunderbird 38.3.0 on Mac OS X 10.11.1.
  • While the steps should be similar across platforms and operating systems, they may not necessarily apply to older versions of Thunderbird.
  • For help with general email account settings, see How to Set up Any Email Client.

You can edit an email account that already has been configured in Thunderbird, for example should you decide to switch between non-SSL and SSL settings or change the server’s connection port. You change the connection type between standard (non-SSL) and secure (SSL) by changing the hostname and port for the incoming and outgoing servers.

Note: You cannot edit an existing email account to switch its account type from POP3 to IMAP or vice versa. To change the account type, you must add a new account of the desired type (POP3 or IMAP). Adding a new account with a different connection type should not require you to delete the old one in most mail clients.

To avoid data loss, please use caution any time you change an email account’s connection type or delete an email account. Removing an email account from a mail client also will remove all messages associated with it on the device and, specifically in the case of POP accounts that are not configured to retain mail on the server, there may be no way to recover those messages. If you have any doubt or questions, please feel free to contact Heroic Support® for guidance.

Step #1: Edit Incoming Server Settings

  1. To edit the incoming server, select your email address in the left pane and then click on View settings for this account in the main window.
  2. In the account settings window, click on Server Settings to update the Server Name and Port.incomingedit
    • Server Name
      • SSL settings will use the server’s hostname (e.g., host.yourdomainname.com)
      • Standard non-SSL settings will use the domain name (yourdomainname.com or mail.yourdomainname.com).
    • Port
      • SSL settings will use Port 993 for IMAP and Port 995 for POP3.
      • Standard non-SSL settings will use Port 143 for IMAP and Port 110 for POP3.

Step #2: Edit Outgoing Server Settings

  1. To edit the outgoing server settings, click on Outgoing Server (SMTP) in the left pane, select your outgoing server and click the Edit button.editoutgoing
  2. You can edit the server name and port in the popup window.out2
    • Server Name
      • SSL settings will use the server’s hostname (e.g., host.yourdomainname.com)
      • Standard non-SSL settings will use the domain name (yourdomainname.com or mail.yourdomainname.com).
    • Port
      • SSL settings will use Port 465.
      • Standard non-SSL settings will use Port 587 (depending on your server configuration, you may be able to use Port 25 as well).
  3. Click on the OK button to save the outgoing server settings, then click on OK once more to exit the settings menu and begin using your email account with the new settings.

 

How to Install Varnish on Fedora 21

Varnish is a proxy and cache, or HTTP accelerator, designed to improve performance for busy, dynamic web sites. By redirecting traffic to static pages whenever possible, varnish reduces the number of dynamic page calls, thus reducing load.

Pre-Flight Check
  • These instructions are intended specifically for installing the Varnish on Fedora 21.
  • I’ll be working from a Liquid Web Self Managed Fedora 21 server with HTTPD and PHP already installed, configured, and running, and I’ll be logged in as root.

Continue reading “How to Install Varnish on Fedora 21”

How to Install Varnish on Fedora 20

Varnish is a proxy and cache, or HTTP accelerator, designed to improve performance for busy, dynamic websites. By redirecting traffic to static pages whenever possible, varnish reduces the number of dynamic page calls, thus reducing the load.

Pre-Flight Check
  • These instructions are intended specifically for installing the Varnish on Fedora 20.
  • I’ll be working from a Liquid Web Self Managed Fedora 20 server with HTTPD and PHP already installed, configured, and running, and I’ll be logged in as root.

Continue reading “How to Install Varnish on Fedora 20”

How to Disable SSLv3 for Exim and Protect Your WHM/cPanel Server from POODLE

Your Guide to POODLE and WHM/cPanel
I. How to Disable SSLv3 for Apache and Protect Your WHM/cPanel Server from POODLE
II. How to Disable SSLv3 for Exim and Protect Your WHM/cPanel Server from POODLE

There’s a new POODLE in town, but unfortunately it’s not the kind of pooch you want around. POODLE stands for Padding Oracle On Downgraded Legacy Encryption. It’s an exploit that, although not considered to be as serious as Heartbleed, is one that should still be protected against. For more information read the Google Blog.

Fortunately, protecting your WHM/cPanel server is easy. Just follow the steps below:

Continue reading “How to Disable SSLv3 for Exim and Protect Your WHM/cPanel Server from POODLE”

How to Install Varnish 4 on CentOS 7

Varnish is a proxy and cache, or HTTP accelerator, designed to improve performance for busy, dynamic websites. By redirecting traffic to static pages whenever possible, varnish reduces the number of dynamic page calls, thus reducing the load.

Pre-Flight Check
  • These instructions are intended specifically for installing the Varnish on CentOS 7.
  • I’ll be working from a Liquid Web Self Managed CentOS 7 server, and I’ll be logged in as root.

Continue reading “How to Install Varnish 4 on CentOS 7”