01-07-2019, 10:36 PM
@"Hidden Refuge"
BACKGROUND TO QUESTION ABOUT LET'S ENCRYPT WILDCARD CERTIFICATE
I've been working many hours on a WHM/cPanel today. The server has an absentee owner and looks as though it has been set to automatically renew. The owner hasn't been in touch since 2016. In 2015 January, after a double disk failure the month before, he provided me with all of the server info and asked me to take care of it. It has had a very impressive up time since then - note the first reboot was at the time of the handover of the panel to me on 2 January 2015:
We've tried to get in touch with the owner repeatedly since then, unsuccessfully. We're still trying. When he handed the Panel to me in 2015 I spent hours with setting it up as securely as possible. I also put it on automatic updates, and you can't imagine how careful I am as it's not my panel. I very rarely if ever go into root. It's been like that now for three years - going into the fourth.
Long story short. I really thought the server would not renew during it's renewal month this January since the Forum went under in May 2018. I thought the owner would logically give up on the server too but maybe it's on indefinite renewal? First sign that it may be renewed was the host domain got renewed at the last moment on 3rd January. The host domain is also very important as it has two name servers. Unfortunately then what happened - real bad luck - was Namecheap reset the DNS of the host domain to Namecheap's name servers - probably because the domain was renewed at the last minute - and since the owner is the only one with access to the Domain Registrar we were stuck. So the host domain was no longer pointing to the VPS. That meant that the services that were connected with the host domain - such as e-mail went down. Fortunately there were four name servers. So two name servers were still working. I was still able to access WHM and cPanel. With no problem at all.
So today I took the initiative and used my own domain to replace the host domain. I created two name servers at my Registrar Namecheap with the IPs of the previous host domain name servers. All of that went well. DNS propagated almost immediately like magic. WHM with one of its many tips then recommended after the host domain change to do a graceful reboot - my very first ever - so I did that. That was also quite a learning curve. As the reboot went on for hours - or it looked that way in the WHM window, however apparently when one does the graceful reboot, then WHM disconnects the server - which makes sense when one thinks logically about it - it continues with "reboot in process" for ever but is in actual fact no longer connected. Must say Google is very helpful as a nice person communicated all of that info and advised people to check this by checking the server up time with root SSH as well as last reboots. By the time I did that the server had already been online again for over 3 hours.
OK now for the reason of this post. I managed to set up self-signed certificates for the new host domain services through WHM Server Configuration/Manage Services SSL certificates. It still showed the old host domain and certificates when I first accessed that WHM tool. Took me a while to figure out that with the reset tool link it will automatically show the new host domain, and create a self-signed certificate for the new domain. I was happy once that was set up. Was quite impressed with the expiry date of 1 July 2020. But of course those self-signed certificates are now showing ugly red browser warnings that don't look very attractive. WHM also warns that the self-signed certificates should be temporary only. They expect you to get CA ones. Which brings me to a new learning project.
QUESTIONS
1. So next learning project is how can I create a free certificate for the host domain? Can I use your tutorial on Let's Encrypt Wildcard Certificates to generate SSL for the host domain? Or is the host domain treated differently? Is the Let's Encrypt Wild Card SSL the best solution use for installing the host domain services certificates?
2. One thing I'd be nervous to do is update the OS - I don't have access to a panel other than WHM and the VPS host will only talk to the absentee owner - if the OS breaks I guess it's end of story. What is the worst that can happen if I go for the yum update of Centos? The VPS is currently running on Centos 6.10
3. Next command that puzzles me a little is that the host domain is host.domain.net. So should I use domain.net when I generate the wildcard SSL as suggested by you, or host.domain.net?
4. Maybe you've already covered this and I missed it. But how long is the wild card certificate valid for?
BACKGROUND TO QUESTION ABOUT LET'S ENCRYPT WILDCARD CERTIFICATE
I've been working many hours on a WHM/cPanel today. The server has an absentee owner and looks as though it has been set to automatically renew. The owner hasn't been in touch since 2016. In 2015 January, after a double disk failure the month before, he provided me with all of the server info and asked me to take care of it. It has had a very impressive up time since then - note the first reboot was at the time of the handover of the panel to me on 2 January 2015:
We've tried to get in touch with the owner repeatedly since then, unsuccessfully. We're still trying. When he handed the Panel to me in 2015 I spent hours with setting it up as securely as possible. I also put it on automatic updates, and you can't imagine how careful I am as it's not my panel. I very rarely if ever go into root. It's been like that now for three years - going into the fourth.
Long story short. I really thought the server would not renew during it's renewal month this January since the Forum went under in May 2018. I thought the owner would logically give up on the server too but maybe it's on indefinite renewal? First sign that it may be renewed was the host domain got renewed at the last moment on 3rd January. The host domain is also very important as it has two name servers. Unfortunately then what happened - real bad luck - was Namecheap reset the DNS of the host domain to Namecheap's name servers - probably because the domain was renewed at the last minute - and since the owner is the only one with access to the Domain Registrar we were stuck. So the host domain was no longer pointing to the VPS. That meant that the services that were connected with the host domain - such as e-mail went down. Fortunately there were four name servers. So two name servers were still working. I was still able to access WHM and cPanel. With no problem at all.
So today I took the initiative and used my own domain to replace the host domain. I created two name servers at my Registrar Namecheap with the IPs of the previous host domain name servers. All of that went well. DNS propagated almost immediately like magic. WHM with one of its many tips then recommended after the host domain change to do a graceful reboot - my very first ever - so I did that. That was also quite a learning curve. As the reboot went on for hours - or it looked that way in the WHM window, however apparently when one does the graceful reboot, then WHM disconnects the server - which makes sense when one thinks logically about it - it continues with "reboot in process" for ever but is in actual fact no longer connected. Must say Google is very helpful as a nice person communicated all of that info and advised people to check this by checking the server up time with root SSH as well as last reboots. By the time I did that the server had already been online again for over 3 hours.
OK now for the reason of this post. I managed to set up self-signed certificates for the new host domain services through WHM Server Configuration/Manage Services SSL certificates. It still showed the old host domain and certificates when I first accessed that WHM tool. Took me a while to figure out that with the reset tool link it will automatically show the new host domain, and create a self-signed certificate for the new domain. I was happy once that was set up. Was quite impressed with the expiry date of 1 July 2020. But of course those self-signed certificates are now showing ugly red browser warnings that don't look very attractive. WHM also warns that the self-signed certificates should be temporary only. They expect you to get CA ones. Which brings me to a new learning project.
QUESTIONS
1. So next learning project is how can I create a free certificate for the host domain? Can I use your tutorial on Let's Encrypt Wildcard Certificates to generate SSL for the host domain? Or is the host domain treated differently? Is the Let's Encrypt Wild Card SSL the best solution use for installing the host domain services certificates?
2. One thing I'd be nervous to do is update the OS - I don't have access to a panel other than WHM and the VPS host will only talk to the absentee owner - if the OS breaks I guess it's end of story. What is the worst that can happen if I go for the yum update of Centos? The VPS is currently running on Centos 6.10
3. Next command that puzzles me a little is that the host domain is host.domain.net. So should I use domain.net when I generate the wildcard SSL as suggested by you, or host.domain.net?
4. Maybe you've already covered this and I missed it. But how long is the wild card certificate valid for?